Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Violated Heroine_91zbZ-1.exe

Overview

General Information

Sample name:Violated Heroine_91zbZ-1.exe
Analysis ID:1580037
MD5:6e4c8f2488186375ecc5701ae74a2a19
SHA1:f4765471feb517088c50a085f75264bd43b17b07
SHA256:d45e8203cd5398582a2a13d7f1f4caf7bab60fa6db19db24a2ae99efb0b2fbbc
Tags:exeuser-Gillysuy
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:49
Range:0 - 100

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to infect the boot sector
Contains functionality to prevent local Windows debugging
Creates an undocumented autostart registry key
Found evasive API chain checking for user administrative privileges
Modifies the windows firewall
Possible COM Object hijacking
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Uses netsh to modify the Windows network and firewall settings
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Changes image file execution options
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Disables exception chain validation (SEHOP)
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file contains strange resources
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches the installation path of Mozilla Firefox
Stores large binary data to the registry
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match
query blbeacon for getting browser version

Classification

Process Tree

  • System is w10x64
  • Violated Heroine_91zbZ-1.exe (PID: 6644 cmdline: "C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe" MD5: 6E4C8F2488186375ECC5701AE74A2A19)
    • Violated Heroine_91zbZ-1.tmp (PID: 6692 cmdline: "C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp" /SL5="$1040C,13566766,780800,C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe" MD5: B1F49F39D06B2CFDF18C9C19DAAA4C4F)
      • saBSI.exe (PID: 7096 cmdline: "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US MD5: 143255618462A577DE27286A272584E1)
        • installer.exe (PID: 5812 cmdline: "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: 7DD0FAA9C00391333B2A12D21CA028BF)
          • installer.exe (PID: 480 cmdline: "C:\Program Files\McAfee\Temp2112252202\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade MD5: 9B6FDFBC11B51E810F01598730A002F4)
      • avg_antivirus_free_setup.exe (PID: 6508 cmdline: "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU MD5: 26816AF65F2A3F1C61FB44C682510C97)
        • avg_antivirus_free_online_setup.exe (PID: 2120 cmdline: "C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /ga_clientid:572539a1-d07f-4197-bf4d-89a74f87a492 /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c MD5: 6EBB043BC04784DBC6DF3F4C52391CD0)
          • icarus.exe (PID: 6528 cmdline: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 MD5: A1FFFE3E9589CCFE629EB653F704A659)
            • icarus.exe (PID: 3872 cmdline: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av_slave_ep_f4b941a1-dca3-4c7d-a54f-a0d09edff664 /slave:avg-av MD5: A1FFFE3E9589CCFE629EB653F704A659)
            • icarus.exe (PID: 1612 cmdline: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av-vps_slave_ep_af387ac7-fcda-4980-9da1-7e333e1d25e3 /slave:avg-av-vps MD5: A1FFFE3E9589CCFE629EB653F704A659)
      • norton_secure_browser_setup.exe (PID: 2208 cmdline: "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is" MD5: F269C5140CBC0E376CC7354A801DDD16)
        • NortonBrowserUpdateSetup.exe (PID: 3192 cmdline: NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: 2B07E26D3C33CD96FA825695823BBFA7)
          • NortonBrowserUpdate.exe (PID: 7012 cmdline: "C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 504 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 5808 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 5700 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezE5NzhDRURELUY2RUQtNDc4Qy05RDhDLTgzMTA0OEQ5REY4MH0iIHVzZXJpZD0iezBFMTk2MDUwLURBNzAtNEQyRi04MkE1LUIxQUYyOURDNjRFRn0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyMyIgbWFjaGluZWlkPSJ7MDAwMDlEOTYtNkFDQS0yQzI0LTk0MDgtMTRBMDU2NEZENUJDfSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezczRTFDMDhDLTNBMzQtNDVCNi04OTY1LTZDMEZFQzlFMDgwRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjUzOCIvPjwvYXBwPjwvcmVxdWVzdD4 MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
            • NortonBrowserUpdate.exe (PID: 2056 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{1978CEDD-F6ED-478C-9D8C-831048D9DF80}" /silent MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
      • netsh.exe (PID: 5324 cmdline: "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe "qBittorrent" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 5696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • qbittorrent.exe (PID: 6432 cmdline: "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe" magnet:?xt=urn:btih:8B023433BB140CC755C6B8166CDE023DB44FCFA7 MD5: 22A34900ADA67EAD7E634EB693BD3095)
      • WerFault.exe (PID: 2324 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 964 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 3228 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 2604 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 4088 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5376 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • WerFault.exe (PID: 1716 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6692 -ip 6692 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 1928 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6692 -ip 6692 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • NortonBrowserUpdate.exe (PID: 340 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 5840 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserCrashHandler.exe (PID: 5356 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe" MD5: 1694092D5DE0E0DAEF4C5EA13EA84CAB)
    • NortonBrowserCrashHandler64.exe (PID: 2588 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe" MD5: 09621280025727AB4CB39BD6F6B2C69E)
  • NortonBrowserUpdate.exe (PID: 480 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 5652 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
    • NortonBrowserUpdate.exe (PID: 6240 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • msiexec.exe (PID: 4324 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
  • NortonBrowserUpdate.exe (PID: 2500 cmdline: "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc MD5: BF8FE62DBCD949547AF37EEE4ECE61FC)
  • servicehost.exe (PID: 708 cmdline: "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe" MD5: F7C7039D19E16D05B6194D74E128DFE4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\GUT4AA7.tmpPlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x1f88a8:$Dwork: D:\work
  • 0x1fac58:$Dwork: D:\work
  • 0x1faedc:$Dwork: D:\work
  • 0x2019f8:$Dwork: D:\work
  • 0x201ba0:$Dwork: D:\work
  • 0x201d08:$Dwork: D:\work
  • 0x201de0:$Dwork: D:\work
  • 0x202040:$Dwork: D:\work
  • 0x202160:$Dwork: D:\work
  • 0x202280:$Dwork: D:\work
  • 0x202330:$Dwork: D:\work
  • 0x2db910:$Dwork: D:\work
  • 0x2dba38:$Dwork: D:\work
  • 0x2dbba0:$Dwork: D:\work
  • 0x2dbd88:$Dwork: D:\work
  • 0x2dbe78:$Dwork: D:\work
  • 0x2dbff8:$Dwork: D:\work
  • 0x2dc118:$Dwork: D:\work
  • 0x2dc1c8:$Dwork: D:\work
  • 0x4ed054:$Dwork: D:\work
  • 0x4ed0b0:$Dwork: D:\work

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: NortonBrowserUpdateSetup.exe PID: 3192PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x1f435:$Dwork: D:\work
  • 0x21ca4:$Dwork: D:\work
  • 0x24ac9:$Dwork: D:\work
  • 0x24b86:$Dwork: D:\work
  • 0x25e19:$Dwork: D:\work
  • 0x25f34:$Dwork: D:\work
  • 0x26178:$Dwork: D:\work
  • 0x261c6:$Dwork: D:\work
  • 0x26263:$Dwork: D:\work
  • 0x2c4c0:$Dwork: D:\work
  • 0x32a1d:$Dwork: D:\work
  • 0x32bb8:$Dwork: D:\work
  • 0x337b2:$Dwork: D:\work
  • 0x33d1c:$Dwork: D:\work
  • 0x33f8e:$Dwork: D:\work
  • 0x340f2:$Dwork: D:\work
  • 0x37928:$Dwork: D:\work
  • 0x37ac0:$Dwork: D:\work
  • 0x37c17:$Dwork: D:\work
  • 0x37ce5:$Dwork: D:\work
  • 0x380b8:$Dwork: D:\work
Process Memory Space: NortonBrowserUpdate.exe PID: 7012PlugXStringsPlugX Identifying StringsSeth Hardy
  • 0x5f258:$Dwork: D:\work
  • 0x5f2db:$Dwork: D:\work
  • 0x5fc35:$Dwork: D:\work
  • 0x5fd8c:$Dwork: D:\work
  • 0x5fe60:$Dwork: D:\work
  • 0x5ffb4:$Dwork: D:\work
  • 0x6015b:$Dwork: D:\work
  • 0x60245:$Dwork: D:\work
  • 0x6034d:$Dwork: D:\work
  • 0x60433:$Dwork: D:\work
  • 0x61937:$Dwork: D:\work
  • 0x619ba:$Dwork: D:\work
  • 0x66223:$Dwork: D:\work
  • 0x6637a:$Dwork: D:\work
  • 0x6644e:$Dwork: D:\work
  • 0x665a2:$Dwork: D:\work
  • 0x66749:$Dwork: D:\work
  • 0x66833:$Dwork: D:\work
  • 0x66a21:$Dwork: D:\work
  • 0x66b07:$Dwork: D:\work
  • 0x66c65:$Dwork: D:\work

Sigma Signatures

System Summary

barindex
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 4088, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: Violated Heroine_91zbZ-1.exeAvira: detected
Multi AV Scanner detection for submitted file
Source: Violated Heroine_91zbZ-1.exeReversingLabs: Detection: 23%
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003A14F0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CryptMsgGetParam,CertFreeCRLContext,CertFreeCRLContext,5_2_003A14F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003A17A0 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptQueryObject,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,5_2_003A17A0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00355870 GetCurrentProcessId,GetCurrentThreadId,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,CreateFileW,UuidCreate,UuidCreate,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,5_2_00355870
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00356220 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_00356220
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0038E610 CryptMsgClose,5_2_0038E610
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003567B0 GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_003567B0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0038EB60 CryptQueryObject,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptQueryObject,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CryptMsgClose,CertCloseStore,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,CryptMsgClose,CertCloseStore,5_2_0038EB60
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0038F150 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertFreeCRLContext,5_2_0038F150
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0038F3C0 CryptMsgGetParam,CryptMsgGetParam,CryptMsgGetParam,CertGetSubjectCertificateFromStore,CertGetNameStringW,CertGetNameStringW,CertGetCertificateChain,CertFreeCertificateChain,CertFreeCertificateChain,CertVerifyCertificateChainPolicy,CertFreeCertificateChain,CertFreeCRLContext,CertFreeCRLContext,5_2_0038F3C0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C2B0E0 CryptDestroyHash,CryptDestroyHash,6_2_00C2B0E0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C282F0 CryptDestroyHash,6_2_00C282F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C29250 CryptGenRandom,GetLastError,__CxxThrowException@8,6_2_00C29250
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C29450 CryptCreateHash,CryptDestroyHash,GetLastError,__CxxThrowException@8,6_2_00C29450
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C28DC0 lstrcatA,CryptAcquireContextA,CryptReleaseContext,GetLastError,__CxxThrowException@8,CryptReleaseContext,6_2_00C28DC0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C29020 CryptCreateHash,CryptDestroyHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,6_2_00C29020
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C28260 CryptDestroyHash,6_2_00C28260
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C29340 CryptGetHashParam,CryptGetHashParam,GetLastError,__CxxThrowException@8,GetLastError,__CxxThrowException@8,6_2_00C29340
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C294D0 CryptHashData,GetLastError,__CxxThrowException@8,6_2_00C294D0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C28EF0 CryptReleaseContext,6_2_00C28EF0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C42660 CryptReleaseContext,6_2_00C42660
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008F09E0 CryptProtectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,CryptUnprotectData,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,8_2_008F09E0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008BDF30 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GlobalMemoryStatusEx,GetDiskFreeSpaceExW,GetSystemTimes,QueryPerformanceCounter,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,8_2_008BDF30
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_62fe444c-9

Compliance

barindex
Uses 32bit PE files
Source: Violated Heroine_91zbZ-1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Creates a directory in C:\Program Files
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus\avg-av
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Overseer
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\asw6f647d2b80e600d5.tmp
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\config.def.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\onnxruntime.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Boost.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\brotli.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cef.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cURL.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\GSL.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\ICU.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\jansson.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LUA.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mhook.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\zlib.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashQuick.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashUpd.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAux.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswDld.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommChannel.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\streamback.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ntp_time.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\sched.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngLdr.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngSrv.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswLog.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswProperty.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswPropertyAv.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswW8ntf.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\uet_client.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\anen.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\perfstats.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommonRes.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswSqLt.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\VisthAux.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswChLic.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswIP.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRvrt.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\log.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\burger_client.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\tasks_core.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\task_performance_logger.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\process_monitor.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\serialization.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing_rpc.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_burger.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_ga.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_er.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ffl2.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\browser_pass.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\vaarclient.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\module_lifetime.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dll_loader.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shepherdsync.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\fltlib_wrapper.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGSvc.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AavmRpch.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgBoot.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\firefox_pass.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAMSI.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswBrowser.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.manifest.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvEmUpdate.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SupportTool.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\nos.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAvBootTimeScanShMin.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\OobeUtil.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140u.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140u.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\crts.cat.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\concrt140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_1.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_2.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vccorlib140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\API-MS-Win-core-xstate-l2-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\concrt140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_1.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_2.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\ucrtbase.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vccorlib140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\HTMLayout.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvLaunch.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGUI.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvConsent.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\jsbridge.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgKbd.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgNetHub.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libssl-3-x64.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcrypto-3-x64.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\protobuf.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRdr2.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgMonFlt.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSP.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRvrt.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgElam.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsh.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbuniv.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswavdetection.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswcomm.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswdetallocator.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswntsqlite.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswpsic.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswremoval.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswsecapi.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswwinamapi.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgStm.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\RegSvr.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswRunDll.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AvDump.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRunDll.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RegSvr.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvBugReport.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvDump.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SetupInf.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\overseer.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswVmm.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgVmm.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_100_percent.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_200_percent.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\resources.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\icudtl.dat.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\am.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ar.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bg.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bn.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ca.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\cs.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\da.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\de.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\el.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-GB.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-US.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es-419.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\et.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fa.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fi.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fil.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fr.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\gu.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\he.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hi.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hr.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hu.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\id.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\it.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ja.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\kn.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ko.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lt.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lv.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ml.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\mr.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ms.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nb.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nl.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pl.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-BR.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-PT.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ro.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ru.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sk.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sl.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sr.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sv.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sw.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ta.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\te.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\th.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\tr.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\uk.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\vi.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-CN.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-TW.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libEGL.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libGLESv2.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_elf.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcef.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\d3dcompiler_47.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libEGL.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libGLESv2.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snapshot_blob.bin.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\v8_context_snapshot.bin.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\about.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiRansomware.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiTrack.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ask.ogg.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetection.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetectionWindow.html.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserExtensions.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\core.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\darkWebMonitor.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dashboard.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dataShredder.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\done.ogg.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\doNotDisturb.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\driverUpdater.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\feedbackForm.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\firewall.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\help.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\i18n.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\kin.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\libs.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-cs.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-da.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-de.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en_GB.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-es_ES.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fi.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fr.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-hu.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-id.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-it.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ja.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ko.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ms.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nb.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nl.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pl.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_BR.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_PT.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ru.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sk.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sr_CS.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sv_SE.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-tr.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_CN.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_TW.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss_light.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainFont.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayout.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayoutCss.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainSprite.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars_test.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainWindow.html.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\myLicenses.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napi.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiAdapter.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiExtensions.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\network.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notifications.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notify.ogg.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\offline.htm.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\overlay.html.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\pap.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\passwordProtection.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\plugins.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ras.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\rescueDisk.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\scans.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\search.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\secureDns.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\sensitiveData.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\settings.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\shields.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\smartScan.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\software.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteComponents.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteInternal.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgFlags.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgInline.svg.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\system.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\threat.ogg.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tuneup.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\update.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\updatefile.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\virusChest.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\webCam.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.af551dba
Creates license or readme file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-zh-TW.txt
PE / OLE file has a valid certificate
Source: Violated Heroine_91zbZ-1.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: Violated Heroine_91zbZ-1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E09000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000499D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2493883768.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2493883768.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048C5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D31000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478477478.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478477478.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdate_unsigned.pdb source: NortonBrowserUpdate.exe
Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003746000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004286000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lt.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DE7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004970000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2490418694.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E59000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049ED000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2496159014.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_el.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004880000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476857851.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476857851.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_tr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501103051.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501103051.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_de.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CEC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004874000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476651734.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476651734.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000034E1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000003FF4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserCrashHandler.exe, 0000001B.00000000.2545010535.000000000058D000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: NortonBrowserUpdateCore_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.00000000033E0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000476B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bg.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000483B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CB3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475582944.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_mr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004991000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DFD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2493475415.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_gu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D6A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479580724.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479580724.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2500834473.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A0F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497496136.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497496136.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000000.2322480648.0000000000C43000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3617009543.0000000000C43000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: psmachine_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000000.2296059937.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: psuser_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004342000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002FF4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474541874.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474848155.0000000000C66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003C98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004820000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475030267.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DF2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000497A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2492849993.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ta.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EA9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A32000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2499957932.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2499957932.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CC9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000485D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476242242.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476242242.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000405D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003549000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D76000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048FE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479968395.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es-419.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D19000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048AE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478091284.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478018164.0000000000C66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: G:\QBITTORRENT\build-qbittorrent442-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002446000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mi_exe_stub.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000002.3600766091.0000000000088000.00000002.00000001.01000000.0000001C.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000000.2436861066.0000000000088000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049CB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E37000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495227578.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494934270.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495137205.0000000000C66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000490A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480281407.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480281407.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_id.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D8D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004921000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481048207.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481048207.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000002.3608511949.0000000000EBE000.00000004.00000010.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A8D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2509349895.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2508901358.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2509610341.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb} source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A26000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498075278.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498075278.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_it.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004937000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DA3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484244508.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484244508.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003E4E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049D6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495504178.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495593249.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495345108.0000000000C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateOnDemand_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000037A3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000042E4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000036B2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000041E7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2518582655.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2518506993.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_vi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EEF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2502196164.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004846000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CBE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475801735.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ja.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DC6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000494F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E87000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497865099.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D0E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048A2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477584269.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477584269.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_is.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000492C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481663243.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481663243.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A60000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002ECC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501524873.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501524873.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E4E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049E2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495773676.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D53000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048E7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479301927.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CC9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004852000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476037558.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476037558.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049A9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003E20000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494286780.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494286780.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ko.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004964000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DDC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489747943.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_et.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D31000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048B9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478268975.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_iw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DAF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004943000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488274893.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488274893.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ur.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A6B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EE3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501797298.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501797298.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_te.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EB5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A3D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_no.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E20000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049B4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494540665.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494540665.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000000.2379931092.0000000000974000.00000002.00000001.01000000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3603645766.0000000000974000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D53000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479063423.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003E37000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049BF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494786953.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494786953.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004342000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002FF4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474541874.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474848155.0000000000C66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004897000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D03000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477195755.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477346662.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000002.3608418626.0000000000960000.00000002.00000001.00040000.00000040.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477408904.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D48000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ml.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004985000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2493178150.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003E71000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049F9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2496771405.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2496771405.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004915000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D8D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480584132.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateWebPlugin_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004342000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002FF4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbM source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000488B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477070361.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477070361.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_da.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004869000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CE1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476434801.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476434801.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ar.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004830000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475244894.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475244894.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003E7C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A04000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497263333.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497263333.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002EEE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2507294758.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2502915324.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2508549479.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_kn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DC5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004959000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489288098.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489288098.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2516265632.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_004028D5 FindFirstFileW,7_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040679D FindFirstFileW,FindClose,7_2_0040679D
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008B6F60 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,8_2_008B6F60
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008AE180 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,8_2_008AE180
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008B4590 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,8_2_008B4590
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008E0AC0 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,8_2_008E0AC0
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: 14_2_009AD963 FindFirstFileExW,FindNextFileW,FindClose,FindClose,14_2_009AD963
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: 19_2_0038D963 FindFirstFileExW,FindNextFileW,FindClose,FindClose,19_2_0038D963
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656F014 FindFirstFileExW,21_2_00007FF67656F014
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extractJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox ViewIP Address: 13.89.179.12 13.89.179.12
Source: Joe Sandbox ViewIP Address: 20.189.173.20 20.189.173.20
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: www.google.comf5:c8:6a:f3:61:62:f1:3a:64:f5:4f:6d:c9:58:7c:06login.yahoo.comd7:55:8f:da:f5:f1:10:5b:b2:13:28:2b:70:77:29:a3mail.google.com04:7e:cb:e9:fc:a5:5f:7b:d0:9e:ae:36:e1:0c:ae:1eaddons.mozilla.org92:39:d5:34:8f:40:d1:69:5a:74:54:70:e1:f2:3f:43login.live.comb0:b7:13:3e:d0:96:f9:b5:6f:ae:91:c8:74:bd:3a:c03e:75:ce:d4:6b:69:30:21:21:88:30:ae:86:a8:2a:7139:2a:43:4f:0e:07:df:1f:8a:a3:05:de:34:e0:c2:29login.skype.come9:02:8b:95:78:e4:15:dc:1a:71:0a:2b:88:15:44:47DigiNotar Root CA0c:76:da:9c:91:0c:4e:2c:9e:fe:15:d0:58:93:3c:4cDigiNotar Services CAf1:4a:13:f4:87:2b:56:dc:39:df:84:ca:7a:a1:06:49global trusteed8:f3:5f:4e:b7:87:2b:2d:ab:06:92:e3:15:38:2f:b0*.google.com05:e2:e6:a4:cd:09:ea:54:d6:65:b0:75:fe:22:a2:56CertiID Enterprise Certificate Authoritya4:b6:ce:e3:2e:d3:35:46:26:3c:b3:55:3a:a8:92:21DigiNotar Qualified CA5b:d5:60:9c:64:17:68:cf:21:0e:35:fd:fb:05:ad:41DigiNotar Services 1024 CA36:16:71:55:43:42:1b:9d:e6:cb:a3:64:41:df:24:38DigiNotar Root CA G20a:82:bd:1e:14:4e:88:14:d7:5b:1a:55:27:be:bf:3e27:b1NIC CA 2011NIC CA 201401:31:69:b007:27:10:0301:31:34:bfDigiNotar PKIoverheid CA Overheid en Bedrijven07:27:10:0d46:9c:2c:b007:27:0f:f9DigiNotar Cyber CA46:9c:2c:afDigiNotar Public CA 202507:27:14:a946:9c:3c:c9d6:d0:29:77:f1:49:fd:1a:83:f2:b9:ea:94:8c:5c:b4DigiNotar PKIoverheid CA Organisatie - G21e:7d:7a:53:3d:45:30:41:96:40:0f:71:48:1f:45:04DigiNotar Extended Validation CA41UTN-USERFirst-Hardware08:27MD5 Collisions Inc. (http://www.phreedom.org/md5)4c:0e:63:6aDigisign Server ID (Enrich)72:03:21:05:c5:0c:08:57:3d:8e:a5:30:4e:fe:e8:b0Digisign Server ID - (Enrich)27:83AC DG Tr equals www.yahoo.com (Yahoo)
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://bugreports.qt.io/
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://bugreports.qt.io/1_q_preSharedKeyAuthenticationRequired(QSslPreSharedKeyAuthenticator
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.qbittorrent.org
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.qbittorrent.org.
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.qbittorrent.org.badagentDynamic
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065267005.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065408592.0000000005BE8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490482790.0000000005E9B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067948985.0000000005C23000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066237583.0000000005BE8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065344865.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490141580.0000000005BE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2511301255.0000000000C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrust
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2515196759.0000000000C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTruste
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3617748204.0000000000873000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3603435910.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2436625580.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DAF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DE7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004937000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004897000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DC6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000490A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A60000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003F0F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DF2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065267005.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490482790.0000000005E9B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065344865.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067756097.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068080230.0000000005BB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065267005.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490482790.0000000005E9B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065344865.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067756097.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063446625.0000000005BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2515196759.0000000000C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustema
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2511301255.0000000000C56000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustma
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org-
Source: saBSI.exe, saBSI.exe, 00000005.00000000.2296059937.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crx
Source: saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxXA
Source: saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/service/update2/crxucW
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnx.conceptsheartranch.com/
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000855000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2326645645.0000000003414000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003414000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2355414253.0000000003414000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375143923.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3614016586.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986039127.00000000009BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068080230.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000029.00000003.3151147554.0000021132795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067948985.0000000005C33000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065183744.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063372967.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067611955.0000000005C33000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000029.00000003.3151147554.0000021132795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065267005.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065408592.0000000005BE8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490482790.0000000005E9B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067948985.0000000005C23000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066237583.0000000005BE8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065344865.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490141580.0000000005BE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3617748204.0000000000873000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3603435910.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2436625580.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DAF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DE7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004937000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004897000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DC6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000490A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A60000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003F0F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DF2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321801794.0000000004DF4000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065267005.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490482790.0000000005E9B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065344865.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067756097.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: norton_secure_browser_setup.exe, 00000007.00000002.3617748204.0000000000873000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crI
Source: NortonBrowserUpdate.exe, 0000000E.00000003.2496771405.0000000000C6B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000029.00000003.3151147554.0000021132795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3617748204.0000000000873000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3603435910.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2436625580.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DAF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DE7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004937000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004897000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DC6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000490A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A60000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003F0F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DF2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: saBSI.exe, 00000005.00000002.3487600779.0000000003414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab)
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://doc.qbittorrent.org
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://doc.qbittorrent.orgUse
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://doubleclick-proxy.ff.avast.com/v1/gclid
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F87038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F87038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F87038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F87038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F87038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F87038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F8706D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F87127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://forum.qbittorrent.org
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gf.tools.avast.com/tools/gf/
Source: avg_antivirus_free_setup.exe, 00000006.00000000.2322480648.0000000000C43000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3617009543.0000000000C43000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://https://:allow_fallback/installer.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-a1.iavs9x.u.avast.com/iavs9x/avast_one_essential_setup_online.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://median-free.iavs9x.u.avast.com/iavs9x/avast_free_antivirus_setup_online.exe
Source: norton_secure_browser_setup.exe, 00000007.00000000.2350940133.000000000040A000.00000008.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3603435910.000000000040A000.00000004.00000001.01000000.0000000F.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3617748204.0000000000873000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3603435910.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2436625580.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DAF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DE7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004937000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004897000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DC6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000490A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065267005.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490482790.0000000005E9B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065344865.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067756097.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063446625.0000000005BB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065267005.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065408592.0000000005BE8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490482790.0000000005E9B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067948985.0000000005C23000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066237583.0000000005BE8000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065344865.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490141580.0000000005BE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065267005.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490482790.0000000005E9B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065344865.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067756097.0000000005BE7000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068080230.0000000005BB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068080230.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000029.00000003.3151147554.0000021132795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067948985.0000000005C33000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065183744.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063372967.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067611955.0000000005C33000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000029.00000003.3151147554.0000021132795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://plugins.qbittorrent.org
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://push.ff.avast.com
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-start-end-entity
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharData
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://searchplugins.qbittorrent.org/nova3/engines/
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.global
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068080230.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000029.00000003.3151147554.0000021132795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067948985.0000000005C33000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065183744.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063372967.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067611955.0000000005C33000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000029.00000003.3151147554.0000021132795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.000000000343A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com:80/cacert/codesigningrootr45.crtdL
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/MD/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://submit.sb.avast.com/V1/PD/
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003746000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004286000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2510101817.0000000000C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003746000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004286000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2510101817.0000000000C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003746000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004286000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2510101817.0000000000C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-start-end-entity
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://trolltech.com/xml/features/report-whitespace-only-CharData
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3614016586.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986039127.00000000009BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3614016586.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986039127.00000000009BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2986536479.0000000000978000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2987731516.0000000000978000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3608067059.0000000000979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgi
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/WTUI
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wtu.d.avcdn.net/avg/wtu/95b029cd737ea13a32d791d4e211fde568448486e62646a07992c7e57969ecf0/wtu.
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.avast.com0/
Source: qbittorrent.exe, 0000000B.00000002.3605189670.0000000000D99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comMicrosoft
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3409692358.0000000005410000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349926604.0000000004DB9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3617748204.0000000000873000.00000004.00000020.00020000.00000000.sdmp, norton_secure_browser_setup.exe, 00000007.00000002.3603435910.000000000040A000.00000004.00000001.01000000.0000000F.sdmp, norton_secure_browser_setup.exe, 00000007.00000003.2436625580.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DAF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DE7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004937000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004897000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DC6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000490A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1749094256.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.3413430048.0000000002266000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410507835.0000000007586000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1757613830.0000000003460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3614016586.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986039127.00000000009BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3614016586.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986039127.00000000009BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/2?
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2385789430.00000000009E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collect
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3614016586.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986039127.00000000009BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/collectT
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3607450412.000000000096A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2987227901.0000000000967000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986536479.0000000000967000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com/qxR
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2986536479.0000000000978000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2987731516.0000000000978000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3608067059.0000000000979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google-analytics.com:80/collect
Source: installer.exe, 00000029.00000003.3151147554.0000021132795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mcafee.com
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://www.phreedom.org/md5)
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://www.phreedom.org/md5)4c:0e:63:6aDigisign
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBI
Source: qbittorrent.exe, 0000000B.00000002.3605189670.0000000000D70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cndVJ
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixes
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-on
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: http://xml.org/sax/features/namespaces
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/entrance/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/details/avg-online-security
Source: saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.00000000033B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/?
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/m
Source: saBSI.exe, 00000005.00000002.3487600779.0000000003414000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.00000000033B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordC
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordW
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordg
Source: saBSI.exe, 00000005.00000002.3487600779.0000000003414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/mosaic/2.0/product-web/am/v1/recordh
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com/q
Source: saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/record
Source: saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordDITION
Source: saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.apis.mcafee.com:443/mosaic/2.0/product-web/am/v1/recordbq0pzMh1iysE9YiVlC14kJF9ZI
Source: saBSI.exe, 00000005.00000000.2296059937.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/r
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3610768260.0000000002DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, avg_antivirus_free_online_setup.exe, 00000008.00000003.2408846357.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3404683286.0000000002E65000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3405733849.0000000002E2C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2409030763.0000000002E65000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000000.2379931092.0000000000974000.00000002.00000001.01000000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3603645766.0000000000974000.00000002.00000001.01000000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3613650334.0000000002DF2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2494724848.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2431732195.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3405269785.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433092169.0000000002E65000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2594863932.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2643870613.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3613650334.0000000002E2C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3617746756.0000000002E65000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2786145444.0000000002DEF000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2428707783.0000000002E65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.3404683286.0000000002E65000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3617746756.0000000002E65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25A
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2494405113.0000000002E65000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433092169.0000000002E65000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2428707783.0000000002E65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25E
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2408846357.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3613650334.0000000002DF2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2494724848.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2431732195.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3405269785.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2594863932.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2643870613.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2786145444.0000000002DEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25l
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2408846357.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2494724848.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2431732195.0000000002DF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/v4/receive/json/25n
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3610768260.0000000002DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/v4/receive/json/25
Source: saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.qa.apis.mcafee.com
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832584426.0000000000898000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1828753817.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdf
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832584426.0000000000898000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1828753817.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/downloads/software/RazerEndUserLicenseAgreement.pdfI
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bloatware.ff.avast.com/avast/ss/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-download.avastbrowser.com/avg_secure_browser_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/avg-online-security/nbmoafcmbajniiapeidgficgifbfmjfo?utm_s
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2746430725.00000000058DE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crxdelaytimeout-elapsedterminatecontinueargumentsshow-wi
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.3413430048.00000000022CD000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1749094256.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3405655187.00000000034D2000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3406601159.00000000035D5000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1757613830.0000000003460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://control.kochava.com/v1/cpi/click?campaign_id=kohotspot-shield-2oo5a3058127822662&network_id=
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2986892605.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2375143923.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3614016586.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986102336.000000000099E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986039127.00000000009BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986892605.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2986102336.000000000099E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986892605.00000000009A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0Cross-Origin-Resource-Policycross-originX
Source: saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cu1pehnswad01.servicebus.windows.net/wadp32h02/messages?timeout=60&api-version=2014-01
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003746000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004286000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2510101817.0000000000C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
Source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003746000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004286000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2510101817.0000000000C57000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1830190412.000000000080A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1833534136.0000000000816000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410133024.00000000068F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.3413430048.00000000022CD000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1749094256.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3405655187.00000000034D2000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1757613830.0000000003460000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410507835.0000000007460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.3413430048.00000000022CD000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1749094256.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3405655187.00000000034D2000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1757613830.0000000003460000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3406601159.00000000035AA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zipI.zi
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zipd
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.png
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngng0s
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3408524852.0000000004DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D15000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.0000000002414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/files/1506/norton_secure_browser_setup.zipu
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2452666771.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349344859.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2350243027.0000000004DE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pnga8
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2452666771.0000000004DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.png~:
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.00000000023D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2452666771.0000000004DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipa9
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2452666771.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321325706.0000000004DDF000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D10000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3408524852.0000000004DE8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321873923.0000000004DE6000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349344859.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2350243027.0000000004DE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zipp
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2452666771.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3408524852.0000000004DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0/EN.pnga8
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.3413430048.00000000022CD000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1749094256.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3405655187.00000000034D2000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410507835.0000000007466000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1757613830.0000000003460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/o
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.3413430048.00000000022CD000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1749094256.0000000002500000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.0000000002481000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3405655187.00000000034D2000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349508508.00000000068F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3406601159.00000000035EE000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.0000000002350000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1757613830.0000000003460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbd
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391397476.00000000007DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbd.tmp
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net/zbdt
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1910535336.0000000004D30000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1884824315.0000000004D30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net:443/f/WebAdvisor/images/NEW/EN.png
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net:443/zbd7b81be6a-ce2b-4676-a29e-eb907a5126c5
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1910535336.0000000004D30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://d3ben4sjdmrs9v.cloudfront.net:443/zbde
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://download.db-ip.com/free/dbip-country-lite-%1.mmdb.gzAndorrayyyy-MMCouldn
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2746430725.00000000058DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefoxextension.avast.com/aos/update.json
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F870E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F8711F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F870E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F870C3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000C.00000003.2419370683.0000021F870E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F870E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/qbittorrent/qBittorrent/wiki/Anonymous-Mode
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/qbittorrent/qBittorrent/wiki/Explanation-of-Options-in-qBittorrent#Advanced
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hns.sb.avast.com
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832584426.0000000000898000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1828753817.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://home.mcafee.com/Root/AboutUs.aspx?id=eulaK
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3617746756.0000000002E3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/
Source: avg_antivirus_free_setup.exe, 00000006.00000002.3607450412.000000000096A000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2987227901.0000000000967000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986536479.0000000000967000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/7u
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2494405113.0000000002E3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/9
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2786677432.0000000002E3C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3404683286.0000000002E3C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2642655636.0000000002E3C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3617746756.0000000002E3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/Y
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2433092169.0000000002E3C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2428707783.0000000002E3C000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2408846357.0000000002E3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/q
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exe
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2375143923.000000000097F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exec
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2642655636.0000000002E83000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2786677432.0000000002E75000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3404683286.0000000002E75000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3405148352.0000000002E7D000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2786145444.0000000002E75000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2643870613.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2642655636.0000000002E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/2f8a/779d/1460/2f8a779d146017868e5dd4e67083675da9aa5b94a174d8b56c3
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2594453638.0000000002E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/3ba8/fbac/3885/3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2594453638.0000000002E78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/48c1/d01f/6234/48c1d01f6234e7c129b31a0c2388de0f102f718721fedf18edb
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2786145444.0000000002E75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/6b80/fa1f/8221/6b80fa1f82216a58bdc872de1a8e2cf9d2c485d135cf3414b79
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2786145444.0000000002E75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/aa90/1643/995c/aa901643995c786c0598ce59c6edc19d0202ef4a3a8a0cb0c1a
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2642655636.0000000002E77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/e9e9/a93a/90fd/e9e9a93a90fdacb5677472fbfeb58dfcea5047e1d044cae69fe
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2786145444.0000000002E75000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/universe/f6c2/9c47/0a75/f6c29c470a756f71f14ad40453e27aa8e141bd3443b84483c73
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2594453638.0000000002E3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net/y
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3610768260.0000000002DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/universe/2f8a/779d/1460/2f8a779d146017868e5dd4e67083675da9aa5b94a174d8b
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3610768260.0000000002DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/universe/6b80/fa1f/8221/6b80fa1f82216a58bdc872de1a8e2cf9d2c485d135cf341
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3610768260.0000000002DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/universe/e9e9/a93a/90fd/e9e9a93a90fdacb5677472fbfeb58dfcea5047e1d044cae
Source: avg_antivirus_free_online_setup.exe, 00000008.00000002.3610768260.0000000002DA8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://honzik.avcdn.net:443/universe/f6c2/9c47/0a75/f6c29c470a756f71f14ad40453e27aa8e141bd3443b8448
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpd.apache.org/docs/current/ssl/ssl_faq.html#aboutcerts
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avast.com/inAvastium
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://identityprotection.avg.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm.avcdn.net/
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000000.1748551691.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://libtorrent.org/single-page-ref.html#no_connect_privileged_ports
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://libtorrent.org/single-page-ref.html#piece_extent_affinity
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://my.avast.com
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F870E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 0000000C.00000003.2419370683.0000021F87092000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0Failed
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pair.ff.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prod1-fe-basic-auth-breach.prod.aws.lifelock.com
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/pg;
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000868000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/po
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.000000000087F000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policies
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.com/policiesU_
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000868000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reasonlabs.comL;tK
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s-nuistatic.avcdn.net/nui/avg/1.0.761/updatefile.json
Source: saBSI.exe, 00000005.00000003.2417371075.000000000343F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/product
Source: saBSI.exeString found in binary or memory: https://sadownload.mcafee.com/products/SA/
Source: saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003440000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.000000000343F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml
Source: saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/3.7.2/update_bsi_product.xml/
Source: saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003440000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.000000000343F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml
Source: saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml
Source: saBSI.exe, 00000005.00000003.2417087301.0000000005B18000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417995790.0000000005B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003440000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.00000000033B1000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.000000000343F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml
Source: saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PaidDistribution.xml/
Source: saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003440000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.000000000343F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml
Source: saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/
Source: saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3454193232.0000000005B46000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003440000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.000000000343F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml
Source: saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3451793492.0000000005B5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xml/
Source: saBSI.exe, saBSI.exe, 00000005.00000000.2296059937.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xml
Source: saBSI.exe, 00000005.00000003.2355414253.00000000033F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_main.xmlF
Source: saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003440000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.000000000343F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml
Source: saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/BSI/bsi_vars.xml/
Source: saBSI.exe, 00000005.00000000.2296059937.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/UPDATER_VERSIONaffidosplatSELF_UPDATE_ALLOWEDMAIN_XMLSTORE
Source: saBSI.exe, saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json
Source: saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonPROCESSX
Source: saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.jsonRS=2On
Source: saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3454193232.0000000005B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi
Source: saBSI.exe, 00000005.00000003.3068263105.0000000005B5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3451793492.0000000005B5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/
Source: saBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003440000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.000000000343F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml
Source: saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xml/
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlnload.mcafee.comO
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/bsi/binaryG
Source: saBSI.exe, 00000005.00000003.3065718257.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3451793492.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3426947030.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/64/installer.exe
Source: saBSI.exe, 00000005.00000003.3065718257.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3451793492.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3426947030.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/pc/partner_custom_bsi.xml
Source: saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_
Source: saBSI.exe, 00000005.00000003.3065718257.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3489370797.0000000005B00000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3451793492.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3426947030.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003414000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3490050196.0000000005B7E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml
Source: saBSI.exe, 00000005.00000002.3487600779.0000000003414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml.
Source: saBSI.exe, 00000005.00000002.3487600779.00000000033B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/SA/v1/update/post_install.xml6
Source: saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa
Source: saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3454193232.0000000005B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary
Source: saBSI.exe, 00000005.00000003.3068263105.0000000005B5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3451793492.0000000005B5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/bsi/win/binary/
Source: saBSI.exe, 00000005.00000003.2651456422.0000000005B91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/sa/v1/pc/partner_custom_vars.xml
Source: saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saLOCALA
Source: saBSI.exe, 00000005.00000000.2296059937.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://sadownload.mcafee.com/products/saUPDATER_URLupdater.exeWebAdvisor_Updaterheron_hostthreat.ap
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2746430725.00000000058DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2408846357.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3405269785.0000000002E25000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3613650334.0000000002DF2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2494724848.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2431732195.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3613650334.0000000002E25000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.3405269785.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385033934.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2594863932.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385754238.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2643870613.0000000002DF4000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3610768260.0000000002DC7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385205908.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385964492.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2786145444.0000000002DEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net/
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2385033934.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385754238.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385205908.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385964492.0000000002DF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.avcdn.net//url
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3406368684.0000000003592000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832584426.0000000000898000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1828753817.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shield.reasonsecurity.com/rsStubActivator.exe4
Source: norton_secure_browser_setup.exe, 00000007.00000002.3617748204.00000000007E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com
Source: norton_secure_browser_setup.exe, 00000007.00000002.3617748204.0000000000838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com/?_=1734977695319&retry_tracking_count=0&last_request_error_code=0&la
Source: norton_secure_browser_setup.exe, 00000007.00000002.3617748204.0000000000873000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stats.securebrowser.com?_=17349776953197
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stream-production.avcdn.net
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://submit.sb.avast.com
Source: norton_secure_browser_setup.exe, 00000007.00000003.2380294003.0000000003E82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: norton_secure_browser_setup.exe, 00000007.00000003.2380294003.0000000003E82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.com
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://viruslab-samples.sb.avast.comhttps://submit.sb.avast.comhttps://hns.sb.avast.comhttps://winq
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/privacy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://webcompanion.com/terms
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://winqual.sb.avast.com
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000868000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3406368684.0000000003592000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832584426.0000000000898000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1828753817.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/eula-avast-consumer-products
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.00000000023E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/prVersion
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000868000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3406368684.0000000003592000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avast.com/privacy-policy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula-_
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321226146.0000000006906000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321056380.00000000068F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us/&
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410133024.00000000068F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eula/en-us/E
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349508508.00000000068F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2350074906.00000000068F9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410133024.00000000068F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/eulat.net
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D23000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321226146.0000000006906000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410133024.00000000068F9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321056380.00000000068F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacy-us/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349508508.00000000068F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2350074906.00000000068F9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410133024.00000000068F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.avg.com/ww-en/privacyt/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.000000000081E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.0000000000829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/about/privacy-policy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000831000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000831000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/legal/end-user-license-agreementd
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.fosshub.com/feed/5b8793a7f9ee5a5c3e97a3b2.xml
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295136705.0000000004DC0000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2295665698.0000000005417000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067948985.0000000005C33000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065183744.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067683149.0000000005BB0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063372967.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3066137465.0000000005C32000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3067611955.0000000005C33000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068080230.0000000005BB1000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000029.00000003.3151147554.0000021132795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000000.1756018251.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#aio_threads
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#allow_idna
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#allow_multiple_connections_per_ip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#announce_ip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#announce_to_all_tiers
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#announce_to_all_trackers
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#checking_mem_usage
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#choking_algorithm
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#connection_speed
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#disk_io_write_mode
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#file_pool_size
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#hashing_threads
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#listen_queue_size
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#max_concurrent_http_announces
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#mixed_mode_algorithm
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#outgoing_port
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#peer_tos
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#peer_turnover
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#seed_choking_algorithm
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#send_buffer_low_watermark
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#send_buffer_watermark
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#send_buffer_watermark_factor
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#ssrf_mitigation
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#stop_tracker_timeout
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#suggest_mode
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#upnp_lease_duration
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.libtorrent.org/reference-Settings.html#validate_https_trackers
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.00000000007F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/global/legal.html
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D23000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D15000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453359383.00000000068FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2452666771.0000000004DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html040d241aa8b7debda9
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2452666771.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3408524852.0000000004DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.html040d241aa8b7debda9v8
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000831000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000831000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlB
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000089B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zip
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/png
Source: saBSI.exe, 00000005.00000000.2296059937.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.html
Source: saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mcafee.com/consumer/v/wa-how.htmldA
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.noip.com/remote-access
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.noip.com/remote-accesshttps://account.dyn.com/entrance/Dynamic
Source: norton_secure_browser_setup.exe, 00000007.00000003.2436625580.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DAF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DE7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004937000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004897000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DC6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000490A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A60000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003F0F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DF2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CC9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D31000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000405D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004964000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410507835.0000000007471000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/leg
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410507835.00000000074D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1828753817.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/G
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2452666771.0000000004DD7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/i:
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349344859.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2350243027.0000000004DE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/v8
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/legal/license-services-agreement/x
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410507835.0000000007561000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/p
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410507835.0000000007561000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/pr
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410507835.000000000750D000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.00000000023C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy//
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.000000000081E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.0000000000829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nortonlifelock.com/us/en/privacy/h
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.000000000081E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.0000000000829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computers?
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.000000000081E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.0000000000829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/eula/computersN
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/he/privacy
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000831000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/common/termsofservice-v1
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.000000000081E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.0000000000829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.premieropinion.com/privacy-policy%
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/ftp/python/3.8.10/python-3.8.10.exe
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/ftp/python/3.8.10/python-3.8.10.exePython
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.qbittorrent.org
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.qbittorrent.org/donate
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.qbittorrent.org/donateExecution
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.qbittorrent.org/news.php
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832584426.0000000000898000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1828753817.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/legal/customer-privacy-policy
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000000.1756018251.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405601 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_00405601
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67653C148 lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,21_2_00007FF67653C148
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

barindex
Writes a notice file (html or txt) to demand a ransom
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile dropped: C:\Program Files\McAfee\Temp2112252202\jslang\eula-en-US.txt -> encryption key for your account secure because without them you may lose access to your data. you are solely responsible and liable for any activity that occurs under your account, including by anyone who uses your account. if there is any unauthorized use or access to your account, you must let us know immediately. we are not responsible for any loss caused by unauthorized use of or access to your account; however, you may be liable for any losses we or others suffer because of the unauthorized use. we do not have access to master passwords and cannot recover your encrypted data if you forget the master password for any password management feature or product. we offer both free and premium versions of our password and identity management software, and the free versions limit the maximum number of unique accounts (such as a website or application login) that you can store. if you have downloaded a premium version of the software at no cost during a promotion, then when the promotional period ends you will notJump to dropped file
Writes many files with high entropy
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0 (copy) entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1 (copy) entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2 (copy) entropy: 7.99994992874Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0.zip (copy) entropy: 7.99597518735Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1.zip (copy) entropy: 7.99668482326Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2.zip (copy) entropy: 7.99994992874Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe entropy: 7.99064522414Jump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\73ba32b5-f7bb-4e77-a2d3-27898a0648be entropy: 7.99995124837Jump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\0c4b621d-4397-4af1-8ed3-161e84a7467d entropy: 7.99982131586Jump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\b02adf1d-85e4-48d4-b968-5538b228fb95 entropy: 7.99990414125Jump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\1d487711-d4e9-4740-98a6-3f3510d93dc3 entropy: 7.99866005103Jump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\setupui.cont entropy: 7.99945456192Jump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\dc2653ef-52bd-45ad-9763-a50198c51c87 entropy: 7.99949886139Jump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\8e10f755-a3fc-4561-9bfa-8094a2c867dc entropy: 7.9999260316Jump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{D7DA69EE-8493-43EF-962E-703A105C1C7B}-NortonBrowserInstaller.exe entropy: 7.99999128493Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\setupui.cont entropy: 7.99945456192Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_product.dll.lzma entropy: 7.99946367131Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_product.dll.lzma entropy: 7.99990334673Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_rvrt.exe.lzma entropy: 7.99325569022Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\aswOfferTool.exe.lzma entropy: 7.99980219406Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.af551dba.lzma entropy: 7.99958442587Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.af551dba.lzma entropy: 7.999867387Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.af551dba.lzma entropy: 7.99982670211Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.af551dba.lzma entropy: 7.99616210321Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.af551dba.lzma entropy: 7.99973839637Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.af551dba.lzma entropy: 7.99945139508Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.af551dba.lzma entropy: 7.99996225598Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.af551dba.lzma entropy: 7.99984124576Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.af551dba.lzma entropy: 7.99987168321Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.af551dba.lzma entropy: 7.99977021345Jump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.af551dba.lzma entropy: 7.99781196203Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\analyticsmanager.cab entropy: 7.99965056224Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\browserhost.cab entropy: 7.99969064067Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\browserplugin.cab entropy: 7.9992046707Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\logicmodule.cab entropy: 7.99971035479Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\mfw-webadvisor.cab entropy: 7.99497056268Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\mfw.cab entropy: 7.99645912817Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\servicehost.cab entropy: 7.99845734638Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\settingmanager.cab entropy: 7.99959252091Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\taskmanager.cab entropy: 7.99988705726Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\uihost.cab entropy: 7.99874187266Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\uimanager.cab entropy: 7.99966733883Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\uninstaller.cab entropy: 7.99958655854Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\updater.cab entropy: 7.99956639709Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\wssdep.cab entropy: 7.99928309708Jump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi entropy: 7.99707344308Jump to dropped file

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 3192, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 7012, type: MEMORYSTRMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Program Files (x86)\GUT4AA7.tmp, type: DROPPEDMatched rule: PlugX Identifying Strings Author: Seth Hardy
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0088C610 NtQueryInformationProcess,GetModuleHandleW,GetProcAddress,GetLastError,GetLastError,NtQueryInformationProcess,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,8_2_0088C610
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0088FDD0 GetModuleHandleW,GetProcAddress,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,NtQueryInformationProcess,GetCurrentProcess,NtQueryInformationProcess,8_2_0088FDD0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0088C6D0 NtQueryInformationProcess,8_2_0088C6D0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00356220: GetCurrentProcessId,GetCurrentThreadId,CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,DeviceIoControl,DeviceIoControl,5_2_00356220
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0088D9B0 DuplicateTokenEx,SetTokenInformation,SetTokenInformation,GetLastError,CreateProcessAsUserW,GetLastError,CloseHandle,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,Concurrency::scheduler_worker_creation_error::scheduler_worker_creation_error,GetLastError,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,8_2_0088D9B0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040350D
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\527688.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI77F0.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\52768b.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\52768b.msi
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Windows\system32\icarus_rvrt.exe
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\52768b.msi
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00354F505_2_00354F50
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00358FB05_2_00358FB0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003570D95_2_003570D9
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0035F1105_2_0035F110
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003773B05_2_003773B0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0038D5405_2_0038D540
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003918405_2_00391840
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00373AC05_2_00373AC0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0038FFE05_2_0038FFE0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003881905_2_00388190
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003983A05_2_003983A0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0038A5405_2_0038A540
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0033A6105_2_0033A610
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003D86095_2_003D8609
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003A06605_2_003A0660
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003947C05_2_003947C0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003928A05_2_003928A0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003E68E05_2_003E68E0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003C09195_2_003C0919
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003E09925_2_003E0992
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003E0AB25_2_003E0AB2
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00332B005_2_00332B00
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003C0B4B5_2_003C0B4B
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00396D435_2_00396D43
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003C0DB05_2_003C0DB0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003BADD05_2_003BADD0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00368EA05_2_00368EA0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0033CF405_2_0033CF40
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0038F1505_2_0038F150
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0037D2C05_2_0037D2C0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003C933A5_2_003C933A
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003CB3405_2_003CB340
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003354005_2_00335400
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003D14AF5_2_003D14AF
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0039B4F05_2_0039B4F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003976025_2_00397602
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0033F8305_2_0033F830
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003DD8E05_2_003DD8E0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003C390B5_2_003C390B
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00393A305_2_00393A30
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0036FB405_2_0036FB40
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00363C505_2_00363C50
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0035BCB05_2_0035BCB0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00337D105_2_00337D10
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C252F06_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C2BB706_2_00C2BB70
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C3C9D06_2_00C3C9D0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C4126C6_2_00C4126C
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C2D3406_2_00C2D340
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C2EDE06_2_00C2EDE0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C366E46_2_00C366E4
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C3CE7E6_2_00C3CE7E
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00406B647_2_00406B64
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008F02B08_2_008F02B0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008E23208_2_008E2320
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0090C8208_2_0090C820
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008E69508_2_008E6950
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008E8DF08_2_008E8DF0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00868ED08_2_00868ED0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008CB4508_2_008CB450
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008D97B08_2_008D97B0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008E18608_2_008E1860
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009079B08_2_009079B0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0089F9108_2_0089F910
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008C59508_2_008C5950
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0094A0908_2_0094A090
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008D80B08_2_008D80B0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0094C0408_2_0094C040
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0089A1B08_2_0089A1B0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008821008_2_00882100
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008B81208_2_008B8120
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008CA1308_2_008CA130
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0087E1708_2_0087E170
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008BE2A08_2_008BE2A0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0094221D8_2_0094221D
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0092A2008_2_0092A200
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009062408_2_00906240
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0086C2608_2_0086C260
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009564838_2_00956483
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009604A98_2_009604A9
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009384568_2_00938456
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0092C4708_2_0092C470
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008804608_2_00880460
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008825808_2_00882580
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009425AB8_2_009425AB
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0087C7B08_2_0087C7B0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008CA7E08_2_008CA7E0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0086C8808_2_0086C880
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009068108_2_00906810
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008E49C08_2_008E49C0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008A29108_2_008A2910
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009369408_2_00936940
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00882BC08_2_00882BC0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0088AB108_2_0088AB10
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0087EB308_2_0087EB30
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008A8B408_2_008A8B40
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00884CB08_2_00884CB0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0086AC008_2_0086AC00
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008D2DF08_2_008D2DF0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009110908_2_00911090
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008A10B08_2_008A10B0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008690C08_2_008690C0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008610008_2_00861000
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0087D0008_2_0087D000
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008815F08_2_008815F0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008835108_2_00883510
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009316308_2_00931630
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009096508_2_00909650
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009557E48_2_009557E4
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008637408_2_00863740
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0092F8008_2_0092F800
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0092D8408_2_0092D840
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008BB9B08_2_008BB9B0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008ED9008_2_008ED900
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0087DB408_2_0087DB40
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00929B408_2_00929B40
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00885CA08_2_00885CA0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008ABCD08_2_008ABCD0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0087BC408_2_0087BC40
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00929EB08_2_00929EB0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008AFED08_2_008AFED0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008DBF108_2_008DBF10
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_0007A8D413_2_0007A8D4
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_0007F93113_2_0007F931
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_0007432C13_2_0007432C
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_0008243813_2_00082438
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_00085CAB13_2_00085CAB
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_00081FB013_2_00081FB0
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: 14_2_009B3BBB14_2_009B3BBB
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: 19_2_00393BBB19_2_00393BBB
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF6765507B421_2_00007FF6765507B4
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF6765677B021_2_00007FF6765677B0
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656F01421_2_00007FF67656F014
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656B7E021_2_00007FF67656B7E0
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676560FD021_2_00007FF676560FD0
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655A8A821_2_00007FF67655A8A8
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655B05021_2_00007FF67655B050
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656D90C21_2_00007FF67656D90C
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF6765470E021_2_00007FF6765470E0
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676570D9821_2_00007FF676570D98
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67653E5AC21_2_00007FF67653E5AC
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655FD5421_2_00007FF67655FD54
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656D69021_2_00007FF67656D690
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655AE6421_2_00007FF67655AE64
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67654664421_2_00007FF676546644
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67654565421_2_00007FF676545654
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656971C21_2_00007FF67656971C
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655038821_2_00007FF676550388
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67657236021_2_00007FF676572360
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676574B6821_2_00007FF676574B68
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF6765633E021_2_00007FF6765633E0
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF6765483E821_2_00007FF6765483E8
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656ACB021_2_00007FF67656ACB0
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655AC7C21_2_00007FF67655AC7C
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67657446421_2_00007FF676574464
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655CD1021_2_00007FF67655CD10
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655BCE421_2_00007FF67655BCE4
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF6765614C821_2_00007FF6765614C8
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656915C21_2_00007FF67656915C
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656B16021_2_00007FF67656B160
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655C94421_2_00007FF67655C944
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656E21421_2_00007FF67656E214
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67654DAB421_2_00007FF67654DAB4
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676568A8821_2_00007FF676568A88
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655AA9021_2_00007FF67655AA90
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67655B23821_2_00007FF67655B238
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676563ACA21_2_00007FF676563ACA
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: String function: 00007FF67653A990 appears 45 times
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: String function: 00387F50 appears 33 times
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: String function: 009A7F50 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: String function: 003B8713 appears 374 times
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: String function: 003B85BF appears 56 times
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: String function: 003B9600 appears 61 times
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: String function: 00341BE0 appears 67 times
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: String function: 003D4231 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: String function: 003B8E31 appears 79 times
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: String function: 003B8DFE appears 111 times
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: String function: 00378650 appears 192 times
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: String function: 000757E0 appears 33 times
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: String function: 008881F0 appears 38 times
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: String function: 00878930 appears 52 times
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: String function: 00887650 appears 64 times
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: String function: 00915E80 appears 49 times
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6692 -ip 6692
Source: Violated Heroine_91zbZ-1.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: installer.exe.5.drStatic PE information: Resource name: PAYLOAD type: Microsoft Cabinet archive data, many, 23003272 bytes, 135 files, at 0x2c +A "analyticsmanager.cab" +A "analyticstelemetry.cab", number 1, 845 datablocks, 0x1 compression
Source: sciterui.dll.7.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: goopdateres_ms.dll.13.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: goopdateres_th.dll.13.drStatic PE information: Resource name: RT_STRING type: PDP-11 overlaid pure executable not stripped
Source: goopdateres_tr.dll.13.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_vi.dll.13.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_ca.dll.13.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.13.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.13.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ca.dll.14.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.14.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: norton_secure_browser_setup.exe.1.drStatic PE information: Resource name: RT_VERSION type: TTComp archive data, binary, 4K dictionary
Source: sciterui.dll.7.drStatic PE information: No import functions for PE file found
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.3413430048.0000000002328000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Violated Heroine_91zbZ-1.exe
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Violated Heroine_91zbZ-1.exe
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs Violated Heroine_91zbZ-1.exe
Source: Violated Heroine_91zbZ-1.exe, 00000000.00000000.1748676987.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Violated Heroine_91zbZ-1.exe
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox\118.0.1 (x64 en-US)\Main Install Directory
Source: Violated Heroine_91zbZ-1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: Process Memory Space: NortonBrowserUpdateSetup.exe PID: 3192, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: Process Memory Space: NortonBrowserUpdate.exe PID: 7012, type: MEMORYSTRMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Program Files (x86)\GUT4AA7.tmp, type: DROPPEDMatched rule: PlugXStrings author = Seth Hardy, description = PlugX Identifying Strings, last_modified = 2014-06-12
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpKey value queried: HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon versionJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeKey value queried: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon version
Source: qbittorrent.exe.1.drStatic PE information: Section: .qtmimed ZLIB complexity 0.997458770800317
Source: classification engineClassification label: mal68.rans.spyw.evad.winEXE@74/1357@0/21
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_00072E59 GetLastError,GetLastError,SetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,13_2_00072E59
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040350D EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_0040350D
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0088FF60 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,8_2_0088FF60
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C252F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00344C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00344C8E
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00345C1E CoCreateInstance,OleRun,5_2_00345C1E
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00365318 GetModuleHandleW,FindResourceW,LoadResource,LockResource,std::ios_base::_Ios_base_dtor,GetModuleHandleW,GetProcAddress,GetCurrentProcess,Concurrency::cancel_current_task,Concurrency::cancel_current_task,SysFreeString,SysFreeString,5_2_00365318
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeMutant created: \Sessions\1\BaseNamedObjects\QtLockedFile mutex c:/users/user/appdata/roaming/qbittorrent/lockfile
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeMutant created: NULL
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6692
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\10e54df479cf278b9311012c1f32f319
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpMutant created: \Sessions\1\BaseNamedObjects\{2c958236-012f-4348-b699-6519aeb48f99}Installer
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeMutant created: \Sessions\1\BaseNamedObjects\norton-securebrowser_installer_mutex2
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\34a090237c19fd3519eb334979dc31d6
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{C68009EA-1163-4498-8E93-D5C4E317D8CE}
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5696:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\NortonBrowserUpdate{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{66CC0160-ABB3-4066-AE47-1CA6AD5065C8}
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeMutant created: \Sessions\1\BaseNamedObjects\Global\201c9d5e80419bcdfcbf4aa63480b83e
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{32B25EF2-80FD-4C66-97E1-0890D9E9F87B}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{6885AE8E-C070-458d-9711-37B9BEAB65F6}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{D0BB2EF1-C183-4cdb-B218-040922092869}
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{0A175FBE-AEEC-4fea-855A-2AA549A88846}
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpMutant created: \Sessions\1\BaseNamedObjects\Global\{2c958236-012f-4348-b699-6519aeb48f99}Installer
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeMutant created: \BaseNamedObjects\Global\NortonBrowserUpdate{B5665124-2B19-40e2-A7BC-B44321E72C4B}
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeFile created: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /silent6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cookie6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /ppi_icd6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /cust_ini6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Enabled6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxyType6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Port6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: User6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Password6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: ProxySettings6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: Properties6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: /smbupd6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: enable6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: count6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: servers6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: urlpgm6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: server06_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: http://6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: https://6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: allow_fallback6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: mirror6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: installer.exe6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: {versionSwitch}6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: stable6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCommand line argument: %s\%s6_2_00C252F0
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCommand line argument: kernel32.dll13_2_000724AD
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCommand line argument: kernel32.dll14_2_009A6BD8
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCommand line argument: DllEntry14_2_009A6BD8
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCommand line argument: kernel32.dll19_2_00386BD8
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCommand line argument: DllEntry19_2_00386BD8
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCommand line argument: >B919_2_00394190
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%klekeajafkkpokaofllcadenjdckhinm%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%fheoggkfdfchfphceeifdbepaooicaho%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : Select ParentProcessId from Win32_Process where name='browserhost.exe' and SessionId=1 and commandline like '%{4ED1F68A-5463-4931-9384-8FFF5ED91D92}%'
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT %1 FROM %2 WHERE %3 = %4;
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT %1 FROM %2 ORDER BY %3;
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %1 SET %2 = %3 WHERE %4 = %5;
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT * FROM %1 WHERE %2 = %3;
Source: Violated Heroine_91zbZ-1.exeReversingLabs: Detection: 23%
Source: avg_antivirus_free_online_setup.exeString found in binary or memory: sfx-start
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeFile read: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe "C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe"
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp "C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp" /SL5="$1040C,13566766,780800,C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe"
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /ga_clientid:572539a1-d07f-4197-bf4d-89a74f87a492 /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe "qBittorrent" ENABLE
Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe" magnet:?xt=urn:btih:8B023433BB140CC755C6B8166CDE023DB44FCFA7
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6692 -ip 6692
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 964
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezE5NzhDRURELUY2RUQtNDc4Qy05RDhDLTgzMTA0OEQ5REY4MH0iIHVzZXJpZD0iezBFMTk2MDUwLURBNzAtNEQyRi04MkE1LUIxQUYyOURDNjRFRn0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyMyIgbWFjaGluZWlkPSJ7MDAwMDlEOTYtNkFDQS0yQzI0LTk0MDgtMTRBMDU2NEZENUJDfSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezczRTFDMDhDLTNBMzQtNDVCNi04OTY1LTZDMEZFQzlFMDgwRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjUzOCIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{1978CEDD-F6ED-478C-9D8C-831048D9DF80}" /silent
Source: unknownProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av_slave_ep_f4b941a1-dca3-4c7d-a54f-a0d09edff664 /slave:avg-av
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av-vps_slave_ep_af387ac7-fcda-4980-9da1-7e333e1d25e3 /slave:avg-av-vps
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6692 -ip 6692
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 2604
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeProcess created: C:\Program Files\McAfee\Temp2112252202\installer.exe "C:\Program Files\McAfee\Temp2112252202\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: unknownProcess created: C:\Program Files\McAfee\WebAdvisor\servicehost.exe "C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp "C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp" /SL5="$1040C,13566766,780800,C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vUJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe "qBittorrent" ENABLEJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe" magnet:?xt=urn:btih:8B023433BB140CC755C6B8166CDE023DB44FCFA7Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /ga_clientid:572539a1-d07f-4197-bf4d-89a74f87a492 /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2cJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"Jump to behavior
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe "C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezE5NzhDRURELUY2RUQtNDc4Qy05RDhDLTgzMTA0OEQ5REY4MH0iIHVzZXJpZD0iezBFMTk2MDUwLURBNzAtNEQyRi04MkE1LUIxQUYyOURDNjRFRn0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyMyIgbWFjaGluZWlkPSJ7MDAwMDlEOTYtNkFDQS0yQzI0LTk0MDgtMTRBMDU2NEZENUJDfSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezczRTFDMDhDLTNBMzQtNDVCNi04OTY1LTZDMEZFQzlFMDgwRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjUzOCIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{1978CEDD-F6ED-478C-9D8C-831048D9DF80}" /silent
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6692 -ip 6692
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 964
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6692 -ip 6692
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 2604
Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe "C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av_slave_ep_f4b941a1-dca3-4c7d-a54f-a0d09edff664 /slave:avg-av
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av-vps_slave_ep_af387ac7-fcda-4980-9da1-7e333e1d25e3 /slave:avg-av-vps
Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeProcess created: C:\Program Files\McAfee\Temp2112252202\installer.exe "C:\Program Files\McAfee\Temp2112252202\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: winhttpcom.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: zipfldr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: version.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: windows.storage.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: wldp.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: profapi.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: cryptsp.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: rsaenh.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: cryptbase.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: dpapi.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: winhttp.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: mswsock.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: iphlpapi.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: winnsi.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: webio.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: sspicli.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: dnsapi.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: rasadhlp.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: schannel.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ntasn1.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ncrypt.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: msasn1.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: gpapi.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ntmarta.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: d3d9.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: dataexchange.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: d3d11.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: dcomp.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: msi.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: version.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: msimg32.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: cscapi.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: msxml3.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: taskschd.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}\InProcServer32Jump to behavior
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile written: C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpWindow found: window name: TSelectLanguageFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Accept
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpAutomated click: Run
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Icarus\avg-av
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\Common Files\AVG\Overseer
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\asw6f647d2b80e600d5.tmp
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\setup\config.def.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwCoreClient.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwRpc.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\afwServ.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dnd_helper.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\gaming_hook.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gaming_hook.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dnd_helper.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\hns_tools.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswhook.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsdriver.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidpm.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswidsagent.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswhook.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\onnxruntime.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background.png.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\background-loading.png.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\waikamd64.mst.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswShMin.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPEBrowser.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxbase315u_vc.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RescueDisk\wxmsw315u_core_vc.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shred.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\snxhk.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snxhk.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSnx.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.htm.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswClnTg.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.htm.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\aswInfTg.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Base.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\Boot.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\1033\uiLangRes.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArDisk.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BreachGuardSdk.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswProperty.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AavmRpch.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\ashShell.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\dll_loader.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnOS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnIS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswCmnBS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\firefox_pass.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswBrowser.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswAMSI.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Boost.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\brotli.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bsdiff.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cef.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Crypto++.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\cURL.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\dnscrypt-proxy.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\GSL.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\ICU.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\jansson.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libPNG.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\libsodium.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LUA.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\lzfse.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mbedTLS.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\mhook.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nanopb.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\OpenSSL.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\PCRE.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\protobuf.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\pugixml.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\rapidjson.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\sqlite.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\vxWidgets.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\Xerces.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xmlParser.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\xxHash.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Licenses\zlib.txt.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnBS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnOS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswCmnIS.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashBase.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashServ.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashShell.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashTask.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashQuick.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ashUpd.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAux.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswDld.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommChannel.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\streamback.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ntp_time.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\sched.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngLdr.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswEngSrv.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswLog.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswProperty.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswPropertyAv.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswW8ntf.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\uet_client.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\anen.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\perfstats.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\CommonRes.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswSqLt.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\VisthAux.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswChLic.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswIP.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRvrt.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\log.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\burger_client.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\tasks_core.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\task_performance_logger.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\process_monitor.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\serialization.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_routing_rpc.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_burger.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_ga.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\event_manager_er.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\ffl2.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\browser_pass.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\vaarclient.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\module_lifetime.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\dll_loader.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\shepherdsync.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\fltlib_wrapper.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGSvc.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AavmRpch.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgBoot.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\firefox_pass.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAMSI.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswBrowser.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\wsc_proxy.exe.manifest.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvEmUpdate.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SupportTool.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\nos.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswAvBootTimeScanShMin.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\OobeUtil.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfc140u.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\mfcm140u.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\crts.cat.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\concrt140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_1.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_2.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\ucrtbase.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vccorlib140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_1.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-debug-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-fibers-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-file-l2-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-handle-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-heap-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-interlocked-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-libraryloader-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-localization-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-memory-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-namedpipe-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processenvironment-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-1.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-profile-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-rtlsupport-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-string-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-timezone-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\API-MS-Win-core-xstate-l2-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-conio-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-convert-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-heap-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-private-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-runtime-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-stdio-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-time-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\concrt140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_1.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_2.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_codecvt_ids.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\ucrtbase.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vccorlib140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\vcruntime140_threads.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\HTMLayout.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvLaunch.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AVGUI.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvConsent.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\jsbridge.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgKbd.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgNetHub.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libssl-3-x64.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcrypto-3-x64.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\protobuf.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRdr2.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgMonFlt.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgSP.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgRvrt.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgElam.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbidsh.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgbuniv.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswavdetection.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswcomm.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswdetallocator.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswntsqlite.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswpsic.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswremoval.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswsecapi.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswwinamapi.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgStm.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\RegSvr.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\aswRunDll.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\x86\AvDump.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswRunDll.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\RegSvr.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvBugReport.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\AvDump.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\SetupInf.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\overseer.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\avgToolsSvc.exe.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\aswVmm.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\Inf\x64\avgVmm.sys.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_100_percent.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_200_percent.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\resources.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\icudtl.dat.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\am.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ar.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bg.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\bn.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ca.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\cs.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\da.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\de.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\el.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-GB.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\en-US.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es-419.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\es.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\et.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fa.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fi.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fil.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\fr.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\gu.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\he.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hi.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hr.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\hu.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\id.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\it.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ja.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\kn.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ko.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lt.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\lv.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ml.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\mr.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ms.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nb.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\nl.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pl.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-BR.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\pt-PT.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ro.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ru.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sk.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sl.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sr.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sv.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\sw.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\ta.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\te.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\th.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\tr.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\uk.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\vi.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-CN.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\locales\zh-TW.pak.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libEGL.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\swiftshader\libGLESv2.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\chrome_elf.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libcef.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\d3dcompiler_47.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libEGL.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libGLESv2.dll.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\snapshot_blob.bin.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\v8_context_snapshot.bin.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\about.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiRansomware.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiTrack.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ask.ogg.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetection.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserDetectionWindow.html.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\browserExtensions.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\core.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\darkWebMonitor.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dashboard.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\dataShredder.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\done.ogg.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\doNotDisturb.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\driverUpdater.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\feedbackForm.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\firewall.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\help.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\i18n.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\kin.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\libs.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-cs.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-da.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-de.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-en_GB.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-es_ES.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fi.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-fr.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-hu.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-id.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-it.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ja.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ko.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ms.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nb.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-nl.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pl.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_BR.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-pt_PT.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-ru.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sk.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sr_CS.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-sv_SE.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-tr.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_CN.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-zh_TW.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainCss_light.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainFont.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayout.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainLayoutCss.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainSprite.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainVars_test.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainWindow.html.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\myLicenses.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napi.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiAdapter.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\napiExtensions.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\network.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notifications.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\notify.ogg.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\offline.htm.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\overlay.html.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\pap.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\passwordProtection.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\plugins.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\ras.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\rescueDisk.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\scans.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\search.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\secureDns.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\sensitiveData.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\settings.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\shields.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\smartScan.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\software.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteComponents.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteInternal.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgFlags.css.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgInline.svg.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\system.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\threat.ogg.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\tuneup.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\update.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\updatefile.json.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\virusChest.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\gui_resources\default_av\webCam.js.ipending.af551dba.lzma
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.af551dba
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDirectory created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.af551dba
Source: Violated Heroine_91zbZ-1.exeStatic PE information: certificate valid
Source: Violated Heroine_91zbZ-1.exeStatic file information: File size 14472936 > 1048576
Source: Violated Heroine_91zbZ-1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_mod.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ms.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E09000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000499D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2493883768.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2493883768.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fa.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048C5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D31000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478477478.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478477478.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdate_unsigned.pdb source: NortonBrowserUpdate.exe
Source: Binary string: NortonBrowserUpdateBroker_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003746000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004286000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lt.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DE7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004970000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2490418694.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ru.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E59000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049ED000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2496159014.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_el.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004880000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CEB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476857851.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476857851.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_tr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A55000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501103051.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501103051.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_de.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CEC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004874000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476651734.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476651734.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000034E1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000003FF4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserCrashHandler.exe, 0000001B.00000000.2545010535.000000000058D000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: NortonBrowserUpdateCore_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.00000000033E0000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000476B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserCrashHandler64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bg.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000483B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CB3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475582944.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_mr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004991000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DFD000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2493475415.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_gu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D6A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479580724.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479580724.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_th.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2500834473.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A0F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497496136.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497496136.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\8b0ebd312dc47f30\projects\avast\microstub\x86\Release\microstub.pdb source: avg_antivirus_free_setup.exe, 00000006.00000000.2322480648.0000000000C43000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3617009543.0000000000C43000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: psmachine_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus_ui.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\SaBsi.pdb source: saBSI.exe, 00000005.00000000.2296059937.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: psuser_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb^ source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004342000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002FF4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474541874.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474848155.0000000000C66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdbT source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_am.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003C98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004820000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475030267.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_lv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DF2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000497A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2492849993.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ta.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EA9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A32000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2499957932.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2499957932.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_cs.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CC9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000485D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476242242.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476242242.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdate_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000405D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003549000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D76000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048FE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479968395.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es-419.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D19000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048AE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478091284.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478018164.0000000000C66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: G:\QBITTORRENT\build-qbittorrent442-Qt5_msvc2017_x32-Release\src\release\qbittorrent.pdb source: qbittorrent.exe, 0000000B.00000000.2414929382.0000000002446000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\AvBugReport.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mi_exe_stub.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000002.3600766091.0000000000088000.00000002.00000001.01000000.0000001C.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000000.2436861066.0000000000088000.00000002.00000001.01000000.0000001C.sdmp
Source: Binary string: goopdateres_unsigned_pt-BR.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049CB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E37000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495227578.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494934270.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495137205.0000000000C66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000490A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D76000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480281407.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480281407.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_id.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D8D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004921000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481048207.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481048207.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-TW.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002EF9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000002.3608511949.0000000000EBE000.00000004.00000010.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A8D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2509349895.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2508901358.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2509610341.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\icarus.pdb} source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned.pdbX source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A26000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498075278.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2498075278.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_it.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004937000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DA3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484244508.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2484244508.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pt-PT.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003E4E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049D6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495504178.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495593249.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495345108.0000000000C57000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateOnDemand_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000037A3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000042E4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: npNortonBrowserUpdate3_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000036B2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000041E7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2518582655.0000000000C2F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2518506993.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_vi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A77000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EEF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2502196164.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_bn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004846000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CBE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475801735.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ja.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DC6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000494F000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sv.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E87000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A1B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497865099.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_es.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D0E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048A2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477584269.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477584269.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_is.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000492C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481663243.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2481663243.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_uk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A60000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002ECC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501524873.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501524873.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ro.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E4E000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049E2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2495773676.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fr.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D53000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048E7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479301927.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ca.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CC9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004852000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476037558.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476037558.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_nl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049A9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003E20000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494286780.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494286780.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ko.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004964000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DDC000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489747943.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_et.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D31000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048B9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2478268975.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_iw.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DAF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004943000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488274893.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2488274893.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ur.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A6B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EE3000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501797298.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2501797298.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_te.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EB5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A3D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_no.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E20000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049B4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494540665.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494540665.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x86\icarus_sfx.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000000.2379931092.0000000000974000.00000002.00000001.01000000.00000016.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000002.3603645766.0000000000974000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: goopdateres_unsigned_fil.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D53000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048DB000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2479063423.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_pl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003E37000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049BF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494786953.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2494786953.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateComRegisterShell64_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004342000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002FF4000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474541874.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2474848155.0000000000C66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en-GB.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004897000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D03000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477195755.0000000000C57000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477346662.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000002.3608418626.0000000000960000.00000002.00000001.00040000.00000040.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477408904.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_fi.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D48000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000048D0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ml.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004985000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2493178150.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psuser_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sk.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003E71000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.00000000049F9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2496771405.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2496771405.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_hu.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004915000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D8D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2480584132.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: NortonBrowserUpdateWebPlugin_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004342000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002FF4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdbM source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_en.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000488B000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477070361.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2477070361.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_da.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004869000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CE1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476434801.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2476434801.0000000000C65000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\BUILD\work\b1fc704878a8d844\BUILDS\Release\x64\avDump.pdb source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psmachine_unsigned_64.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_ar.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004830000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475244894.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2475244894.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_sl.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003E7C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A04000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497263333.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2497263333.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_zh-CN.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A82000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002EEE000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2507294758.0000000000C66000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2502915324.0000000000C56000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2508549479.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: goopdateres_unsigned_kn.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DC5000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004959000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489288098.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2489288098.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: acuapi_unsigned.pdb source: NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.00000000038C1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000440C000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdate.exe, 0000000E.00000003.2516265632.0000000000C56000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00382B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,5_2_00382B30
Source: Violated Heroine_91zbZ-1.exeStatic PE information: section name: .didata
Source: Violated Heroine_91zbZ-1.tmp.0.drStatic PE information: section name: .didata
Source: qbittorrent.exe.1.drStatic PE information: section name: .qtmetad
Source: qbittorrent.exe.1.drStatic PE information: section name: .qtmimed
Source: saBSI.exe.1.drStatic PE information: section name: .didat
Source: avg_antivirus_free_setup.exe.1.drStatic PE information: section name: .didat
Source: installer.exe.5.drStatic PE information: section name: _RDATA
Source: avg_antivirus_free_online_setup.exe.6.drStatic PE information: section name: .didat
Source: icarus_ui.exe.8.drStatic PE information: section name: _RDATA
Source: dump_process.exe.8.drStatic PE information: section name: .didat
Source: dump_process.exe.8.drStatic PE information: section name: _RDATA
Source: bug_report.exe.8.drStatic PE information: section name: _RDATA
Source: icarus.exe.8.drStatic PE information: section name: .didat
Source: icarus.exe.8.drStatic PE information: section name: _RDATA
Source: NortonBrowserUpdateComRegisterShell64.exe.13.drStatic PE information: section name: _RDATA
Source: acuapi_64.dll.13.drStatic PE information: section name: _RDATA
Source: psmachine.dll.13.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.13.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.13.drStatic PE information: section name: _RDATA
Source: psuser.dll.13.drStatic PE information: section name: .orpc
Source: psuser_64.dll.13.drStatic PE information: section name: .orpc
Source: psuser_64.dll.13.drStatic PE information: section name: _RDATA
Source: NortonBrowserCrashHandler64.exe.13.drStatic PE information: section name: _RDATA
Source: acuapi_64.dll.14.drStatic PE information: section name: _RDATA
Source: NortonBrowserCrashHandler64.exe.14.drStatic PE information: section name: _RDATA
Source: NortonBrowserUpdateComRegisterShell64.exe.14.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003B8DDB push ecx; ret 5_2_003B8DEE
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003E7CFD push ecx; ret 5_2_003E7D12
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C31396 push ecx; ret 6_2_00C313A9
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00915A4C push ecx; ret 8_2_00915A5F
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_000864C6 push ecx; ret 13_2_000864D9
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: 14_2_009B42F6 push ecx; ret 14_2_009B4309
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: 19_2_003942F6 push ecx; ret 19_2_00394309

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u6_2_00C2A100
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_0090C0E0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u8_2_0090BAA0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_0090BD80
Possible COM Object hijacking
Source: c:\program files\mcafee\webadvisor\x64\wssdep.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{21cbfec0-e728-420c-b4a4-a58ad2089aba}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{93d643dc-f504-42e2-ae1c-14b2e116db0c}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{eeb05560-ec9e-4ec0-b1ee-14b05ff48650}\inprocserver32
Source: c:\program files (x86)\norton\browser\update\1.8.1649.5\psmachine_64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{688a291b-6132-43d5-b94b-a62949e22961}\inprochandler32
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.af551dbaJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\reboot.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.af551dbaJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\taskmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dllJump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeFile created: C:\Users\user\AppData\Local\Temp\{D7DA69EE-8493-43EF-962E-703A105C1C7B}-NortonBrowserInstaller.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\inetc.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserCrashHandler.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\psuser_64.dllJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\thirdparty.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uninstaller.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.af551dbaJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\settingmanager.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeFile created: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\psmachine.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Users\user\AppData\Local\Temp\mwa4EA9.tmpJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\psuser.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\servicehost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\jsisdl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\jsis.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\nsJSON.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\browserhost.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\zbShieldUtils.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\sciterui.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\AccessControl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus_mod.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdate.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\updater.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uimanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\acuapi.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\uihost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\installer.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\resource.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\logicmodule.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeFile created: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\Midex.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.af551dbaJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\resource.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeFile created: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeFile created: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus_ui.exeJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus_mod.dllJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\bug_report.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeFile created: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeFile created: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C252F0 InterlockedExchange,GetCurrentProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CreateMutexW,GetLastError,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,InterlockedExchange,CoInitializeEx,CoCreateInstance,CoUninitialize,InterlockedExchange,GetLastError,InterlockedExchange,MessageBoxExW,wsprintfW,wsprintfW,MessageBoxExW,InterlockedExchange,InterlockedExchange,CreateThread,CloseHandle,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,wsprintfW,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,MoveFileExW,MoveFileExW,GetDiskFreeSpaceExW,InterlockedExchange,InterlockedExchange,MessageBoxExW,InterlockedExchange,GetLastError,InterlockedExchange,wsprintfW,wsprintfW,MessageBoxExW,CloseHandle,CreateFileW,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,GetLastError,InterlockedExchange,InterlockedExchange,CreateProcessW,InterlockedExchange,GetLastError,InterlockedExchange,AllowSetForegroundWindow,ResumeThread,InterlockedExchange,GetLastError,InterlockedExchange,PostMessageW,WaitForSingleObject,GetExitCodeProcess,InterlockedExchange,InterlockedExchange,InterlockedExchange,CloseHandle,CloseHandle,CloseHandle,_wcsrchr,_wcsrchr,CreateHardLinkW,CopyFileW,ReleaseMutex,CloseHandle,___delayLoadHelper2@8,6_2_00C252F0
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676542374 SHGetFolderPathW,_invalid_parameter_noinfo_noreturn,GetPrivateProfileStringW,_Init_thread_footer,21_2_00007FF676542374
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676535414 GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileStringW,GetPrivateProfileIntW,21_2_00007FF676535414
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-cs-CZ.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-da-DK.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-de-DE.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-el-GR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-en-US.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-es-ES.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-es-MX.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-fi-FI.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-fr-CA.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-fr-FR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-hr-HR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-hu-HU.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-it-IT.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-ja-JP.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-ko-KR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-nb-NO.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-nl-NL.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-pl-PL.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-pt-BR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-pt-PT.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-ru-RU.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-sk-SK.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-sr-Latn-CS.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-sv-SE.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-tr-TR.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-zh-CN.txt
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeFile created: C:\Program Files\McAfee\Temp2112252202\jslang\eula-zh-TW.txt

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u6_2_00C2A100
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_0090C0E0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u8_2_0090BAA0
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,_strncpy,CloseHandle, \\.\PhysicalDrive%u8_2_0090BD80
Creates an undocumented autostart registry key
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00370540 EnterCriticalSection,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LeaveCriticalSection,5_2_00370540
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Checks if the current machine is a virtual machine (disk enumeration)
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
Found evasive API chain checking for user administrative privileges
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNode
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_DiskDrive
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_LogicalDisk
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_VideoController
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeSystem information queried: FirmwareTableInformation
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2746430725.00000000058DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2746430725.00000000058DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <PATH>%PRODUCT_INST_32%\ASWHOOKX.DLL</PATH>
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2746430725.00000000058DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_32%/ASWHOOK.DLL</DEST>
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2746430725.00000000058DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <DEST>%PRODUCT_INST_64%/ASWHOOK.DLL</DEST>
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 14360000000 memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 13B5FEC0000 memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 14360240000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 14360330000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 14360370000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 143708D0000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 14370A50000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 14370AB0000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 14370B10000 memory commit | memory reserve | memory write watch
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeMemory allocated: 14370B50000 memory commit | memory reserve | memory write watch
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware ToolsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008BE150 rdtsc 8_2_008BE150
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00344C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00344C8E
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_common.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\reboot.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.af551dbaJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\taskmanager.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dllJump to dropped file
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{D7DA69EE-8493-43EF-962E-703A105C1C7B}-NortonBrowserInstaller.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\bug_report.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\browserhost.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\zbShieldUtils.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\npNortonBrowserUpdate3.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\aswOfferTool.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\psuser_64.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\thirdparty.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dllJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\bug_report.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\sciterui.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\acuapi_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\AccessControl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dllJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus_mod.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uninstaller.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdate.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\settingmanager.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.af551dbaJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\psmachine.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mwa4EA9.tmpJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\updater.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uimanager.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\acuapi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.af551dbaJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\uihost.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_product.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\psuser.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\dump_process.exeJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\dump_process.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dllJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\jsisdl.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\jsis.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\resource.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exeJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\logicmodule.dllJump to dropped file
Source: C:\Program Files\McAfee\Temp2112252202\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\Midex.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\psmachine_64.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateCore.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\nsJSON.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.af551dbaJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateWebPlugin.exeJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeDropped PE file which has not been started: C:\Windows\System32\icarus_rvrt.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exeDropped PE file which has not been started: C:\Program Files\McAfee\Temp2112252202\resource.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\JsisPlugins.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_ui.exeJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dllJump to dropped file
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_product.dllJump to dropped file
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeDropped PE file which has not been started: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_rvrt.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeDropped PE file which has not been started: C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeAPI coverage: 6.2 %
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeAPI coverage: 9.8 %
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp TID: 6836Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp TID: 6868Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp TID: 6868Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe TID: 3912Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe TID: 2196Thread sleep time: -60000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 6128Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 2664Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 2912Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe TID: 5544Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\McAfee\Temp2112252202\installer.exe TID: 3676Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exe TID: 2212Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeWMI Queries: IWbemServices::ExecQuery - Root\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile Volume queried: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_00405B6C CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405B6C
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_004028D5 FindFirstFileW,7_2_004028D5
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeCode function: 7_2_0040679D FindFirstFileW,FindClose,7_2_0040679D
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008B6F60 FindFirstFileExW,GetLastError,PathMatchSpecW,FindNextFileW,GetLastError,FindClose,UnlockFileEx,8_2_008B6F60
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008AE180 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,SetLastError,8_2_008AE180
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008B4590 FindFirstFileW,FindNextFileW,FindClose,GetFileAttributesW,GetFileAttributesW,SetFileAttributesW,RemoveDirectoryW,Sleep,GetFileAttributesW,8_2_008B4590
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008E0AC0 FindFirstFileW,MoveFileExW,GetLastError,FindNextFileW,GetFileAttributesW,GetLastError,MoveFileExW,GetLastError,FindClose,8_2_008E0AC0
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: 14_2_009AD963 FindFirstFileExW,FindNextFileW,FindClose,FindClose,14_2_009AD963
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: 19_2_0038D963 FindFirstFileExW,FindNextFileW,FindClose,FindClose,19_2_0038D963
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF67656F014 FindFirstFileExW,21_2_00007FF67656F014
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003A2782 VirtualQuery,GetSystemInfo,5_2_003A2782
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extractJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: qbittorrent.exe, 0000000B.00000002.3605189670.0000000000D49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
Source: norton_secure_browser_setup.exe, 00000007.00000003.2390728996.00000000008CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: NortonBrowserUpdate.exe, 0000000E.00000002.3613852772.0000000000C41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.000000000087F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}F6<1
Source: qbittorrent.exe, 0000000B.00000000.2415687688.0000000002511000.00000008.00000001.01000000.00000018.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@8"
Source: norton_secure_browser_setup.exe, 00000007.00000003.2380374269.00000000008D5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: en_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2384128654.0000000002DEF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:y
Source: avg_antivirus_free_setup.exe, 00000006.00000003.2375143923.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2987359293.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986892605.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3610572242.00000000009B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW3
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2380415023.0000000002DCD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:w
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000831000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.000000000082D000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000831000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2326300261.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2326300261.00000000033D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3605451288.0000000000938000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: NortonBrowserUpdate.exe, 0000000E.00000002.3613852772.0000000000C41000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2384412289.0000000002DD9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:me
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3406368684.0000000003592000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Sending report, Status: 3 Data: {"table":"zb_analytics","data":"{\"0\":\"\",\"1\":\"9e146be9-c76a-4720-bcdb-53011b87bd06\",\"2\":\"20241223131359\",\"3\":\"Zayats\",\"4\":\"Games4Win\",\"5\":\"Violated Heroine\",\"18\":\"\",\"19\":\"noChGroupx1\",\"21\":\"gamefabrique\",\"6\":\"3\",\"7\":\"2.40.1.8919\",\"15\":0,\"22\":\"Violated Heroine\",\"10\":1}"},\"6}\\brand\\PRFG","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRFI","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRFK","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUC","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUG","Google\\Update\\ClientState\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\brand\\PRUI"],"cp":"https://www.avast.com/privacy","ctu":"https://www.avast.com/eula","ov":61,"cbfo":true,"pv":"1.32","v":3}},{"ad":{"n":"","f":"ZB_RAV_Cross_Tri_NCB","o":"RAV_Cross"},"ps":{"i":"RAV_Triple_NCB/images/DOTPS-855/EN.png","dn":"RAV, VPN by RAV, Online Security, Safer Web","u":"https://shield.reasonsecurity.com/rsStubActivator.exe","p":"-ip:\"dui={userid}&dit={sessionid}&is_silent=true&oc={of}&p={pubid}&a=100&b={ispb}&se=true\" -vp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100&oip=26&ptl=7&dta=true\" -dp:\"dui={userid}&dit={sessionid}&oc={of}&p={pubid}&a=100\" -i -v -d -se=true","r":["ReasonVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonVPN","RAVVPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\RAVVPN","ReasonLabs\\VPN","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-VPN","ReasonSaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonSaferWeb","SaferWeb","Microsoft\\Windows\\CurrentVersion\\Uninstall\\SaferWeb","ReasonLabs\\DNS","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-DNS","ReasonUP","RAVAntivirus","Reason\\Reason Antivirus","ReasonLabs\\EPP","Microsoft\\Windows\\CurrentVersion\\Uninstall\\ReasonLabs-EPP","VMware, Inc."],"rvd":["HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment\\PROCESSOR_ARCHITECTURE\\ARM64"],"cmdu":[{"utr":"HKEY_CLASSES_ROOT","utk":"ReasonPersistentStorage","utvn":"AvUninstallTime","utvt":"SZ","umd":30,"utms":true}],"cp":"https://reasonlabs.com/policies","ctu":"https://reasonlabs.com/policies","win64":true,"pv":"1.26","disk":450,"fe":["{commonpf64}\\ReasonLabs\\EPP\\InstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstallerLib.dll","{commonpf64}\\RAVAntivirus\\AntivirusInstaller.exe"],"ov":100,"cbfo":true,"x":10,"v":1}}],"c":""}3~
Source: Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.U
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2384942729.0000000002DF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: norton_secure_browser_setup.exe, 00000007.00000003.2390728996.00000000008CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: E#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2381074142.0000000002DDD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 3-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_
Source: avg_antivirus_free_online_setup.exe, 00000008.00000003.2385033934.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385754238.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385205908.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385964492.0000000002DF7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: qbittorrent.exe, 0000000B.00000000.2415687688.0000000002511000.00000008.00000001.01000000.00000018.sdmpBinary or memory string: .?AVQEmulationPaintEngine@@
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeAPI call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008BE150 rdtsc 8_2_008BE150
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003D70B4 IsDebuggerPresent,OutputDebugStringW,5_2_003D70B4
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00355204 RegOpenKeyExW,RegQueryValueExW,SetLastError,RegCloseKey,RegCloseKey,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,LoadLibraryExW,GetLastError,5_2_00355204
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00344C8E GetCurrentProcessId,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,5_2_00344C8E
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003E7BC0 VirtualProtect ?,-00000001,00000104,?,?,?,0000001C5_2_003E7BC0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_00382B30 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,FreeLibrary,GetLastError,5_2_00382B30
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003CE8FE mov eax, dword ptr fs:[00000030h]5_2_003CE8FE
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003D7C6A mov eax, dword ptr fs:[00000030h]5_2_003D7C6A
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003D7CAE mov eax, dword ptr fs:[00000030h]5_2_003D7CAE
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003D7CF2 mov eax, dword ptr fs:[00000030h]5_2_003D7CF2
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003D7D23 mov eax, dword ptr fs:[00000030h]5_2_003D7D23
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C37C5A mov eax, dword ptr fs:[00000030h]6_2_00C37C5A
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00958F06 mov eax, dword ptr fs:[00000030h]8_2_00958F06
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00958F4A mov eax, dword ptr fs:[00000030h]8_2_00958F4A
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_009535B7 mov ecx, dword ptr fs:[00000030h]8_2_009535B7
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_0007D630 mov eax, dword ptr fs:[00000030h]13_2_0007D630
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_000787D6 mov ecx, dword ptr fs:[00000030h]13_2_000787D6
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: 14_2_009ABEA8 mov ecx, dword ptr fs:[00000030h]14_2_009ABEA8
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: 14_2_009AD651 mov eax, dword ptr fs:[00000030h]14_2_009AD651
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: 19_2_0038D651 mov eax, dword ptr fs:[00000030h]19_2_0038D651
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: 19_2_0038BEA8 mov ecx, dword ptr fs:[00000030h]19_2_0038BEA8
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_0034463F GetProcessHeap,5_2_0034463F
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003B9018 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_003B9018
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003B93F2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_003B93F2
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003BD453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_003BD453
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003B9586 SetUnhandledExceptionFilter,5_2_003B9586
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C310FF IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00C310FF
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C31292 SetUnhandledExceptionFilter,6_2_00C31292
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C313AB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00C313AB
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C34476 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00C34476
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_0093EE56 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0093EE56
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00915168 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00915168
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00915C80 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00915C80
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_00075A10 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,13_2_00075A10
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_0007BCC4 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_0007BCC4
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_0007557C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_0007557C
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeCode function: 13_2_00075710 SetUnhandledExceptionFilter,13_2_00075710
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: 14_2_009A7D01 SetUnhandledExceptionFilter,14_2_009A7D01
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: 14_2_009A7A48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_009A7A48
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: 14_2_009AB7EE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_009AB7EE
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeCode function: 14_2_009A7B6A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,14_2_009A7B6A
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: 19_2_00387D01 SetUnhandledExceptionFilter,19_2_00387D01
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: 19_2_00387A48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,19_2_00387A48
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: 19_2_00387B6A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_00387B6A
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeCode function: 19_2_0038B7EE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,19_2_0038B7EE
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676558FE8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_00007FF676558FE8
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676551708 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_00007FF676551708
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676551CA0 SetUnhandledExceptionFilter,21_2_00007FF676551CA0
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676551ABC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_00007FF676551ABC

HIPS / PFW / Operating System Protection Evasion

barindex
Contains functionality to prevent local Windows debugging
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676549FFC OutputDebugStringA,WaitForSingleObject,InitializeCriticalSection,EnterCriticalSection,SetFilePointer,WriteFile,ReleaseMutex,LeaveCriticalSection,IsDebuggerPresent,DebugBreak,GetCurrentProcess,TerminateProcess,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,21_2_00007FF676549FFC
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=USJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vUJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe "C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe "C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /ga_clientid:572539a1-d07f-4197-bf4d-89a74f87a492 /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2cJump to behavior
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezE5NzhDRURELUY2RUQtNDc4Qy05RDhDLTgzMTA0OEQ5REY4MH0iIHVzZXJpZD0iezBFMTk2MDUwLURBNzAtNEQyRi04MkE1LUIxQUYyOURDNjRFRn0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyMyIgbWFjaGluZWlkPSJ7MDAwMDlEOTYtNkFDQS0yQzI0LTk0MDgtMTRBMDU2NEZENUJDfSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezczRTFDMDhDLTNBMzQtNDVCNi04OTY1LTZDMEZFQzlFMDgwRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjUzOCIvPjwvYXBwPjwvcmVxdWVzdD4
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{1978CEDD-F6ED-478C-9D8C-831048D9DF80}" /silent
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6692 -ip 6692
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 964
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6692 -ip 6692
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 2604
Source: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av_slave_ep_f4b941a1-dca3-4c7d-a54f-a0d09edff664 /slave:avg-av
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av-vps_slave_ep_af387ac7-fcda-4980-9da1-7e333e1d25e3 /slave:avg-av-vps
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hwbbk24uxiaw3megmz4i1zgkfngvwjinowbsvhoayde41jkzqabkrq9dkr7twdbrpytz31vu /cookie:mmm_irs_ppi_902_451_o /ga_clientid:572539a1-d07f-4197-bf4d-89a74f87a492 /edat_dir:c:\windows\temp\asw.7a5bfd1c0a21df2c
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum4aa6.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ieze5nzhdrureluy2ruqtndc4qy05rdhdltgzmta0oeq5rey4mh0iihvzzxjpzd0iezbfmtk2mduwlurbnzatneqyri04mke1luixquyyourdnjrfrn0iihvzzxjpzf9kyxrlpsiymdi0mtiymyigbwfjagluzwlkpsj7mdawmdleotytnkfdqs0yqzi0ltk0mdgtmtrbmdu2nezenujdfsigbwfjagluzwlkx2rhdgu9ijiwmjqxmjiziibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0iezczrtfdmdhdltnbmzqtndvcni04oty1ltzdmezfqzlfmdgwrn0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0injuzocivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{1978cedd-f6ed-478c-9d8c-831048d9df80}" /silent
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe c:\windows\temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\icarus-info.xml /install /silent /ws /psh:92ptu5hwbbk24uxiaw3megmz4i1zgkfngvwjinowbsvhoayde41jkzqabkrq9dkr7twdbrpytz31vu /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe c:\windows\temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe /silent /ws /psh:92ptu5hwbbk24uxiaw3megmz4i1zgkfngvwjinowbsvhoayde41jkzqabkrq9dkr7twdbrpytz31vu /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av_slave_ep_f4b941a1-dca3-4c7d-a54f-a0d09edff664 /slave:avg-av
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe c:\windows\temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe /silent /ws /psh:92ptu5hwbbk24uxiaw3megmz4i1zgkfngvwjinowbsvhoayde41jkzqabkrq9dkr7twdbrpytz31vu /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av-vps_slave_ep_af387ac7-fcda-4980-9da1-7e333e1d25e3 /slave:avg-av-vps
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeProcess created: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe "c:\windows\temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92ptu5hwbbk24uxiaw3megmz4i1zgkfngvwjinowbsvhoayde41jkzqabkrq9dkr7twdbrpytz31vu /cookie:mmm_irs_ppi_902_451_o /ga_clientid:572539a1-d07f-4197-bf4d-89a74f87a492 /edat_dir:c:\windows\temp\asw.7a5bfd1c0a21df2cJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe nortonbrowserupdatesetup.exe /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"Jump to behavior
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe c:\windows\temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe /icarus-info-path:c:\windows\temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\icarus-info.xml /install /silent /ws /psh:92ptu5hwbbk24uxiaw3megmz4i1zgkfngvwjinowbsvhoayde41jkzqabkrq9dkr7twdbrpytz31vu /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492
Source: C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exeProcess created: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe "c:\program files (x86)\gum4aa6.tmp\nortonbrowserupdate.exe" /silent /install "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome"
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /ping pd94bwwgdmvyc2lvbj0ims4wiiblbmnvzgluzz0ivvrgltgipz48cmvxdwvzdcbwcm90b2nvbd0imy4wiib1cgrhdgvypsjpbwfoysigb21hagfpzd0iezu4mzdcmue1lui3mketndu2qs1cmdlgluy2odbfoufcnuuwmn0iihvwzgf0zxj2zxjzaw9upsixljgumty0os41iibzagvsbf92zxjzaw9upsixljgumty0os41iibpc21hy2hpbmu9ijeiiglzx29tywhhnjriaxq9ijaiiglzx29znjriaxq9ijeiihnlc3npb25pzd0ieze5nzhdrureluy2ruqtndc4qy05rdhdltgzmta0oeq5rey4mh0iihvzzxjpzd0iezbfmtk2mduwlurbnzatneqyri04mke1luixquyyourdnjrfrn0iihvzzxjpzf9kyxrlpsiymdi0mtiymyigbwfjagluzwlkpsj7mdawmdleotytnkfdqs0yqzi0ltk0mdgtmtrbmdu2nezenujdfsigbwfjagluzwlkx2rhdgu9ijiwmjqxmjiziibpbnn0ywxsc291cmnlpsjvdghlcmluc3rhbgxjbwqiihrlc3rzb3vyy2u9imf1dg8iihjlcxvlc3rpzd0iezczrtfdmdhdltnbmzqtndvcni04oty1ltzdmezfqzlfmdgwrn0iigrlzhvwpsjjciigzg9tywluam9pbmvkpsiwij48ahcgcgh5c21lbw9yet0iocigc3nlpsixiibzc2uypsixiibzc2uzpsixiibzc3nlmz0imsigc3nlnde9ijeiihnzztqypsixiibhdng9ijeilz48b3mgcgxhdgzvcm09indpbiigdmvyc2lvbj0imtaumc4xota0ns4ymda2iibzcd0iiibhcmnopsj4njqilz48yxbwigfwcglkpsj7ntgzn0ixqtutqjcyqs00ntzbluiwouytrjy4meu5qui1rtayfsigdmvyc2lvbj0iiibuzxh0dmvyc2lvbj0ims44lje2ndkunsigbgfuzz0izw4tr0iiigjyyw5kpsiyotizosigy2xpzw50psiipjxldmvudcbldmvudhr5cgu9ijiiigv2zw50cmvzdwx0psixiiblcnjvcmnvzgu9ijaiigv4dhjhy29kzte9ijaiigluc3rhbgxfdgltzv9tcz0injuzocivpjwvyxbwpjwvcmvxdwvzdd4
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeProcess created: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe "c:\program files (x86)\norton\browser\update\nortonbrowserupdate.exe" /handoff "bundlename=norton private browser&appguid={3a3642e6-de46-4f68-9887-aa017eefe426}&appname=norton private browser&needsadmin=true&lang=en-gb&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{1978cedd-f6ed-478c-9d8c-831048d9df80}" /silent
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe c:\windows\temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe /silent /ws /psh:92ptu5hwbbk24uxiaw3megmz4i1zgkfngvwjinowbsvhoayde41jkzqabkrq9dkr7twdbrpytz31vu /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av_slave_ep_f4b941a1-dca3-4c7d-a54f-a0d09edff664 /slave:avg-av
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeProcess created: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe c:\windows\temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe /silent /ws /psh:92ptu5hwbbk24uxiaw3megmz4i1zgkfngvwjinowbsvhoayde41jkzqabkrq9dkr7twdbrpytz31vu /cookie:mmm_irs_ppi_902_451_o /edat_dir:c:\windows\temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av-vps_slave_ep_af387ac7-fcda-4980-9da1-7e333e1d25e3 /slave:avg-av-vps
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: 21_2_00007FF676537650 GetSecurityDescriptorDacl,InitializeSecurityDescriptor,GetAclInformation,SetSecurityDescriptorDacl,_invalid_parameter_noinfo,21_2_00007FF676537650
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_00890570 AllocateAndInitializeSid,GetLengthSid,LocalAlloc,CopySid,LocalAlloc,InitializeAcl,AddAce,TreeResetNamedSecurityInfoW,SetLastError,8_2_00890570
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003B9215 cpuid 5_2_003B9215
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_003D45DA
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_003DC907
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_003DC952
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_003DC9ED
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_003DCA80
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_003DCCE0
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_003DCE06
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoW,5_2_003DCF0C
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_003DCFDB
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: GetLocaleInfoEx,5_2_003B7E28
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: EnumSystemLocalesW,5_2_003D3F6D
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,8_2_0095C039
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,8_2_0095C20E
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: GetLocaleInfoW,8_2_00958C33
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_0095BB82
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_0095BB37
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: EnumSystemLocalesW,8_2_0095BC1D
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: GetLocaleInfoW,21_2_00007FF676573004
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,21_2_00007FF676572904
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,21_2_00007FF676572DB8
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: GetLocaleInfoW,21_2_00007FF67656C6F0
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,21_2_00007FF676573338
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: EnumSystemLocalesW,21_2_00007FF676572C50
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: EnumSystemLocalesW,21_2_00007FF676572D20
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,21_2_00007FF67657315C
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: GetLocaleInfoW,21_2_00007FF67657320C
Source: C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exeCode function: EnumSystemLocalesW,21_2_00007FF67656C26C
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\WebAdvisor.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\AVG_AV.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\AVG_BRW.png VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\finish.png VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeQueries volume information: C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\event_manager.log VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exeQueries volume information: C:\ProgramData\AVG\Icarus\Logs\icarus.log VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeCode function: 5_2_003D4619 GetSystemTimeAsFileTime,5_2_003D4619
Source: C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exeCode function: 8_2_008C5950 __Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetSystemInfo,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetUserDefaultUILanguage,GetTimeZoneInformation,8_2_008C5950
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exeCode function: 6_2_00C241B0 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,GetVersionExA,GetNativeSystemInfo,wsprintfA,wsprintfA,lstrcatA,lstrlenA,6_2_00C241B0
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Modifies the windows firewall
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe "qBittorrent" ENABLE
Uses netsh to modify the Windows network and firewall settings
Source: C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmpProcess created: C:\Windows\SysWOW64\netsh.exe "netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe "qBittorrent" ENABLE
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 BlobJump to behavior
Source: C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NortonBrowserUpdate.exe DisableExceptionChainValidation

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\search.json.mozlz4Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
Source: C:\Program Files\McAfee\WebAdvisor\servicehost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
1
Software		Acquire Infrastructure1
Valid Accounts		521
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		23
Disable or Modify Tools		1
OS Credential Dumping		2
System Time Discovery		Remote Services11
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomains1
Replication Through Removable Media		12
Native API		1
Image File Execution Options Injection		1
Image File Execution Options Injection		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol1
Browser Session Hijacking		Junk DataExfiltration Over Bluetooth1
System Shutdown/Reboot
Email AddressesDNS ServerDomain Accounts13
Command and Scripting Interpreter		1
Component Object Model Hijacking		1
Component Object Model Hijacking		2
Obfuscated Files or Information		Security Account Manager11
Peripheral Device Discovery		SMB/Windows Admin Shares1
Data from Local System		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Scheduled Task/Job		1
Valid Accounts		1
Valid Accounts		1
Software Packing		NTDS4
File and Directory Discovery		Distributed Component Object Model2
Clipboard Data		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Windows Service		11
Access Token Manipulation		1
DLL Side-Loading		LSA Secrets168
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Scheduled Task/Job		1
Windows Service		1
File Deletion		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd Timers1
Registry Run Keys / Startup Folder		111
Process Injection		33
Masquerading		DCSync8101
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration Job1
Bootkit		1
Scheduled Task/Job		1
Valid Accounts		Proc Filesystem47
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt1
Registry Run Keys / Startup Folder		1
Modify Registry		/etc/passwd and /etc/shadow2
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron47
Virtualization/Sandbox Evasion		Network Sniffing2
System Owner/User Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
Access Token Manipulation		Input Capture1
Remote System Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task111
Process Injection		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
Bootkit		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1580037 Sample: Violated Heroine_91zbZ-1.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 68 190 Malicious sample detected (through community Yara rule) 2->190 192 Antivirus / Scanner detection for submitted sample 2->192 194 Multi AV Scanner detection for submitted file 2->194 196 10 other signatures 2->196 11 Violated Heroine_91zbZ-1.exe 2 2->11         started        14 NortonBrowserUpdate.exe 2->14         started        18 servicehost.exe 2->18         started        20 5 other processes 2->20 process3 dnsIp4 132 C:\Users\...\Violated Heroine_91zbZ-1.tmp, PE32 11->132 dropped 22 Violated Heroine_91zbZ-1.tmp 5 32 11->22         started        182 23.193.114.32 AKAMAI-ASUS United States 14->182 134 {D7DA69EE-8493-43E...rowserInstaller.exe, PE32+ 14->134 dropped 218 Query firmware table information (likely to detect VMs) 14->218 184 2.19.198.34 AKAMAI-ASUS European Union 18->184 220 Tries to harvest and steal browser information (history, passwords, etc) 18->220 186 23.218.208.109 AS6453US United States 20->186 188 127.0.0.1 unknown unknown 20->188 26 WerFault.exe 20->26         started        28 NortonBrowserUpdate.exe 20->28         started        30 NortonBrowserCrashHandler.exe 20->30         started        32 4 other processes 20->32 file5 signatures6 process7 dnsIp8 168 18.161.108.174 MIT-GATEWAYSUS United States 22->168 106 C:\Users\user\AppData\...\qbittorrent.exe, PE32 22->106 dropped 108 C:\Users\...\norton_secure_browser_setup.exe, PE32 22->108 dropped 110 C:\Users\...\avg_antivirus_free_setup.exe, PE32 22->110 dropped 112 9 other files (7 malicious) 22->112 dropped 34 avg_antivirus_free_setup.exe 1 3 22->34         started        39 saBSI.exe 11 8 22->39         started        41 norton_secure_browser_setup.exe 14 93 22->41         started        43 4 other processes 22->43 file9 process10 dnsIp11 154 172.217.19.206 GOOGLEUS United States 34->154 156 34.117.223.223 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 34->156 158 184.30.25.22 AKAMAI-ASUS United States 34->158 94 C:\...\avg_antivirus_free_online_setup.exe, PE32 34->94 dropped 202 Query firmware table information (likely to detect VMs) 34->202 204 Contains functionality to infect the boot sector 34->204 45 avg_antivirus_free_online_setup.exe 34->45         started        166 4 other IPs or domains 39->166 96 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 39->96 dropped 206 Writes many files with high entropy 39->206 50 installer.exe 39->50         started        160 104.20.87.8 CLOUDFLARENETUS United States 41->160 98 C:\Users\...98ortonBrowserUpdateSetup.exe, PE32 41->98 dropped 100 C:\Users\user\AppData\...\thirdparty.dll, PE32 41->100 dropped 102 C:\Users\user\AppData\Local\...\sciterui.dll, PE32 41->102 dropped 104 9 other files (none is malicious) 41->104 dropped 208 Tries to harvest and steal browser information (history, passwords, etc) 41->208 210 Checks if the current machine is a virtual machine (disk enumeration) 41->210 52 NortonBrowserUpdateSetup.exe 41->52         started        162 13.89.179.12 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 43->162 164 20.189.173.20 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 43->164 54 conhost.exe 43->54         started        file12 signatures13 process14 dnsIp15 180 23.195.61.79 AKAMAI-ASUS United States 45->180 136 C:\Windows\Temp\...\icarus.exe, PE32+ 45->136 dropped 138 C:\Windows\Temp\...\setupui.cont, XZ 45->138 dropped 140 C:\...\dc2653ef-52bd-45ad-9763-a50198c51c87, LZMA 45->140 dropped 148 9 other files (5 malicious) 45->148 dropped 222 Query firmware table information (likely to detect VMs) 45->222 224 Contains functionality to infect the boot sector 45->224 226 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 45->226 56 icarus.exe 45->56         started        142 C:\Program Files\McAfee\...\installer.exe, PE32+ 50->142 dropped 144 C:\Program Files\McAfee\...\wssdep.cab, Microsoft 50->144 dropped 150 15 other files (14 malicious) 50->150 dropped 228 Writes a notice file (html or txt) to demand a ransom 50->228 230 Writes many files with high entropy 50->230 61 installer.exe 50->61         started        146 C:\...146ortonBrowserUpdate.exe, PE32 52->146 dropped 152 71 other files (none is malicious) 52->152 dropped 232 Found evasive API chain checking for user administrative privileges 52->232 63 NortonBrowserUpdate.exe 52->63         started        file16 signatures17 process18 dnsIp19 170 1.1.1.1 CLOUDFLARENETUS Australia 56->170 172 34.160.176.28 ATGS-MMD-ASUS United States 56->172 114 C:\Windows\Temp\...\icarus_rvrt.exe, PE32+ 56->114 dropped 116 C:\Windows\Temp\...\icarus_product.dll, PE32+ 56->116 dropped 118 C:\Windows\Temp\...\icarus.exe, PE32+ 56->118 dropped 126 15 other files (10 malicious) 56->126 dropped 212 Query firmware table information (likely to detect VMs) 56->212 214 Writes many files with high entropy 56->214 65 icarus.exe 56->65         started        69 icarus.exe 56->69         started        174 50.112.164.195 AMAZON-02US United States 61->174 176 184.85.182.130 AKAMAI-ASN1EU United States 61->176 120 C:\Program Files\McAfee\...\wssdep.dll, PE32+ 61->120 dropped 122 C:\Program Files\McAfee\...\servicehost.exe, PE32+ 61->122 dropped 128 14 other files (1 malicious) 61->128 dropped 124 C:\...124ortonBrowserUpdate.exe, PE32 63->124 dropped 130 72 other files (2 malicious) 63->130 dropped 216 Creates an undocumented autostart registry key 63->216 71 NortonBrowserUpdate.exe 63->71         started        73 NortonBrowserUpdate.exe 63->73         started        76 NortonBrowserUpdate.exe 63->76         started        78 NortonBrowserUpdate.exe 63->78         started        file20 signatures21 process22 dnsIp23 86 wa_3rd_party_host_...e.ipending.af551dba, PE32+ 65->86 dropped 88 C:\...\su_worker.exe.ipending.af551dba, PE32+ 65->88 dropped 90 C:\...\su_controller.dll.ipending.af551dba, PE32+ 65->90 dropped 92 20 other files (19 malicious) 65->92 dropped 198 Query firmware table information (likely to detect VMs) 65->198 200 Writes many files with high entropy 65->200 80 NortonBrowserUpdateComRegisterShell64.exe 71->80         started        82 NortonBrowserUpdateComRegisterShell64.exe 71->82         started        84 NortonBrowserUpdateComRegisterShell64.exe 71->84         started        178 104.20.86.8 CLOUDFLARENETUS United States 73->178 file24 signatures25 process26

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Violated Heroine_91zbZ-1.exe24%ReversingLabsWin32.Trojan.Generic
Violated Heroine_91zbZ-1.exe100%AviraHEUR/AGEN.1332558

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserCrashHandler.exe0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserCrashHandler64.exe0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateBroker.exe0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateComRegisterShell64.exe0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateCore.exe0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateOnDemand.exe0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateSetup.exe0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateWebPlugin.exe0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\acuapi.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\acuapi_64.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdate.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_am.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ar.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_bg.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_bn.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ca.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_cs.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_da.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_de.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_el.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_en-GB.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_en.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_es-419.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_es.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_et.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fa.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fi.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fil.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fr.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_gu.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hi.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hr.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hu.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_id.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_is.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_it.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_iw.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ja.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_kn.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ko.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_lt.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_lv.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ml.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_mr.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ms.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_nl.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_no.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pl.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pt-BR.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pt-PT.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ro.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ru.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sk.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sl.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sr.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sv.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sw.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ta.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_te.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_th.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_tr.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_uk.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ur.dll0%ReversingLabs
C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_vi.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://d3ben4sjdmrs9v.cloudfront.net:443/zbd9C73F5E5-7AE7-4E32-A8E8-8D23B85255BFViolated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D23000.00000004.00000020.00020000.00000000.sdmpfalse
    https://webcompanion.com/termsViolated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
      https://shield.reasonsecurity.com/rsStubActivator.exe4Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832584426.0000000000898000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1828753817.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpfalse
        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmpfalse
          https://d3ben4sjdmrs9v.cloudfront.net/zbdtViolated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmpfalse
            https://www.opera.com/he/eula/computersNViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.000000000081E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.0000000000829000.00000004.00000020.00020000.00000000.sdmpfalse
              https://sadownload.mcafee.com/products/SA/BSI/bsi_DistributionRules.xml/saBSI.exe, 00000005.00000003.2417087301.0000000005B18000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417995790.0000000005B18000.00000004.00000020.00020000.00000000.sdmpfalse
                http://qt-project.org/xml/features/report-whitespace-only-CharDataqbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpfalse
                  http://doc.qbittorrent.orgUseViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                    https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/files/1489/saBSI.zippViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2452666771.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321325706.0000000004DDF000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D10000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3408524852.0000000004DE8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321873923.0000000004DE6000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349344859.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2350243027.0000000004DE6000.00000004.00000020.00020000.00000000.sdmpfalse
                      https://honzik.avcdn.net/universe/3ba8/fbac/3885/3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3avg_antivirus_free_online_setup.exe, 00000008.00000003.2594453638.0000000002E78000.00000004.00000020.00020000.00000000.sdmpfalse
                        https://www.premieropinion.com/common/termsofservice-v1Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000831000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
                          https://d3ben4sjdmrs9v.cloudfront.net:443/f/WebAdvisor/images/NEW/EN.pngViolated Heroine_91zbZ-1.tmp, 00000001.00000003.1910535336.0000000004D30000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1884824315.0000000004D30000.00000004.00000020.00020000.00000000.sdmpfalse
                            http://bugreports.qt.io/qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpfalse
                              https://www.opera.com/he/eula/computers?Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.000000000081E000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000828000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.0000000000829000.00000004.00000020.00020000.00000000.sdmpfalse
                                https://reasonlabs.com/policiesU_Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000085B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
                                  https://www.avg.com/ww-en/eulat.netViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2349508508.00000000068F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2350074906.00000000068F9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410133024.00000000068F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                    https://www.python.org/ftp/python/3.8.10/python-3.8.10.exeViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      http://qt-project.org/xml/features/report-whitespace-only-CharDatahttp://trolltech.com/xml/features/qbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpfalse
                                        https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000000C.00000003.2419370683.0000021F8711F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          https://libtorrent.org/single-page-ref.html#piece_extent_affinityViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            https://firefoxextension.avast.com/aos/update.jsonavg_antivirus_free_online_setup.exe, 00000008.00000003.2746430725.00000000058DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                              https://sadownload.mcafee.com/products/sa/bsi/win/binary/saBSI.exe, 00000005.00000003.3068263105.0000000005B5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3451793492.0000000005B5B000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B5B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                https://www.remobjects.com/psViolated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000000.1756018251.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                  https://sadownload.mcafee.com/products/SA/BSI/bsi_abtest.xmlsaBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3454193232.0000000005B46000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003440000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.000000000343F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003440000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    http://bugs.qbittorrent.org.badagentDynamicViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      https://d3ben4sjdmrs9v.cloudfront.net:443/zbd7b81be6a-ce2b-4676-a29e-eb907a5126c5Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        https://www.innosetup.com/Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000000.1756018251.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                          https://winqual.sb.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            http://bugs.qbittorrent.orgViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              http://www.winimage.com/zLibDllDELETEPUTCONNECTTRACECOPYLOCKMKCOLMOVEPROPFINDPROPPATCHSEARCHUNLOCKBIavg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                https://my.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000000C.00000003.2419370683.0000021F870E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    https://www.avg.com/ww-en/privacyt/Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349508508.00000000068F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2350074906.00000000068F9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410133024.00000000068F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      http://xml.org/sax/features/namespace-prefixeshttp://trolltech.com/xml/features/report-whitespace-onqbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpfalse
                                                                        http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xmlsaBSI.exe, 00000005.00000003.3066299595.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003440000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.000000000343C000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.000000000343F000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.000000000343A000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003440000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            https://www.libtorrent.org/reference-Settings.html#seed_choking_algorithmViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              https://www.mcafee.com/consumer/en-us/policy/legal.htmlces-agreement/EN.pngowser_setup.zipViolated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.000000000089B000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0avg_antivirus_free_setup.exe, 00000006.00000003.2375143923.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3614016586.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986102336.000000000099E000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986039127.00000000009BB000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986892605.00000000009A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  https://id.avast.com/inAvastiumavg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    https://shepherd.avcdn.netavg_antivirus_free_online_setup.exe, 00000008.00000003.2746430725.00000000058DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      https://d3ben4sjdmrs9v.cloudfront.net/f/NORTON_BRW/images/1494/547x280/EN.pnga8Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349344859.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2350243027.0000000004DE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        https://www.libtorrent.org/reference-Settings.html#listen_queue_sizeViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          http://checkip.dyndns.orgViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            https://www.nortonlifelock.com/us/en/legal/license-services-agreement/v8Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2349344859.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2350243027.0000000004DE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              http://forum.qbittorrent.orgViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                https://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeavg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/files/1319/avg.zipdViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.00000000007F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    https://pair.ff.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      https://sadownload.mcafee.com/products/SA/v1/bsi/4.1.1/install.xmlnload.mcafee.comOsaBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        https://www.libtorrent.org/reference-Settings.html#max_concurrent_http_announcesViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          http://https://:allow_fallback/installer.exeavg_antivirus_free_setup.exe, 00000006.00000000.2322480648.0000000000C43000.00000002.00000001.01000000.0000000E.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3617009543.0000000000C43000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                            http://submit.sb.avast.com/V1/PD/avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              https://analytics.apis.mcafee.comhttps://analytics.qa.apis.mcafee.com/mosaic/2.0/product-web/am/v1/rsaBSI.exe, 00000005.00000000.2296059937.00000000003FE000.00000002.00000001.01000000.0000000D.sdmp, saBSI.exe, 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                https://sadownload.mcafee.com/products/SA/BSI/bsi_PartnerDistribution.xml/saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  https://viruslab-samples.sb.avast.comavg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zavg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      https://www.nortonlifelock.com/norton_secure_browser_setup.exe, 00000007.00000003.2436625580.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002DAF000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D98000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002CF7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003EC1000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DE7000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004937000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004897000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DC6000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000490A000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A60000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003F0F000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003DF2000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002E92000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CA8000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004A49000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003CC9000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2445894350.0000000003D31000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.000000000405D000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2441703534.0000000004964000.00000004.00000020.00020000.00000000.sdmp, NortonBrowserUpdateSetup.exe, 0000000D.00000003.2439249009.0000000002D8D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        http://trolltech.com/xml/features/report-start-end-entityqbittorrent.exe, 0000000B.00000000.2414929382.0000000002214000.00000002.00000001.01000000.00000018.sdmpfalse
                                                                                                                          https://sadownload.mcafee.com/products/SA/v1/installer/4.1.1/995/saBSI.exe, 00000005.00000003.3065718257.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3451793492.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068263105.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3426947030.0000000005B7D000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            https://www.avast.com/prVersionViolated Heroine_91zbZ-1.tmp, 00000001.00000002.3402582771.00000000023E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              https://analytics.apis.mcafee.com/saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.00000000033B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                https://www.mcafee.com/consumer/en-us/policy/legal.htmlBViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000831000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.0000000000831000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  https://sadownload.mcafee.com/products/SA/v1/bsisaBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3454193232.0000000005B46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    https://sadownload.mcafee.com/products/sa/bsi/win/binarysaBSI.exe, 00000005.00000003.3068263105.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065718257.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046681417.0000000005B44000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3454193232.0000000005B46000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      http://v7event.stats.avast.com:80/cgi-bin/iavsevents.cgiavg_antivirus_free_setup.exe, 00000006.00000003.2986536479.0000000000978000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2987731516.0000000000978000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000002.3608067059.0000000000979000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        https://www.libtorrent.org/reference-Settings.html#suggest_modeViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.pngViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.00000000007F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            http://ocsp.sectigo.com0Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              https://d3ben4sjdmrs9v.cloudfront.net/f/WebAdvisor/images/NEW/EN.png0/EN.pnga8Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2452666771.0000000004DD7000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3408524852.0000000004DE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                https://sadownload.mcafee.com/products/SA/BSI/Win/binary/4.1.0/update_bsi_self.xml/saBSI.exe, 00000005.00000003.3046098234.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3068142778.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3063523683.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000002.3487600779.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2417371075.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651870244.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3065548773.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.2651570977.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3046558063.0000000003454000.00000004.00000020.00020000.00000000.sdmp, saBSI.exe, 00000005.00000003.3457030444.0000000003454000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  https://reasonlabs.com/pg;Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeavg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      http://www.avast.com0/Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2320762800.0000000004DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2375046709.00000000009E5000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2433676500.0000000005774000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2498841426.00000000059D0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2598430677.0000000005C84000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2645794409.00000000059AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        https://www.nortonlifelock.com/us/en/legal/license-services-agreement/GViolated Heroine_91zbZ-1.tmp, 00000001.00000003.1828753817.0000000000871000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000897000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          https://honzik.avcdn.net:443/universe/2f8a/779d/1460/2f8a779d146017868e5dd4e67083675da9aa5b94a174d8bavg_antivirus_free_online_setup.exe, 00000008.00000002.3610768260.0000000002DA8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            https://www.libtorrent.org/reference-Settings.html#hashing_threadsViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#Violated Heroine_91zbZ-1.exe, 00000000.00000003.1752418673.0000000002640000.00000004.00001000.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.exe, 00000000.00000003.1754693346.000000007FB60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3391940459.00000000007F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  https://www.fosshub.com/feed/5b8793a7f9ee5a5c3e97a3b2.xmlViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    https://www.libtorrent.org/reference-Settings.html#announce_to_all_trackersViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      https://d3ben4sjdmrs9v.cloudfront.net/f/AVG_AV/images/1509/EN.pngng0sViolated Heroine_91zbZ-1.tmp, 00000001.00000002.3407584074.0000000004D94000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        https://s-nuistatic.avcdn.net/nui/avg/1.0.761/updatefile.jsonavg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          https://sadownload.mcafee.com/products/SA/v1/update/post_saBSI.exe, 00000005.00000002.3487600779.000000000343A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            https://reasonlabs.com/policiesViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.000000000087F000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1832650881.000000000085A000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2453449012.0000000000841000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.1829306603.0000000000839000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://analytics.apis.mcafee.com/?saBSI.exe, 00000005.00000002.3487600779.00000000033E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                https://packet-responder.ff.avast.com:8443Vaar-VersionVaar-Header-Content-Type0Failedavg_antivirus_free_online_setup.exe, 00000008.00000003.2707482721.0000000005A61000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://www.libtorrent.org/reference-Settings.html#outgoing_portViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    https://ipm.avcdn.net/avg_antivirus_free_online_setup.exe, 00000008.00000003.2785492055.00000000058AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      https://download.db-ip.com/free/dbip-country-lite-%1.mmdb.gzAndorrayyyy-MMCouldnViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        https://honzik.avcdn.net/yavg_antivirus_free_online_setup.exe, 00000008.00000003.2594453638.0000000002E3C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          https://honzik.avcdn.net/universe/6b80/fa1f/8221/6b80fa1f82216a58bdc872de1a8e2cf9d2c485d135cf3414b79avg_antivirus_free_online_setup.exe, 00000008.00000003.2786145444.0000000002E75000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            http://plugins.qbittorrent.orgViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              https://www.avg.com/ww-en/privacy-us/Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321226146.0000000006906000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000002.3410133024.00000000068F9000.00000004.00000020.00020000.00000000.sdmp, Violated Heroine_91zbZ-1.tmp, 00000001.00000003.2321056380.00000000068F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                http://v7event.stats.avast.com/avg_antivirus_free_setup.exe, 00000006.00000002.3614016586.00000000009BE000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_setup.exe, 00000006.00000003.2986039127.00000000009BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  https://shepherd.avcdn.net//urlavg_antivirus_free_online_setup.exe, 00000008.00000003.2385033934.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385754238.0000000002DF0000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385205908.0000000002DF8000.00000004.00000020.00020000.00000000.sdmp, avg_antivirus_free_online_setup.exe, 00000008.00000003.2385964492.0000000002DF7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    https://www.libtorrent.org/reference-Settings.html#stop_tracker_timeoutViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://www.mcafee.com/consumer/v/wa-how.htmldAsaBSI.exe, 00000005.00000002.3487600779.000000000337E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        https://www.noip.com/remote-accessViolated Heroine_91zbZ-1.tmp, 00000001.00000003.2442444199.0000000007FC0000.00000004.00001000.00020000.00000000.sdmpfalse

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          172.217.19.206
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                          1.1.1.1
                                                                                                                                                                                                          		unknownAustralia
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          184.30.25.22
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                          13.89.179.12
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                          50.112.164.195
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                          23.193.114.32
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                          20.189.173.20
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                          184.85.182.130
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                          104.20.87.8
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          23.218.208.109
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		6453AS6453USfalse
                                                                                                                                                                                                          23.193.114.16
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                          23.195.61.79
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                          34.160.176.28
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                          18.161.108.174
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                          35.162.223.47
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                          34.117.223.223
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                          104.20.86.8
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          23.193.114.8
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		16625AKAMAI-ASUSfalse
                                                                                                                                                                                                          104.18.20.226
                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          2.19.198.34
                                                                                                                                                                                                          		unknownEuropean Union
                                                                                                                                                                                                          		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                          Private

                                                                                                                                                                                                          IP
                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1580037
                                                                                                                                                                                                          Start date and time:2024-12-23 19:12:52 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 14m 31s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                                          Number of analysed new started processes analysed:46
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:Violated Heroine_91zbZ-1.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal68.rans.spyw.evad.winEXE@74/1357@0/21
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 80%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 65%
                                                                                                                                                                                                          • Number of executed functions: 119
                                                                                                                                                                                                          • Number of non-executed functions: 160
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                                          • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                                                                                          • VT rate limit hit for: Violated Heroine_91zbZ-1.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                          18:15:09Task SchedulerRun new task: NortonUpdateTaskMachineCore path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/c
                                                                                                                                                                                                          18:15:10Task SchedulerRun new task: NortonUpdateTaskMachineUA path: C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe s>/ua /installsource scheduler

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          1.1.1.16fW0GedR6j.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 1.1.1.1/ctrl/playback.php
                                                                                                                                                                                                          PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                                                                                          • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                                                                                                                                                                                                          AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 1.1.1.1/
                                                                                                                                                                                                          INVOICE_90990_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
                                                                                                                                                                                                          Go.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 1.1.1.1/
                                                                                                                                                                                                          13.89.179.12AB05_WRK_BLD01_2024-11-27_20_05_35.381.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            DMv89K955Y.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC StealerBrowse
                                                                                                                                                                                                              faststone-capture_voLss-1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                tera10.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  Halkbank_Ekstre_20222501_ 073653_270424.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    LisectAVT_2403002C_44.exeGet hashmaliciousEICARBrowse
                                                                                                                                                                                                                      CryptoService.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        wechat-3.9.7-installer_ae-GFz1.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                          lgX7lgUL1w.exeGet hashmaliciousNeoreklami, PureLog Stealer, SmokeLoaderBrowse
                                                                                                                                                                                                                            WebReport_safe_certified_2024.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              20.189.173.20file.exeGet hashmaliciousAmadey, DarkVision RatBrowse
                                                                                                                                                                                                                                bomb.exeGet hashmaliciousAmadey, Go Injector, LummaC Stealer, Phorpiex, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, Socks5SystemzBrowse
                                                                                                                                                                                                                                    https://swishmax.en.download.it/Get hashmaliciousLummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                                                                                      9VYSw7MFa8.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        Foto_03_02_2014_IMG_544134.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          setup.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader, StealcBrowse
                                                                                                                                                                                                                                            wechat-3.9.7-installer_ae-GFz1.exeGet hashmaliciousCoinhive, Crypto Miner, DarkComet, GhostRat, IcedID, LaZagne, Mini RATBrowse
                                                                                                                                                                                                                                              https://eu-central.storage.cloudconvert.com/tasks/004d6e18-5b09-432f-ae9a-7d0bef441692/%40%21Pa%20sc0d%C3%A9__-NewFiLes.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Content-Sha256=UNSIGNED-PAYLOAD&X-Amz-Credential=cloudconvert-production%2F20240531%2Ffra%2Fs3%2Faws4_request&X-Amz-Date=20240531T054225Z&X-Amz-Expires=86400&X-Amz-Signature=e44f950daf1a1a2004947d6b8b5f8aa77838142684691288964d6f5027abcb41&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3D%22%40%21Pa%20sc0d%C3%A9__-NewFiLes.zip%22&response-content-type=application%2Fzip&x-id=GetObjectGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                WhatsAppAnd2Ios1.dllGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                  Domains

                                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                  CLOUDFLARENETUSPlay Aud.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                                                                                  https://flowto.it/8tooc2sec?fc=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 104.18.35.227
                                                                                                                                                                                                                                                  vFile__0054seconds__Airborn.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                                                                                  https://jkqbjwq.maxiite.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 104.16.123.96
                                                                                                                                                                                                                                                  [External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 1.1.1.1
                                                                                                                                                                                                                                                  https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 172.66.43.2
                                                                                                                                                                                                                                                  https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                                                                                  https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                                                                                  https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 104.21.50.192
                                                                                                                                                                                                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUS[External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 52.109.76.240
                                                                                                                                                                                                                                                  https://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 20.234.104.33
                                                                                                                                                                                                                                                  phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 52.109.76.243
                                                                                                                                                                                                                                                  5diately.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 52.168.117.168
                                                                                                                                                                                                                                                  ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 51.104.15.253
                                                                                                                                                                                                                                                  Payout Receipts.pptxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 20.190.147.9
                                                                                                                                                                                                                                                  armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 20.97.231.130
                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 20.233.83.145
                                                                                                                                                                                                                                                  Client-built.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                  • 20.107.53.25
                                                                                                                                                                                                                                                  AMAZON-02UShttps://jkqbjwq.maxiite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                  • 3.160.196.35
                                                                                                                                                                                                                                                  https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 108.158.75.55
                                                                                                                                                                                                                                                  https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 13.248.241.119
                                                                                                                                                                                                                                                  http://plnbl.io/review/FSUQBEfTfzwHGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 54.192.107.121
                                                                                                                                                                                                                                                  NAnOVCOt4L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 185.166.143.50
                                                                                                                                                                                                                                                  fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                  • 185.166.143.48
                                                                                                                                                                                                                                                  OtHVIQ2ge4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 185.166.143.49
                                                                                                                                                                                                                                                  fr2Mul3G6m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 185.166.143.49
                                                                                                                                                                                                                                                  ChoForgot.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                  • 3.160.188.50
                                                                                                                                                                                                                                                  AKAMAI-ASUS[External] 120112 Manual Policies Overview Guide_ 8VM8-WZPT3L-LYH1.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 96.17.64.171
                                                                                                                                                                                                                                                  phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 2.19.198.51
                                                                                                                                                                                                                                                  fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                                                                                                                  • 104.121.10.34
                                                                                                                                                                                                                                                  armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 96.26.27.74
                                                                                                                                                                                                                                                  armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 23.72.253.21
                                                                                                                                                                                                                                                  2ZsJ2iP8Q2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  LopCYSStr3.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  LNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                                                                  VBHyEN96Pw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  • 104.102.49.254

                                                                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                                                                  No context

                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                  C:\Config.Msi\52768a.rbs

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):7854
                                                                                                                                                                                                                                                  Entropy (8bit):5.499206593290738
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:JgevJRyNGSIgNGSzXReJ7aY7jMgDwzgs+Bd4C/Q/Bp:JfJkNGeNGkXRo2Y7jMgDBBd4C/Q/Bp
                                                                                                                                                                                                                                                  MD5:2619583C6775E63F20C64D6209C39E00
                                                                                                                                                                                                                                                  SHA1:EE8CE20D3CA5D0426B685F987D433839A9F48B8A
                                                                                                                                                                                                                                                  SHA-256:0584AF95EB9402D8B4EA169A2B5F88E7EA1277E5E14D86900A354E7930128823
                                                                                                                                                                                                                                                  SHA-512:2EE10FA28B167E78095533D9E6BB83362F10828E6E8F8C72528F82D67F6E620121CEDE8046B2A65D08204443D77E9E2631996791E46AD2384C3BEAE40485BF67
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.i.Y.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{717B7059-A988-492F-AF1B-DCF70BE809AB}&.{469D3039-E8BB-40CB-9989-158443EEA4EB}.@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]$..@......SOFTWARE\Norton\Browser\Update.............................................. ...!.......?........... ... .......?...................?.........................................8......................1.?l.cL<.P...b....~z................. ... ...................$.N.......@....'.&...MsiStubRun..#0....RegisterProduct..Registering product..[1]......C:\Windows\Installer\5

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\@PaxHeader

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):28
                                                                                                                                                                                                                                                  Entropy (8bit):3.5566567074628233
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:XVTKlUv:FTj
                                                                                                                                                                                                                                                  MD5:B9EA04357667FD46353CA3E48F346261
                                                                                                                                                                                                                                                  SHA1:CB35A329D04D990B937CB8C6C49ACC8D80AD45A3
                                                                                                                                                                                                                                                  SHA-256:FDF34D3C6716526200DFC4F81AD1CB1BFDA51EC9DB20C2C0E7CDD08C179A6DE3
                                                                                                                                                                                                                                                  SHA-512:5B07BA516C030BD3689F21939A2EEA417B603A9FA8BEBCF4D9BAED190B67E7784F1A0458A022450F5DDD99F6D9913BA45D2EB1DCE4E011842A5CB33B3695C93B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:28 mtime=1686233326.3398783.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserCrashHandler.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):383232
                                                                                                                                                                                                                                                  Entropy (8bit):4.3682050352007735
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:iPfhJk6XlsbrElrmPARuDnQe09E32yIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AD:cfYKsHKmz+K32OTixcvcDwn
                                                                                                                                                                                                                                                  MD5:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                                                                                  SHA1:894F3E31CC3666728F2D7A8DB6840D4726843DE5
                                                                                                                                                                                                                                                  SHA-256:A178FFAD4526B68BA0106032D612164004F20F08B8EF7FDF986429A1CF7708A0
                                                                                                                                                                                                                                                  SHA-512:882A9392507BF0E089952F17E2F40DB0C5E1C52C6A6F5C7CDAD61DEDAF1AF734F23C317C0DA77A980D6ACC38E169302E1B024AD393BB730851786146BC38E17E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L......d............................T.............@.................................t\....@.................................d'..(....P..(f..........H....6..........L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc...(f...P...h...*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserCrashHandler64.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):404480
                                                                                                                                                                                                                                                  Entropy (8bit):4.403596063022666
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:Pzfvhld4VAmlAfFUtxsIKGNGdyIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAA9:bvhP4VHlAfFUYdOTixcvcK
                                                                                                                                                                                                                                                  MD5:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                                                                                  SHA1:A6F3796A310B064D1F2A06FAA9B14C4A104506DA
                                                                                                                                                                                                                                                  SHA-256:77B695E9292A10A98C3FC1D25AE05C44FB18A54D74A473D4497B840C8BA94DEA
                                                                                                                                                                                                                                                  SHA-512:CBA5DAB19BDEAFC4ECA223A4858B566E3AF21FD690F4F6971864C519D284AAF5A3DF70B98AEB5FABC66A68E515505B203B0BF1C61ECB92070E8E30A92BDA6FAC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g0...^...^...^.;v]...^.;v[.U.^.;vZ...^.s[...^.sZ...^.s]...^.;v_...^..._..^.sW...^.s....^.s\...^.Rich..^.........PE..d...=..d.........."..........6.................@.............................@.......z....`..................................................l..(.......0f..........H....7...0..T...pW..T............................W..8...............@............................text............................... ..`.rdata..............................@..@.data................f..............@....pdata...............r..............@..@_RDATA..............................@..@.rsrc...0f.......h..................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):440608
                                                                                                                                                                                                                                                  Entropy (8bit):4.477495049012643
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                                                                                  MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                                                                                  SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                                                                                  SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateBroker.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):384296
                                                                                                                                                                                                                                                  Entropy (8bit):4.381583745540333
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:Vvs32BUKqsL6FBqrk0z3M+82nOiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAn:Bs3Uq+2qXnOeTixcvcGLNI
                                                                                                                                                                                                                                                  MD5:A86AD7C0E95907CBA12C65A752C02821
                                                                                                                                                                                                                                                  SHA1:26EE2DF5A6A47FE976AF1592B20BCBEBDAFFC4DB
                                                                                                                                                                                                                                                  SHA-256:4E596090A150EB2B7478A42B7A2287EB8E0C80ACF2776AA7A55DFE9CC5013718
                                                                                                                                                                                                                                                  SHA-512:62D869B8FEC28D10EC6A1B78B6F92555B0DBA2E92BAC203C569CACCB30B1BB33128346C158A04262271D43D09AB0ED207B99A19354215D5A8907FCA01B654C60
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L....d..........................................@.................................R:....@.................................$8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..b^.......`..................@..@.data........@.......&..............@....rsrc....f...`...f...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):438592
                                                                                                                                                                                                                                                  Entropy (8bit):6.45992761938075
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:/iooQx+F24u9wHXNiOc20bNcooY50EkY:/mQUkyiOc20ZcW0Er
                                                                                                                                                                                                                                                  MD5:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                                                                  SHA1:69D5E69DDF4132FA2A5AE8B8B36CE047E560A476
                                                                                                                                                                                                                                                  SHA-256:B2DAA382D892FEDB01EE0FC960671A96C1D21C663F1883D800F70D72FDD13F91
                                                                                                                                                                                                                                                  SHA-512:A484F13F5427B20623BC0451BD223C0D89EDA0B0789749B46F2981CD7818A0D795B2868840E5BB9A0C6C8020939D085814A6BBBAAE4425B2F0C398C913F246DF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..PTg.PTg.PTg.$d.[Tg.$b..Tg..!c.BTg..!d.ZTg..!b..Tg..!n.kTg.$c.ETg.$f.MTg.PTf..Ug..!b.QTg..!..QTg..!e.QTg.RichPTg.................PE..d......d.........."............................@....................................R.....`..................................................................p..t4..Hx...8......d.......T.......................(... ...8............................................text.............................. ..`.rdata...|.......|..................@..@.data...08...0......................@....pdata..t4...p...6..................@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..d............j..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateCore.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):755696
                                                                                                                                                                                                                                                  Entropy (8bit):5.78064070271127
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:W7HWEcC7f+bctMN8hnPTscowfOTieHsgX+:W7HWvbcNPTJowfOu2u
                                                                                                                                                                                                                                                  MD5:5174340282DD8A0FF39480395F5BC5D8
                                                                                                                                                                                                                                                  SHA1:08100AB4E019A149CC484BDA66CCC5C28DC2D2ED
                                                                                                                                                                                                                                                  SHA-256:C78E5106DEBB7D891A9B3DF684EDE2DA295B8E7B595F899CEB8400786A627EC6
                                                                                                                                                                                                                                                  SHA-512:8B2A3DB0DEE98435F2C5ACF8DE8617FE72ADD9155F3AF491CDFBE6770346DD31CAD387D3E2877E3E5332117A30D08DA428CBF9C7E3C72C6E6E486F4626BFD1AF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.P.4.P.4.P.D.Q.4.P.D.Q84.P.hjP.4.P.A.Q.4.P.A.Q.4.P.A.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.4.P.6.P.A.Q.5.P.AhP.4.P.A.Q.4.PRich.4.P........PE..L....d............................0t............@.......................................@..............................................f..........HD...C...`...A..Xw..T....................x.......w..@...............8............................text...*........................... ..`.rdata..............................@..@.data...DG..........................@....rsrc....f.......f..................@..@.reloc...A...`...B..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateHelper.msi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):3.710330368678027
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                                                                  MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                                                                  SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                                                                  SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                                                                  SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateOnDemand.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):384808
                                                                                                                                                                                                                                                  Entropy (8bit):4.377706577325397
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:zvMP2ZEKysLSFBqr80w3M+D2nKiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAW:bMPMy+eqLnKeTixcvcjLNm
                                                                                                                                                                                                                                                  MD5:C9824519E8613D8B4CAD44060069C19C
                                                                                                                                                                                                                                                  SHA1:8D253977D0236494471FBFDAA6AB3EEF1315AC15
                                                                                                                                                                                                                                                  SHA-256:11F3E42F19333E5917E7DB62FA8E7F966EB9624E86711E413AA43284B8D03244
                                                                                                                                                                                                                                                  SHA-512:0F2E11E11C1C8D477EA8C2C6C70D24484AE913CC1FC785E945141BD035745914CA307D67BDEC3A45D443BEBEDDB536A910E4E1F2A285AA807217576262AE4D21
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.......................................@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1910576
                                                                                                                                                                                                                                                  Entropy (8bit):7.58137479903026
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                                                                                  MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                                                                  SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                                                                                  SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                                                                                  SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdateWebPlugin.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):384808
                                                                                                                                                                                                                                                  Entropy (8bit):4.377540113876844
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:A3sX2IVBI6XgpbbreB3Hu9+323+iIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBU:qsXTIgmbl3+eTixcvcXbM/H
                                                                                                                                                                                                                                                  MD5:1B7BD9F313FC670D5DFC1EDFEEF50D0E
                                                                                                                                                                                                                                                  SHA1:F95F0DB0E6392022D314EFD14F9B4D542D2DF3C2
                                                                                                                                                                                                                                                  SHA-256:968A9AE84C45CF635CAB1F50843CD970FAE0BDF3F7837FE26D7D64C8E3C0A837
                                                                                                                                                                                                                                                  SHA-512:232FFA2890FC3504EE8D2DECB80603B5873C8AC9E8F92D09E3E4BE7AFAE7DD88121CD176F5C487BB59809B577705F226B7C63D8743CBE4FCEABFECD429D765FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.................................5.....@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text............................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\acuapi.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):561456
                                                                                                                                                                                                                                                  Entropy (8bit):6.89287156869539
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:Yfpc+D07/a7PLl5FibVV1e80fe7KM7DhphezIhSMXlLSGvYOO:ID0KcVV1e8IkKM7DjhezIhSMXl+onO
                                                                                                                                                                                                                                                  MD5:A400B5A4A3CA4745149ABAA4C58FAB2D
                                                                                                                                                                                                                                                  SHA1:D8BC7CF9735E4A6958FEB7079A505BD1C4516F24
                                                                                                                                                                                                                                                  SHA-256:89515235500904C8BD34844D4C71F2707750BC5E7C48AFD3409B012EB5A1E544
                                                                                                                                                                                                                                                  SHA-512:2762EE517E08FEBA6345521ADF6C516352B672882DB2A6D3220F2A62A60EFB6CB2DD2AB04BDC20A60092A5922A4B7C83484C8FD3FAAC3BA817A4BDE84D23592A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................E.....................................u...........................Rich...........PE..L...[..d...........!.........p............................................................@.............................l.......(....@..p...........HT...<...P...8......T...................@.......h...@............................................text...d........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...p....@......................@..@.reloc...8...P...:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\acuapi_64.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):719056
                                                                                                                                                                                                                                                  Entropy (8bit):6.672324901238704
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:X+vBHtQ7iF5WOFQYOupOwoH6LztpMQV/t9WQF2FiWurraKlIDn1LGNGho44v+aXx:X+5HnQYOAR7WGtZhezIhSMXlgIv
                                                                                                                                                                                                                                                  MD5:56464A7270CDE8F1EFE3A4DF0C7FBA88
                                                                                                                                                                                                                                                  SHA1:3B857008BDB409DAEF3441C656C0CA09B283F80E
                                                                                                                                                                                                                                                  SHA-256:85FBCDB8D8FF254D35664000529BC1FDE00427B624F806E6A2CF839AD7332698
                                                                                                                                                                                                                                                  SHA-512:A0E7E8C45129E44D775DBB3DE53D72F17EA17EBDCCA89C0C69B56FB6AD3694227466452387378F915241390769BDF42B5E58D104C8C1839915878DD698F30CDF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.b2w..aw..aw..a!..`r..a...`{..a...`...a...`c..a%..`y..a%..`}..a%..`8..a...`p..aw..a...a/..`u..a/..`v..a/..av..a/..`v..aRichw..a........................PE..d......d.........." ................................................................aB....`..........................................A..p....A..(.......x........A..H....B......$...x...T.......................(......8............................................text...,........................... ..`.rdata..n}.......~..................@..@.data....?...P...&...8..............@....pdata...A.......B...^..............@..@_RDATA..............................@..@.rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdate.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1707520
                                                                                                                                                                                                                                                  Entropy (8bit):6.329347716504747
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:Lpkb22RntN0ttjsz1srDlmsmTKmTyuuNV:Lpka2Rn0ttjsQlms7
                                                                                                                                                                                                                                                  MD5:5F2D68D3FDAEB09AE78622A5AE59FCE0
                                                                                                                                                                                                                                                  SHA1:D959C2A9E03C0C4017682C5F48EB1BBD84DD796E
                                                                                                                                                                                                                                                  SHA-256:F2AF299BE74EBBFD19BB476D66BDE4D55BFB571004B6349EB5EF1971955F683F
                                                                                                                                                                                                                                                  SHA-512:D0F9BA99DF9153A8487FD0C4A3F81C0138AEABAAED9875A8E175531E2BDF18F7B89AE14CF52BF7F546B3B5076B87080096D5C15558B9BD16A44585C0C0171C54
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........n%.B.KMB.KMB.KM..LLC.KM..ML@.KM..HLP.KM..NL..KMsS.M@.KM.zOLS.KM.zHLZ.KM.zNL..KM..OLc.KM..JLi.KMB.JM/.KM.zBLr.KM.zKLC.KM.z.MC.KMB..My.KM.zILC.KMRichB.KM........PE..L...b..d...........!................oG...............................................E....@.........................`...T............@..(...........H....c...0..........T...................@.......h...@............................................text............................... ..`.rdata..j...........................@..@.data....\....... ..................@....rsrc...(....@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_am.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44008
                                                                                                                                                                                                                                                  Entropy (8bit):4.850152460164065
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FR/vRi4k4+R2T35Jy0Wp2xPxh8E9VF0Nyme:FlIZJQy0WsxPxWEc
                                                                                                                                                                                                                                                  MD5:72E47A3D3E835B08D1AE65D4F69F77E0
                                                                                                                                                                                                                                                  SHA1:7F086000901CF2518C35E1734EA1ED9E10DE369C
                                                                                                                                                                                                                                                  SHA-256:FF74207E5107DC2DA38AAA4DE10BC8EA83FAECB2BCA0BF985A7E5A6B427643C0
                                                                                                                                                                                                                                                  SHA-512:02124755B52423CF734C6CC28AF44FA7F8DC79EB4E9E475208FB6591AA2317A149B7EFC0E5E7A3DFBAEB9CDEF9ED69084C45DB6221003DE69D6AD1B45B9C09CB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........z............... ............................................@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ar.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):42944
                                                                                                                                                                                                                                                  Entropy (8bit):4.835542008183028
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FruDM3lkCAu+JGPpHJy0W5m2Pxh8E9VF0NyhAd8:FUSlkCAd2y0WPPxWE7C
                                                                                                                                                                                                                                                  MD5:A37370A759932400EED7EAEDDBB482CE
                                                                                                                                                                                                                                                  SHA1:638E51217F7DF449D41067AB3135D5912517B858
                                                                                                                                                                                                                                                  SHA-256:F183305C17D1C06C3006816E1BAD733599E977C1207332799399CEBCBDC7DF20
                                                                                                                                                                                                                                                  SHA-512:9FAD66444C544519FF4898DEE7772923DD0708A27422D02475715E9F1B10C058CBDD8B4C53E8B0E25F7B0CC4B967DD33AD4A36BF21A4099699F87B69FEC4DD97
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...1..d...........!.........v............... ......................................{6....@.............................D....0..(....@..Pm..........H|..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pm...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_bg.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.8691314938087595
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FsBzeydckieGZBOcuUFjJy0WgXTPxh8E9VF0Ny6gIBb:FmLVEDNfy0WQPxWEkDR
                                                                                                                                                                                                                                                  MD5:01F941A4B83FABF16E5BC21100B69D38
                                                                                                                                                                                                                                                  SHA1:AB6E4B97F90CF44CE6463E96FC97BAFBFDD750AC
                                                                                                                                                                                                                                                  SHA-256:79E3DA0E23396DABF17FDC7850D84BE5BFC7D6C7E27D6A83EC2DD3537CDE8912
                                                                                                                                                                                                                                                  SHA-512:DAAD8ABF022623447EFB08B1B931F52F2328587FE3FED0D510D036E72CC0F293C8584D10F63EF3268768E93C75018CDF4D4128BF863D517B432EB758570C8EA1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_bn.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.936222804071481
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F0aapGvUx7tYF7qWF0FrHF6rjbmBwRbooJy0WNRuyZPxh8E9VF0NykWri:FWsrBF0FrFnBwZy0WT/ZPxWE6
                                                                                                                                                                                                                                                  MD5:663E632846D59788FCEB10677488AEBC
                                                                                                                                                                                                                                                  SHA1:D55E88C98121FCEFF9D290E48982B7B4F2204BAA
                                                                                                                                                                                                                                                  SHA-256:1DFC05748521BCCA9C4BB71E2F02E2FA52B657D0F8DB1747BC9B4B27997A60D6
                                                                                                                                                                                                                                                  SHA-512:13F29325EA1C5055B4F344B7B43B52E754D3C1645263F0168F8936D26B98EB5E352E1F1DAFD68E99DC88A6B976A23BD0BA2DC1A73AC27186B8B5F742A18C8C09
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...w..d...........!......................... .......................................@....@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ca.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.655403186782661
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FTYiIP42ArzVuJG4bPl7aJy0W3kPxh8E9VF0NyVhQ6:F6Q2ArBuhoy0W0PxWED
                                                                                                                                                                                                                                                  MD5:EC63069EFD260AD24F218AE84882F3FF
                                                                                                                                                                                                                                                  SHA1:5875DEFDF669CC4747C4F68536E9117DE2BD4A53
                                                                                                                                                                                                                                                  SHA-256:BC60127E50FA8E89422966554F1E9319A0E0DD750525812463E0560E48D92FBD
                                                                                                                                                                                                                                                  SHA-512:13D4FE8F6227C54EF928CAE48F8B2854218DA04174B60D70BCEE410C248AD2CFA974402093A795AE275C5F4CDCECDD9426B50FCDBC3F0F64B6F0B0D9BB06EA2F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!......................... ............................................@.............................D....0..(....@..(y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_cs.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.69656607023198
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FAthlsBWpKJkbYAA+fjoDJy0Wim+FPxh8E9VF0Nyy6:Fwb+y0Wt+PxWEs
                                                                                                                                                                                                                                                  MD5:0FCE99454CFCC351D251FA0E9EA77840
                                                                                                                                                                                                                                                  SHA1:7B9575192E105B4CB724F51238A2E5E956A76425
                                                                                                                                                                                                                                                  SHA-256:8DD39E95CD3515398AED12677DB59D71C0773588FF927A6A782A3BEFCF5B1F5D
                                                                                                                                                                                                                                                  SHA-512:61AA083B1C5E2EE9DE23C9BB14B25DEB71A3E6F962495542F83F8D068D5046722D287A7EF5247217FA5EA712572B0EEEADC1B2B3263CB70C061648FED030CEC2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........~............... .......................................5....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_da.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.656501839350111
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FIq7uqfNnwtpY6PSKpJy0W/s0UEjPxh8E9VF0NykMR3nD:FLHnwkOdy0W0lEjPxWEqq3D
                                                                                                                                                                                                                                                  MD5:D6F44DC235F838BF4E52165182FC0969
                                                                                                                                                                                                                                                  SHA1:1EAAD935A6FF147ACBB041397B9E9D63B0EE1270
                                                                                                                                                                                                                                                  SHA-256:8883FD2E7810EB9C4DA66888BC548074FE990AE652CE59A053CBD25E39AE08DB
                                                                                                                                                                                                                                                  SHA-512:20792C1D1E1C174EB86F72BA92F83A92C025DEBF68DB2BA9E3C9346FE4ECCEAFE0F94BE62706CB8D16F8A6529A9358A4FC8A189B22178E501B654A1D4F6952A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...a..d...........!.........~............... .......................................D....@.............................D....0..(....@..Hu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_de.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):47080
                                                                                                                                                                                                                                                  Entropy (8bit):4.647516797051505
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FjmAR6HUj8gtdF0Me39ADEZoJy0WwymPxh8E9VF0NyaBB:F6ojeMe39APy0WwPxWEc
                                                                                                                                                                                                                                                  MD5:42B89B0A42B907D63FE680AEDD8B32C7
                                                                                                                                                                                                                                                  SHA1:2B36C8BD041331D835DD897AD5FFD29E41ABC52C
                                                                                                                                                                                                                                                  SHA-256:E1B6FA1ADC79ADD6CE803DFAF4CE5D5E4DB70EED08223C4EAA381CF0EF55C62A
                                                                                                                                                                                                                                                  SHA-512:539D3B51BF450BFB80FD90D52E8A8C2BE077ED39F3E3657FA21DE4B65E391144AFB80CE6C57AEF340EC67821EBA3A886B2E072F7D64152119187ED374B5A73C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................_.....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_el.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.945276126044921
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Fkwaa8EpeILkSIrGCSqlIxRFiAhAu8zBdfsBsTbV234sJy0WRiDEPxh8E9VF0Nyg:FgCplLO+R5U/+y0WoDEPxWE1
                                                                                                                                                                                                                                                  MD5:CB574CC86D8FD65185E9C93547D9B98C
                                                                                                                                                                                                                                                  SHA1:1271590C4BDED66D5179B1820E9F66C243DEBCDE
                                                                                                                                                                                                                                                  SHA-256:7AD4C02B86EFEAC6E068CB0A47D50FD305C2306D71D1BB9812BE9F712597FBDF
                                                                                                                                                                                                                                                  SHA-512:E170E7A987646CFC71D9A18FF7119DAEA7AD9C57040C4BD131F86499F663328E9A82240F130699AC10F9D2DDC04154C6D2661A32D768E98B40A0472698E31C3F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................X....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_en-GB.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.636317941438334
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FR/vElagyh6QuXCA702Jy0WEwRPxh8E9VF0Ny9+W+Eh:F9gagyhiX9y0WFRPxWEjaE
                                                                                                                                                                                                                                                  MD5:D73F4E5F97B987B8CC6403909C3E6242
                                                                                                                                                                                                                                                  SHA1:0A7075A927333557161BCDE22D08C35FF7636425
                                                                                                                                                                                                                                                  SHA-256:30CD762237C21B6FBA4E0B165EBAB83A997C093BB088A3DF56CEE400F5946439
                                                                                                                                                                                                                                                  SHA-512:F7B561BCA0F7DBA8BEB19EA4E2B041766FCEBB940776ABD4C79E561ED0997E6D8E3F27927E5DAB6F03CD45ECEFB568BD872DC67F456BF19881546B51DE955B13
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................L.....@.............................G....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_en.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44008
                                                                                                                                                                                                                                                  Entropy (8bit):4.6565699525229025
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FbRnyUEagyWmpRjy+Jy0WXyDPxh8E9VF0NyYIm9:FbE5agyWqby0WGPxWEm
                                                                                                                                                                                                                                                  MD5:2059F62477F33F9943DCE5DB380F09A1
                                                                                                                                                                                                                                                  SHA1:62300C5FA2465D535D77B9D378BE7039CE32A234
                                                                                                                                                                                                                                                  SHA-256:CA0F11FE6BCD7CBD9897F73A0B5208C49779B298A2DF260CE084912AE73E5C66
                                                                                                                                                                                                                                                  SHA-512:AEC61BB34B79A6666E8EAF56372D049F184F02894B8425FAADAB9C4A2E812BFECF250FE561CB92FED2F3B965735BC2E7E97904C2667241A840611C0F4E0C768F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...L.d...........!.........z............... ............................................@.............................D....0..(....@...q..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_es-419.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.646030612051221
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FI4fk8AqfN4imEDMaJy0WG6sPxh8E9VF0Ny2C4:Fdk8TfN40xy0WiPxWEIv
                                                                                                                                                                                                                                                  MD5:E4A1B678F8B6FAB9034EC4657F1D264C
                                                                                                                                                                                                                                                  SHA1:4ACCEDA598F41B7FED6EC58E65121D0A37256638
                                                                                                                                                                                                                                                  SHA-256:FAF3E79C113E5423DC0C2308FEEA2B1F1D8A5AFA1BB2D9AFCF4684DAF4B6CA95
                                                                                                                                                                                                                                                  SHA-512:2F0E1015224B255535ECBC3691E4F96A6885DC59CDDFBADCA160DA9A45C6BEF2C24AFB6FB3057FE7144E739AAB54F6BAB936A9EA59450411B8E02B318E495B3F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...5.d...........!......................... .......................................2....@.............................H....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_es.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):47080
                                                                                                                                                                                                                                                  Entropy (8bit):4.630177626115215
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FwNCID1Nz518DNQJy0WEnKPxh8E9VF0NyON:FbIxNN1SAy0WlPxWEo
                                                                                                                                                                                                                                                  MD5:5F9A8F94E5B85C41CD81F88119D04F30
                                                                                                                                                                                                                                                  SHA1:D5DAC5F57002A1B43B0A83EADC9D2627492505B8
                                                                                                                                                                                                                                                  SHA-256:AC2418963CA15734DE3135131C1BDA03D7E602034DFCA75F8D11BCA47B577AB9
                                                                                                                                                                                                                                                  SHA-512:A9BA94B650BFE076584D1F465B293F49C9DDFEF747EF51B728FB4988391874542F8029BF4699B304132C8B96A29F29935A213102F3A8EBD3086C54BE6ED86388
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..p|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...p|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_et.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.645463686029905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F3EEy0TbDFbDZETJXTSQ8QjGJy0WizPxh8E9VF0NySS:F9j96dHYy0WWPxWEE
                                                                                                                                                                                                                                                  MD5:9BC3B29E68A70E0DA276D2F80D5609DF
                                                                                                                                                                                                                                                  SHA1:DA3DA32BCA70E64D461B2B7F25C0FB1B0B4B5A0D
                                                                                                                                                                                                                                                  SHA-256:19BA49FA519608B6955018FB8B77E39D1356EB1817A8993622F8565322C14CFA
                                                                                                                                                                                                                                                  SHA-512:2781E997A4F3C92DE141F14250098779307513F4E7C4D493F40341B6A4FDF09671E6FC64781D2AF38B5F19FB8CDF9C2EC03A5724B291F8D279FFF952AD3DD3D2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................:.....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fa.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44008
                                                                                                                                                                                                                                                  Entropy (8bit):4.845272670813686
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FqrH4OZNIY5pihSQJy0W3ZPxh8E9VF0NyFxn:FO7cy0WJPxWEj
                                                                                                                                                                                                                                                  MD5:5089CC134B762C266A2D935DA3C8334A
                                                                                                                                                                                                                                                  SHA1:E4D142E7B12A64B396E83698467900209B2345FE
                                                                                                                                                                                                                                                  SHA-256:1D68B46775921FDE73E30BD0DEA980CEE5D7ACB191DF2D91E16E934400609B20
                                                                                                                                                                                                                                                  SHA-512:3A551EFDCC0C0D221EB8BF883EA5312C77FCAEFED6D1EB412351B63945DE9F905F2968C21DBEAD7634E180742DF668F8D1A5A2DBF1EE2C4102AC51291B7B1C3C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... .......................................r....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fi.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.6596573287160785
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FCcrgPnEzPhXY7R799hKh1GAm/RnVJy0WhhHPxh8E9VF0Ny9rrlR:FLinEVmNgiy0WDPxWEvf
                                                                                                                                                                                                                                                  MD5:5BAB01B758FCB17579A8AAA3ED7A6787
                                                                                                                                                                                                                                                  SHA1:53800C375AA17BB906ECA53548FA70191AF221E8
                                                                                                                                                                                                                                                  SHA-256:874E4BD71B4604929D88E50D673D52A1A1BC6AFA78C244DD642BA20F302F3E44
                                                                                                                                                                                                                                                  SHA-512:05C5936FE09642E71FF8A8ADE4F4F2283B67E8EA79B58C856008DE14CB7BA1163EDFE54B16E517CFF1354693792627B1CAF45D8F0BE5A3D563B9592A4711D4BF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ......................................3.....@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fil.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.640479522161056
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FUJKU7UNPli+B3RVaw7ykIIjyC/zaJy0WLnaPxh8E9VF0Ny4S:F72U9li+B3RVawW3WrSy0WbaPxWEG
                                                                                                                                                                                                                                                  MD5:17F5249CFB6519985F90655B8D802117
                                                                                                                                                                                                                                                  SHA1:2A09E55A2FD07214DAF47A331B6CDDFEA543141A
                                                                                                                                                                                                                                                  SHA-256:2362F65816A9D66D94E1B3B4BCE49D2E967B5C92C9326321107A84AB811ACA1A
                                                                                                                                                                                                                                                  SHA-512:0EE92E8D81A4E6988F1D2315D5E2AA78629EE142E38D6F104F5115FD983CC3E98142E88859DBCA879315A6843A8AE65B26C507AC4EF25D3B11293551C0B90DAD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................k.....@.............................E....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_fr.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.662517782893104
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FM1NdxA98EoIcpW4xq9aJy0WbiA4Pxh8E9VF0Nyko9hl:FadOaIcNjy0W2tPxWECah
                                                                                                                                                                                                                                                  MD5:FA87C9DCCA6C104EF4B31FA398150A98
                                                                                                                                                                                                                                                  SHA1:22A7F252994BD2C99ACA4F1C544BA1E88A249F4F
                                                                                                                                                                                                                                                  SHA-256:0B5678F58A8F8C8619D0940D981B40971F8B42028EDBB2FA845731C747D3B567
                                                                                                                                                                                                                                                  SHA-512:FD918AC8E95A7CB33CFCC141ED25F1D5848497BF3645F912FCDBEA64A1BAD1ABB440248E2F56E1C7D7BA8AFE4D3B44D83FEB8C759970203F5CBA147737F4C3B1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...b.d...........!......................... ......................................<.....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_gu.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.923122510985089
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F0Uc/d3UTeAV4DzYCQ+fwmkIjkiJy0WpJ84nPxh8E9VF0NyZEdgnV:Fm1UTe7VbRy0WpPxWE/V
                                                                                                                                                                                                                                                  MD5:E9C9B0BAA58684779947F9DDAC85E83A
                                                                                                                                                                                                                                                  SHA1:FE70F8278CF6594D111BB53E0059F1C023AEDCC0
                                                                                                                                                                                                                                                  SHA-256:19154A82982A69B588B8A89AC086E80E515B05704899E1B8CA7AF3DE460568F5
                                                                                                                                                                                                                                                  SHA-512:41A03F1FA4242E5297F3D4FD18911B64AB1D31E529C964A7A5327E3B8C1389BD1F9CE4EA5A444D64B36808D908BF663235DA81BECA3145049257E258E483FBA8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................B.....@.............................D....0..(....@..8z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hi.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.8817065986468595
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:Fc6qx6AN6Aaqxzxm8qRXtpqCGay0WKLPxWEE:Fc6qMX31LPx
                                                                                                                                                                                                                                                  MD5:282452593ED4C14AA8AD486698BCBB31
                                                                                                                                                                                                                                                  SHA1:8CF912912503649E440E632CEA6B4427A0B1102E
                                                                                                                                                                                                                                                  SHA-256:CA151F677D1D9ABC95C708726B3D04C62AC7C7836ED9B875C5B1F7D67BC4F75A
                                                                                                                                                                                                                                                  SHA-512:9FC0A8FC7641A104B3976F37421DCBA2083878DA535B3662A6FC1F697CEF5108D1715BA618806CAD4E74B13F2E2AAEA10090937F1BD13CDCBB9D8EF7141CFFE2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hr.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.6636431303483
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FZitIPeVOXz19zzMH5KBL/yoiGgJy0WXfjjPxh8E9VF0Ny6/R:F8I+5oL/xwy0WLjPxWEs
                                                                                                                                                                                                                                                  MD5:85D54C0B73692E53C5B8657ACD189EF5
                                                                                                                                                                                                                                                  SHA1:907D142F69B742F7DE5F8738325C7CAE9CA06ECD
                                                                                                                                                                                                                                                  SHA-256:4BAD5B8F0372FC19E9414F997B2CF713D81F48FEC6238CDBEFA65CF138E9F5A9
                                                                                                                                                                                                                                                  SHA-512:3B1B2792237EF8F6143644FF54D25E7BC95ABF1C89291B0B1BB16DE4C8CC00B7DCE18510306BC94C19CA2BEB33472CCF4DB2976D508E817F06A695F4FB4F6345
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!......................... ......................................F.....@.............................D....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_hu.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.688666100525905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:FfG7U7RPX1C2TycfBwGFTbeSTZ46931lBVZpjqAy3FGVsTsy0WMNPxWET:FfG7U791C2TzpwGFTbNZ46d1lBVZ5qAV
                                                                                                                                                                                                                                                  MD5:EC0EAC7B38E7B4FB9F4F3E97CED70502
                                                                                                                                                                                                                                                  SHA1:8A21DEADB00C4A23ED0EF2728C5EBE6D58D8E93C
                                                                                                                                                                                                                                                  SHA-256:D083015F17E68E2304A2F4C9A130BF2891A1B3545DCF35E3E6367276BC8FF1C9
                                                                                                                                                                                                                                                  SHA-512:43E7EC301C8E4E7259B6038EC5F17C52C27B64CAC69511B6325B50B949F56A782312D28D7264BF4469D3A48FCB73DE831DE0FB388735E1928774742B0D0E8383
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_id.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.639484979051941
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FpZ0+vL3THRxVkAHqIaHQRf2I95yrUdGqPfpJy0W5C0NnPxh8E9VF0Nyoum:FEWfqgbfzy0WnnPxWE+L
                                                                                                                                                                                                                                                  MD5:351FAB792600FABBB172E0EB3308A6CD
                                                                                                                                                                                                                                                  SHA1:A9BD979F85AC2EE04B63A6F0A266EFA64318207A
                                                                                                                                                                                                                                                  SHA-256:FCF17CCCBD9988C121B3754DE7234B3041B7FE83C763A364AFD043297C780745
                                                                                                                                                                                                                                                  SHA-512:1C3F626FEF266DA6E8FA5737ECA5CF089150C7CCE2B990ED9F75B2757B509CCB0D15DD38B8CCFB05403C35DDD24745A2105D098B4855E951F987EAD934FC2552
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_is.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.658477005342536
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FOKL63eZkioif2lIPaAjYkUVQFoMUefV3PONJy0WBDPxh8E9VF0Ny6xL3:FouyibAIibkUVQF5UefV3iy0WFPxWEU
                                                                                                                                                                                                                                                  MD5:85BCF7664BAE9ECB72C8480214FAE669
                                                                                                                                                                                                                                                  SHA1:172FFCD25B4956AB674C008BA1BC6796FDBA11DF
                                                                                                                                                                                                                                                  SHA-256:45F41E8D25867AB8C2EF78B866FBED4A201CD451713AEFED27A1E6C4E550FE88
                                                                                                                                                                                                                                                  SHA-512:5A92ED998134963A7B76B44A5C6CA8F248BDBB13AFADDC72A5AD1915EC22C98415387295AE2E08209E1BFD866EF878BBBCCF9759C4442DB98340DFB6345B77E9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!.........~............... ......................................%L....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_it.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.6324666300251005
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FLEXOjrIN+sah3MO/Jy0Wt9zIjoCPxh8E9VF0NyTKF8b:Fq2IN+P3Jy0WzI/PxWENw+
                                                                                                                                                                                                                                                  MD5:B85708D2C23D44CAC26488C1ADCD676E
                                                                                                                                                                                                                                                  SHA1:195D94B76B8D31976ED804DC79ECEE120BCCF6D3
                                                                                                                                                                                                                                                  SHA-256:DF621055A085663B147DBFD1F54961A7F4299E7714A69541CAC6E2A8DB17CDA4
                                                                                                                                                                                                                                                  SHA-512:83CBACA8F28F4855685365477B008993F00477C006B931B6413BA4FCDE89010B8BDFD0F4DBEEBF864802931BC95CFBDE7DF3D17CAB40D45661AF0B15143D78AC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..Pz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_iw.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):42432
                                                                                                                                                                                                                                                  Entropy (8bit):4.854173056599383
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FB3XBjD2r9v7hdVexaDyQa/f8sS+9GmJy0WJd1w4DPxh8E9VF0NyYok7o:FCFNMrSQy0WTZPxWEym
                                                                                                                                                                                                                                                  MD5:05AAEE6122E3534C4ABF3B3D95E6EAAA
                                                                                                                                                                                                                                                  SHA1:D17CEECA35099A36BD99CC017A603B4F486D9FE0
                                                                                                                                                                                                                                                  SHA-256:C7292A8852AF042741E768702611672C3CB51E6291A3856249FF240CF5D238A4
                                                                                                                                                                                                                                                  SHA-512:A58EB20DDCE03517804A80C536DDBD7866263A68D362AEBC9F7991B81ADF62069CBD39582A88F06F125DBC666EA5CA07C95CA36763B72FE22C6784A64F9CD8EC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........t............... ......................................H.....@.............................D....0..(....@..@k..........Hz..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ja.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):41408
                                                                                                                                                                                                                                                  Entropy (8bit):4.883723947959775
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F/RouMWEHjkgWDMNGJy0WUqcPxh8E9VF0Ny1nB:F9HEDkgWiey0WkPxWEXB
                                                                                                                                                                                                                                                  MD5:F88EF38633AF35044AD10C3400990BC1
                                                                                                                                                                                                                                                  SHA1:B605DA6DB49B5C7648912DBBDC17CD0CC70D7B11
                                                                                                                                                                                                                                                  SHA-256:9975AE9DF9F8B81C50DCCD0E95D5AAF279F7991071D09E05DC9F622E5497EEF8
                                                                                                                                                                                                                                                  SHA-512:D7BE229D8E65A47CF119AF62FDB6720D6A2C9263AC69B6AFA3FADB1BD79EC273D4B0842C73722B629BED0204558933BB108C1A156478E485A5304B39A9EDDAC4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........p............... ......................................F.....@.............................D....0..(....@...f..........Hv..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_kn.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.954692594620765
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FQdMeRW2As8RBSBRPfetJy0WYhupRPxh8E9VF0NyHZ1GF:FX/swkOXy0W+YPxWElrG
                                                                                                                                                                                                                                                  MD5:56A3857ADD97B0AB7C19D551028545C2
                                                                                                                                                                                                                                                  SHA1:10F0A5B7A2FBE9221C133529B8A5E0B36B421C4A
                                                                                                                                                                                                                                                  SHA-256:30B0A74E6F825986E8794911FCFCDA4131B505BB0B5E93BECB098CC1BBEE8D1F
                                                                                                                                                                                                                                                  SHA-512:83C846FA62A0AB70AB07B57927F4F53305949A14E942DB8398E6C90769B47894BC9BCB4E3FB9748173A492C43FF5849E4CAF59FD5242757C0DCF7664EB05E522
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................L.....@.............................D....0..(....@..P{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...P{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ko.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):40896
                                                                                                                                                                                                                                                  Entropy (8bit):4.911833136088746
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FCJcEWZFDd4IY+N1vZsYoRHgA12MrlxB4xRkkTY1M5tkOe+VjJy0W7VPxh8E9VF4:FUlWXmmAq/jveoy0WxPxWEu
                                                                                                                                                                                                                                                  MD5:16454F5496343F3383905BEAD12F3388
                                                                                                                                                                                                                                                  SHA1:1F38F482A2957A5E19BCA744C13A8931E4AB73D7
                                                                                                                                                                                                                                                  SHA-256:4ADDF9F4A52596B37878C3CDEC55F962632272E6C81E4BE75F52C824CBAA840D
                                                                                                                                                                                                                                                  SHA-512:4D77D9102583AB084BD7BEE4345202CCA3F7AD1D9A307BB4486A38ACFDAE4F878908E411E1FC92B3CE08F284E3BD8C6DBF321A8F19592ECA7CBD257C413139C8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...e.d...........!.........n............... ...........................................@.............................D....0..(....@..0d..........Ht..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0d...@...f..................@..@.reloc.. ............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_lt.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.677692678096642
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FGqI1qXnc9eHz0CwTF1B+jF2Xw1KJy0WFEPxh8E9VF0NyO/dz:FOackHz05TF1YjFmy0WuPxWE4F
                                                                                                                                                                                                                                                  MD5:E0DA28606791E47FA9B7D50F3637FA65
                                                                                                                                                                                                                                                  SHA1:00DF626C1C14D57DC0AB1EFCCFC3CA0B700F3F26
                                                                                                                                                                                                                                                  SHA-256:FB4C1B85935F88E2215CCA897993AFDE01740A36429B1D515905AD42A5F9FA5C
                                                                                                                                                                                                                                                  SHA-512:9795261821859668D22D63086EC0A6D034043859229138B7899A862DDD6317754479B5D53ABC24895BF91A4370C4648EA9CBED1858E4F44992C6C498090DB1C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... .......................................A....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_lv.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.703009692113209
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F4sqvepyAxOeKdeccQJy0WZy8Pxh8E9VF0NyISi:Fw8fey0W08PxWECz
                                                                                                                                                                                                                                                  MD5:C8802E1E924F5CA936D967BE9FA5DA69
                                                                                                                                                                                                                                                  SHA1:31FC7A8BCE71548AA52D0BBB877416BD3B647D98
                                                                                                                                                                                                                                                  SHA-256:92CEC5B3CF76DBA98E62A750EACDEE2BC871364133A4C76CDB1E8AEFCB702BC0
                                                                                                                                                                                                                                                  SHA-512:4289AAC7A6B5AC3EC0BC767612965D9F9386C832B6F98D44D245CB45D6239C620E7FFC0EBD47793C9014CBAB9B0BD56A6467191806841DA17059C3FE45E2F217
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ml.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):48136
                                                                                                                                                                                                                                                  Entropy (8bit):4.926909967496055
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F/TZz4S1BzFZygd8/JLosSJy0WucSjPxh8E9VF0NynYWq:FrR4ISJLgy0W/SjPxWEFY
                                                                                                                                                                                                                                                  MD5:16F9F18C873FB7C00F08917F1AF83EB3
                                                                                                                                                                                                                                                  SHA1:0FB99CC388FE54D5AA875F79E65A0A73E99D9323
                                                                                                                                                                                                                                                  SHA-256:E6F74C212F2E8EB4163C2DDAE84F488B73DEF9CE886340F4A9AF6864978D859E
                                                                                                                                                                                                                                                  SHA-512:799209ABEC146B52F3EB5C4D5AFC3DC6482A3B0CFB21C1F1F876BD87D1014E7079AE694C12A80D4660063D9C3D309E9028B4A90887572BCB848B5ABC21AB7317
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...l.d...........!......................... ......................................[.....@.............................D....0..(....@..8...........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_mr.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.898551846960824
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Flbeoedw/7JK7bABYlNpJy0WfWPxh8E9VF0Nyq4D:FAlw/7JK7b9jy0WePxWEU6
                                                                                                                                                                                                                                                  MD5:B44F9C9DCB53514D6A496C3506F74DBB
                                                                                                                                                                                                                                                  SHA1:1DC610693F782D08E3D6985351C298A61AE40614
                                                                                                                                                                                                                                                  SHA-256:430FEF5E3BC821188BFC9A180334495B92CB0E8D8C7FA0CED774031D9A7FC8B6
                                                                                                                                                                                                                                                  SHA-512:B7C9E4F838BFEF2B781D3871455D7B850135B8FF97FC1968E49BC2AC0B0B1F33DA759AD34F8E43D858A0971F8C2DDCA51925A5A65061E5B90DC4505405DC5748
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................8....@.............................D....0..(....@..Hy..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hy...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ms.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.652027629630858
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F546L/TKrQLtUv6oNpaAYjZZ/fbMgTRlRE/5nJy0W8g/Pxh8E9VF0NyNDA/XV5:FVw+f3TFAy0WH/PxWEXDiL
                                                                                                                                                                                                                                                  MD5:8E1DC4C71BC03D10ED3BD2293B6C3A21
                                                                                                                                                                                                                                                  SHA1:6649BCDF0D137AFFA4CA983135FE5EBE3336A495
                                                                                                                                                                                                                                                  SHA-256:0C0B827C7ED352F5FC376B3F2F2064CA7A27828907BE77C66585CC457A769F16
                                                                                                                                                                                                                                                  SHA-512:AB785D0FFA1F7FA7754254905752366B9BE7B592248DFCF036B087A2EAD07E112228B4D36B954DAEFF2ADB24A0566A9552168BC3FE7FCC5E4DF0E56A95B8042D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................7"....@.............................D....0..(....@..ps..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...ps...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_nl.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.64263735417891
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FUdjv7nGXd/T32SPxLLJy0WGT1+Pxh8E9VF0NyazyEH70:FwGtKqNy0Ww1+PxWEU
                                                                                                                                                                                                                                                  MD5:9DAD72B74700EEE3D33603BFFF9E1F98
                                                                                                                                                                                                                                                  SHA1:5C9DE57CFD021549D6B34AE225E44BF0BFD662CB
                                                                                                                                                                                                                                                  SHA-256:6BDEF62FBFEB7B054E17F463C24A878F537EFFC82F8E3CF96D977265E44F2659
                                                                                                                                                                                                                                                  SHA-512:DDF30DD81788173FB0332B548C40A03B9BBD1B32074C54C36150D7AD64AA7DF5974A8FE6D2155E17E22A505F66DFC54147E7B9F88B644EC0F573ACBCB61992CE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...[.d...........!......................... ............................................@.............................D....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_no.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.660574455025035
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Fio75JZSiyCSiyVKwRAYSTv4q6K3Q5PacJy0WlxjPxh8E9VF0NytvuLK:FWhCYWv6K3Qby0WbjPxWEHGLK
                                                                                                                                                                                                                                                  MD5:EE0889163C7A670DD81A3E05D52EE458
                                                                                                                                                                                                                                                  SHA1:A7A834305FAC8F75B1556234F5C0381623B29984
                                                                                                                                                                                                                                                  SHA-256:E1960E7A05427B85D79F60F8A163A68CC29C6011A87521DCDC00B1F1A3D8B606
                                                                                                                                                                                                                                                  SHA-512:679C4163ECE96C888D3B72926A1BD710C444A07290E60DEB274A7426B7850826650F3CAEF4338639881526F1C7FE179C12AF671C13BF24BB5E67052B37F23D88
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... .......................................}....@.............................D....0..(....@..Pu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pl.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.699948735964885
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FuwzJhn7KZHCCN08Gp6WDgxTJy0WppKPxh8E9VF0NyKNky:Fb7y3+yHy0WqPxWE8a
                                                                                                                                                                                                                                                  MD5:4C826E19B27FC31A8141C1735A3A093C
                                                                                                                                                                                                                                                  SHA1:E74FA47D26AB8A2C45E6DB2DB94E27FB84FA6437
                                                                                                                                                                                                                                                  SHA-256:421DDAAB31E480790E5989E145C050010959E629702E3187870C12E451278A92
                                                                                                                                                                                                                                                  SHA-512:0AC44BD5A24B05D49B08ADFCD53C7C5A45D97E8798A854AFDF9BF374438F657C56255C690BDF0837EA154ACB71DF83D0DF1491DEC7D5D4DFB9FE272AB507C593
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..(w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pt-BR.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.66752824702996
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FGTbq/Zc+GZX8aF8zQJy0WCJ65Pxh8E9VF0NyL5:FuCFSy0Wk65PxWEd
                                                                                                                                                                                                                                                  MD5:C5DA26E0E296C4C1666BF60B0CE16911
                                                                                                                                                                                                                                                  SHA1:93D4C57699BF8AA981E3EBF8B33992F2CA45DE75
                                                                                                                                                                                                                                                  SHA-256:5A04FEA91640E065F67F1427F171270CE769CB3E2155F340834C935783AAC634
                                                                                                                                                                                                                                                  SHA-512:E6175D639071FD13F00ABB0C2B1876387899158CB824182783710C1177E18B5E02B18B70C0CE91F32F1367F8CA5C92F1E8D1F98BA6918D7312BD6ADE56D9FABC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...O.d...........!.........~............... ......................................-C....@.............................G....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_pt-PT.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.646340111209961
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FVEK+wstFNEx6ewBIiI2XhJy0WQGSPxh8E9VF0NyC2nEm:FVUMx/ULry0W0PxWE88N
                                                                                                                                                                                                                                                  MD5:1ADDBCF6719F81E880737EF30CA89BE5
                                                                                                                                                                                                                                                  SHA1:043C046AA3420339067C6DDFFBA253393057B0A3
                                                                                                                                                                                                                                                  SHA-256:9E229B99EC1725BA355B7F905A46BD4C7D15DAE3A7FA5CF54A8C199B6BB572BE
                                                                                                                                                                                                                                                  SHA-512:6931634D5096C236930FD4CA3C850D9DA325010DE96D99A7C26EEB9E7153DA7F4D3203F7D332820DE5F4D045296CDDBF9890EB6D157E27E82C46AA098EB6ECF7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................Da....@.............................G....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ro.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.668533720243672
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:FTnC1yNbMUB251BRHc871nDtCsy0WK4PxWEr:FTeBRHnRDLJ4Px
                                                                                                                                                                                                                                                  MD5:0802BEFFB8CC1942F450403A83DAD91A
                                                                                                                                                                                                                                                  SHA1:6BFE6CFCFDB789FE15365AD39AC60D7CFA782C31
                                                                                                                                                                                                                                                  SHA-256:A15770A440E09967BBB25E4B8B326AE2596DD80F483CE12AA21678D0DBAD9233
                                                                                                                                                                                                                                                  SHA-512:6F960C168536251F871F1FD3EB6E62AEA407DF0FE3218EBCEBEEE2CD5B3DE0675CDD874253F3259776B9338FFB9B6B4C608E769E21F9847C25600E3769B303BC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ru.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.876003031420293
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Fm5y4uF44vKAvHdho4d283lmJy0WR22dPxh8E9VF0Nyvdz:FtZvHsFy0WnPxWEJ
                                                                                                                                                                                                                                                  MD5:722B3E9E83D16481C12B803537F72AF3
                                                                                                                                                                                                                                                  SHA1:D245E7A40305CFCA26A9EE4B95CB7C1859EBBDB8
                                                                                                                                                                                                                                                  SHA-256:F44BBD97D7B300262AB1F9D4C918B3B980D41419E91669B04E36756A5683974D
                                                                                                                                                                                                                                                  SHA-512:4A5A6DCF554C97885DA2632850CE380A7371264F78D0E268E34690E6820CDC2B7B671F7055709DD92A77291FF618FC9619308B89D4D7920F46CBFDE284FB00AA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...9.d...........!.........|............... ......................................GM....@.............................D....0..(....@..xs..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xs...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sk.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.69456859037089
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FpXaHdicuh+PiR6gLTPB2wJy0WELPxh8E9VF0Nysz9:FpQqjRjJy0WKPxWEy
                                                                                                                                                                                                                                                  MD5:F8796BBEE22813BE0658163260FADA1B
                                                                                                                                                                                                                                                  SHA1:F0AD54100A996E41011D9FFBE084CE7681299C9E
                                                                                                                                                                                                                                                  SHA-256:8EE1C8984C63767959CD2ABC99BDBD860DA47B9D4B762982E045764F2FF56FE0
                                                                                                                                                                                                                                                  SHA-512:8D9D3168D4D4A7E50AB856D3BB87CDABA5609B809BF0BDB9BFF00D7FD925B4AB750FA19DD9FD44131B46C72F87852D1FFC76144DF3F3CA450A0E173BFCB3C76D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@.. u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sl.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.657549160186828
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FuqToeST0shVyixlk5TpWBdf1i2IXouscM89Jy0WrTpKPxh8E9VF0Ny2WW:Fhv4lk5y1YZsAy0W0PxWEYP
                                                                                                                                                                                                                                                  MD5:A7B4B48A39BFD0C344FE3D41545B76C9
                                                                                                                                                                                                                                                  SHA1:B28B71015E1A3710F1C042291D398C6119FD48A7
                                                                                                                                                                                                                                                  SHA-256:C828237E6C4C8623F1F2E9598A62936769355EE7BEA317460CE645CC7AF1D911
                                                                                                                                                                                                                                                  SHA-512:1D15AA6913E32D7200055F8B29ADD8E5A2C4A9070B9CD906788E4DBCC5F5BD5FBC14E47805A051569AE51792C0065F8ED6F9414E968D466418B10056C0A541DD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................V_....@.............................D....0..(....@..pv..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...pv...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sr.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.872942179610346
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FWPbqSW7ixHUjY13tGPJzJy0WEtqkPxh8E9VF0NyBF:FKqOUjudGHy0WwPxWEb
                                                                                                                                                                                                                                                  MD5:799B04C0C9700BAED67AE3AF641B8946
                                                                                                                                                                                                                                                  SHA1:25050A1D302F6F3BAB291FAF07C7AFB147BD6992
                                                                                                                                                                                                                                                  SHA-256:A77EC067351FEEB80B8F8375C98F993360CB52B7C5F90DA90A8C9A08CD544E5F
                                                                                                                                                                                                                                                  SHA-512:D3D15D4BB99EB167040A319BA56797F718DA3FAB1CDF131E290F5A9A03876C9F41705820EC52E55686DE7FD5B1969ED7896888A2358FD41DB3588EBB63ECD58D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!.........~............... ......................................L.....@.............................D....0..(....@..Xu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sv.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.664578663662526
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F9a0GdxC7vc3ELOlJy0WcCDJjZ2Pxh8E9VF0NyP+/o:FRAxCDc3Eyy0WsPxWE9c
                                                                                                                                                                                                                                                  MD5:CA50F99E4418798ADDA414C81118C2B5
                                                                                                                                                                                                                                                  SHA1:2F24E7B5C81DF67236C1A692E3FF4091D10907F5
                                                                                                                                                                                                                                                  SHA-256:C055262DE24BBC07462232258CB082C6E6D5FF1502CE2909B9CDA46CD27ABF75
                                                                                                                                                                                                                                                  SHA-512:83C199505517CCA36FB86066C73DAF9C35611A5E58EEAD3F49AFF1631DEEB188CCBE7B671439CACC0904B3CDF9A7C8EAAE0CE371AFE14F4ADFD5D042D31D2C7A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_sw.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.694492393037756
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FnHdpqgicgiY7upv4M5IOyAeJy0WXaQPxh8E9VF0Nyz1R2:F9QQ07Gv4M5My0WJPxWEh10
                                                                                                                                                                                                                                                  MD5:1DC167C856FE15596A907B56A5451F38
                                                                                                                                                                                                                                                  SHA1:6803F563B7F78C6D7133FC1D2C6126EEA1D9FEBF
                                                                                                                                                                                                                                                  SHA-256:E31B4E78C820A17124669D3A2B56C2373FD2C21BC5F0E87565C0AE8B5307E236
                                                                                                                                                                                                                                                  SHA-512:18FDE8537E95411C9814DB12E780CA7AD4E6756A97F2CE05CC30653E2C4F3735BD09AF6D2F9C23BC6ED5DB09231D8070E1025738B8C0B32214E217CBCD250A13
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................F....@.............................D....0..(....@...z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ta.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):47080
                                                                                                                                                                                                                                                  Entropy (8bit):4.948448659499415
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Fd08e0wcY51ZLm+4Lw3OTJJy0Wn+EsCLePxh8E9VF0NyK9Qm:FX5fY51ZLm+4Lw3wy0WXs+ePxWE8p
                                                                                                                                                                                                                                                  MD5:F2827506727689200C75B134AF3A81B7
                                                                                                                                                                                                                                                  SHA1:701B606A684B30BFA376F4F244582FF32BB9E6CF
                                                                                                                                                                                                                                                  SHA-256:8831BDCD00FE1055E32CED62DBC3437612EE704FD331DF35D8ADF4450C95D3B6
                                                                                                                                                                                                                                                  SHA-512:3069C2BFBE34E27A4309843B79585F89C44D0949F1EF51C3FBB79A91310CA8C8C9373E603E356AE1DA575A7D60A056FFAA2742AC356248A30C00BAB02B2AB680
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!......................... .......................................r....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_te.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.900098776782017
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Fxfyhq1o45Z4aJALD61VJy0WVDPxh8E9VF0NyEc:FshGV5yaaLDiy0WFPxWEu
                                                                                                                                                                                                                                                  MD5:C6A338676486B4405CBCFFD9E95B6DFA
                                                                                                                                                                                                                                                  SHA1:6B7E2FE7EEDB08B289FC4DAB01BFB1EC648EC416
                                                                                                                                                                                                                                                  SHA-256:EA52171A1BA9D431C9E4E99DB45EF64D5AAD5C224A80A731BBAC428D626360DC
                                                                                                                                                                                                                                                  SHA-512:08C73FB7DAA69E6D7F5E3A23D1D5761EBE158A7863CC754F80EF7CEB57100E2337819F6733203121C85FB898002660298BD8B9221D96E5B1FA3D96CC22D05406
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..Hz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_th.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44008
                                                                                                                                                                                                                                                  Entropy (8bit):4.898585189301246
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FAcYp+lrGsMKNMAcetNebrJy0Ww+w8Pxh8E9VF0NyHS2t:FaglrGszNMJetNmy0WttPxWEdXt
                                                                                                                                                                                                                                                  MD5:921A76FC57260B64D56F85651968A802
                                                                                                                                                                                                                                                  SHA1:DE76CBF4AEECB954EB67937D57FEA4D053AAA89B
                                                                                                                                                                                                                                                  SHA-256:CE33AD0DBA4BEC40377B9ABFED4EE3C03CF1F159DB500F95366C377F6FE49664
                                                                                                                                                                                                                                                  SHA-512:62BC3D4395562561A52E0A387454C631ADDE175AFDDAA3DE6084E0B55D89538AC49D3A7AC04EDDDB1E4013862AF9C3706D40EAF249443598A16B5521852DE00C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... ......................................#.....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_tr.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.710217028647626
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:F0Jp9ABk6qXQEdmvgh57GE+G9Ahrx++BzQSXjy0WebPxWEC8:F0JZhdmva7GESxLQK7fbPxt
                                                                                                                                                                                                                                                  MD5:5BA91381EEAE1785BA89FC890808C7A9
                                                                                                                                                                                                                                                  SHA1:CE3CD4E4007837F3A8D1629AA9366A0FAF4B2792
                                                                                                                                                                                                                                                  SHA-256:B6B7B4A056D3449349BD0981B48AD1DCBC32AA5B41C4FF9B680F994D540744EF
                                                                                                                                                                                                                                                  SHA-512:E8325BD2E545D322AD9627F6B631402A3868612B407C4F84CAD0B3C834EA0EA5D4ADF5DD88B7D539BC231B4651A5F2C0BFF1FC1D843005B1C96A56BB249D2DF0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_uk.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.886468370762969
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FNUVbL1KgHWyC2EeEWNXE/GfuyziJy0WlUPxh8E9VF0NyJTgk:Fy31luhy0W+PxWEH8k
                                                                                                                                                                                                                                                  MD5:65C37B9914F7786AC7E3C3584C8F7A62
                                                                                                                                                                                                                                                  SHA1:3B2D785698F96CC92A6AF481283406657FFF65E0
                                                                                                                                                                                                                                                  SHA-256:9945A40CD5E0075A55A6691717D8A59C98BD85AE84E938041DD6EF5427A88B0A
                                                                                                                                                                                                                                                  SHA-512:5005A480EA3243F8232B44BA091A66227AC10CA51219B9915923B7C394538BD498B33062C1E88316BBD84CEBBCDEF80B901014A8A595DED29BDDDF2F85904308
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_ur.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.8564330106913625
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FmQE7wL2A+OmAcoWu9OeeZyYGdJAAJy0W5ySxPxh8E9VF0NyVQcVfC:FkE2A+OmAcoWAOeesYRQy0Wg+PxWEXV
                                                                                                                                                                                                                                                  MD5:CBAFB9B9B8760B0C3DBC3F0216C7513A
                                                                                                                                                                                                                                                  SHA1:0A28C2BC915B06C549DDADD8A31FE0A912090155
                                                                                                                                                                                                                                                  SHA-256:5E7C4916662FED930983ED046FF7DEF877F10D5375C510653C37A985BC547531
                                                                                                                                                                                                                                                  SHA-512:5FE40E9A820C46055B0E9934C5A8BC2E43BE90396436CD076752696C8576E2212D0A5D15F4C149866FC68500410727C1D30A6F1EF55ABDC0CF96DEA2F2BB3AC8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...f.d...........!.........~............... ...........................................@.............................D....0..(....@.. t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_vi.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.771867334398084
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F+SM5fQghFjncDyv4Jy0WAWBQHPxh8E9VF0NyDff1R:FzYfDhVc5y0W3OPxWEh1
                                                                                                                                                                                                                                                  MD5:C34505DD2FAE316B795AE2D1E934AFB0
                                                                                                                                                                                                                                                  SHA1:864A67B9017573DD438AE321210ED720C454184C
                                                                                                                                                                                                                                                  SHA-256:0AF644546C66B952795B0A7D05AFCCFE87E9D572073C99F8CDCF146EE5705857
                                                                                                                                                                                                                                                  SHA-512:00B2FDCFE24CD17C7418E471BEC762F235669E0DB35D05D2023E155D0B543F65BA1115450D01FC5D02177AAA2CDAF10CC640506E6CEAB716F0C4F2ED44D7767E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...s..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_zh-CN.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):38816
                                                                                                                                                                                                                                                  Entropy (8bit):4.841517965818435
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F5xjPSJshAFBMHwzJy0WKGPxh8E9VF0Ny/NU:FrpAFBTy0WvPxWEJa
                                                                                                                                                                                                                                                  MD5:2BE99DBDE29BAB1363E5848B84362E23
                                                                                                                                                                                                                                                  SHA1:3149C9598CE3CB29EA0E756C9E12DCECB8628283
                                                                                                                                                                                                                                                  SHA-256:B5927FB9699C79D77B1D49F322BACE29801776CCEE4F91EECAE00F04F6431396
                                                                                                                                                                                                                                                  SHA-512:44E66C99747F6857883585653894F333B638A4A19AEBD1C9CEF6D264064EFAFD7A77FDED06F5F5C14F0E489E2555D17576EE3152E347CC74B8BC7E5741F3A5A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........f............... ......................................c.....@.............................G....0..(....@..`]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...`]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\goopdateres_zh-TW.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):38816
                                                                                                                                                                                                                                                  Entropy (8bit):4.854603942594096
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F++/JutGmmBdcJy0WsinPxh8E9VF0NygBjY:FNATy0WjnPxWEKK
                                                                                                                                                                                                                                                  MD5:2667B44345F8C493F41C9C65B2B40B70
                                                                                                                                                                                                                                                  SHA1:0969DC5411520E3FDC242D6D1F5289DC69218526
                                                                                                                                                                                                                                                  SHA-256:3BEE374E97F8C0A2EDA5A6509CBFE21B4DC3BB9E0CAC62CA908F8EB049A3EFEC
                                                                                                                                                                                                                                                  SHA-512:8D746F5AA6A21EC1FBB05E35554396BCD0E017CED7D65409D721B75CC4DB04FE7FA944F4122C1BE1E6AEF47E1DEADDF444A943BF9D5632E906BE123013B85ECA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...P..d...........!.........f............... ............................................@.............................G....0..(....@...]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\npNortonBrowserUpdate3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):519152
                                                                                                                                                                                                                                                  Entropy (8bit):6.796206581178465
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:bcP2nPG96akIIm7D0W1IK+K2XaTPwKwJIC:AP2n+96WD0vWoaTYKwJ
                                                                                                                                                                                                                                                  MD5:6B3F50DD9E9D077CD50902BF1B79427C
                                                                                                                                                                                                                                                  SHA1:32B57A6452CABF75DC4162EE026D396A13933955
                                                                                                                                                                                                                                                  SHA-256:9CC9D08D8E71D15E15D32B2A5DE58766A7DBFFEA37F476A739A42231C26A2777
                                                                                                                                                                                                                                                  SHA-512:5856C0B791F93E4DB5C0950568C45BCC3D132466661B7A9C1B85C21ADBEA91EB5C9744E67F5CF2877F934DA3C278550D7FDE294A6CAEAFC634CBCE71DBA40EC4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........iI..'...'...'..}"...'.rx ...'.rx!...'.rx$...'.rx".Z.'..T...'..}#...'..}$...'..}"...'.rx#...'.rx&...'...&...'..}....'..}'...'..}...'..}%...'.Rich..'.........................PE..L......d...........!....."..........[........@............................... ............@..........................=.......>..........h...........H....;......8I...&..T...................@(......H'..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....I...`.......8..............@....rsrc...h............J..............@..@.reloc..8I.......J...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\psmachine.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):396216
                                                                                                                                                                                                                                                  Entropy (8bit):6.6364472604888975
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:n4bSrQpVFWtouGV7AstKS4rHICzoHz25HxPqJKCJAOFbr0uY6ckgOdi:qSUpVF64XsS4rHIC7qVJz0eHLi
                                                                                                                                                                                                                                                  MD5:8648A09E9EB09453D7153101E25F8FCE
                                                                                                                                                                                                                                                  SHA1:B55B5E28317A5F1452BCBAC2704747B3DC4483D3
                                                                                                                                                                                                                                                  SHA-256:BE8DB74FBEF1CD2EEE7C2A8957B33634913EEA9CBD20B1E875B95878BBFBC42A
                                                                                                                                                                                                                                                  SHA-512:57BFF27A142062691507B1D99AB8086FACEFC3A211484B97281964F615F2C5259760622FA83155F4198BB48E3D2B54795B4E316D9156C293939D318ED959CDC4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......[....@.........................P3.......4...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\psmachine_64.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):521784
                                                                                                                                                                                                                                                  Entropy (8bit):6.353157166068969
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:lcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0ToohzmVj50ZfxA6ckV:bnSgciKFK/IMakZvvClDE0TooU10xH
                                                                                                                                                                                                                                                  MD5:29991826BE3385C3A92B49F672F92026
                                                                                                                                                                                                                                                  SHA1:9F16C72BA044E378167F631C41CE1B3D818E0806
                                                                                                                                                                                                                                                  SHA-256:7FCEBD4FF83566305500F9BFDD342EB57C502B427A12EF281092FAB94E142827
                                                                                                                                                                                                                                                  SHA-512:F525CDF3EA0B77CCA0475433E6DF3A577F76479C0B6BECCC0B41A147D9372A4BA8586D84FB0ADC5660A4BC28359DACCBE76691C604748AC56991210E344D748F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d...M..d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\psuser.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):396216
                                                                                                                                                                                                                                                  Entropy (8bit):6.636012823818412
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:S4bSrQpVFWtouGV7AstyS4rHICzoHz25HxPqJK7JAOY1r0Oc6cOgOdi:dSUpVF64XMS4rHIC7qIJW0ypLi
                                                                                                                                                                                                                                                  MD5:737520D5A13D92E1210CBFFFC64C109D
                                                                                                                                                                                                                                                  SHA1:F6677A3AA960225DBE682678289FBFFE4AF3C9CC
                                                                                                                                                                                                                                                  SHA-256:6A59B47E916C73C046D604956A050CC5AF9A0C96D1DAE51CD8ABDEE17F273085
                                                                                                                                                                                                                                                  SHA-512:89BD770D565553ADA2123CAFDBCB3443E5B304BF0D0EE901CE2DE0E7C6245B08162F2FE39C7FCFC1A7908105A3A00DF3BD8DD3EA0CE13F96C91DAF21EAE2155B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......d....@.........................P3.......3...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUM4AA6.tmp\psuser_64.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):521784
                                                                                                                                                                                                                                                  Entropy (8bit):6.352828173572569
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:ZcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0Tooh/RYD50Zfx86cSAj:HnSgciKFK/IMakZvvClDE0TookV0xr
                                                                                                                                                                                                                                                  MD5:4FBD1394EEAA4D5F7BD66AFDC6FA088C
                                                                                                                                                                                                                                                  SHA1:8D09DC6A9C06A8B549273BF121E7D3D41E8929CC
                                                                                                                                                                                                                                                  SHA-256:7A9F75B840515009ABDA7BCA9372C97C5514E32D0324A2D01A7FE377A3889762
                                                                                                                                                                                                                                                  SHA-512:089160F6D4AEE7A1C6C550F256BF52573A71E8CDCBFF19AA829618DC1D29B772288CA76A270001DA09B19BFA175DC20829607F9C3035C672D2289550927371F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d......d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\GUT4AA7.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  File Type:POSIX tar archive
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11550720
                                                                                                                                                                                                                                                  Entropy (8bit):6.033044964444277
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:+aEmBopka2Rn0ttjsQlms7+oWD0/v+lzP+5ItO04rq7D0S8zpWwRFh4rH5EaFh4l:SpF2Rn0ttjt7+1I0RQcmiGYTGLB
                                                                                                                                                                                                                                                  MD5:0E16371DE9A96CAA60FFE3CCAFBC8343
                                                                                                                                                                                                                                                  SHA1:DFF8071D944CDE352DE9F34CCFE785F7DE1C3C0B
                                                                                                                                                                                                                                                  SHA-256:9DAB943357DBFEBD3F2AC522D9C4565E90EB8428A01248F7F1D68BFB75B5A416
                                                                                                                                                                                                                                                  SHA-512:28D6C511392E06CD0A4EB19573DF78A0E12215253D36ED10BB84AD70203A9204C1638AA836BD57AAD036D2BA6D31AB5F827AC60F81A1F4C26B89C56B25FC49CB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                  • Rule: PlugXStrings, Description: PlugX Identifying Strings, Source: C:\Program Files (x86)\GUT4AA7.tmp, Author: Seth Hardy
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:././@PaxHeader......................................................................................0000000.0000000.0000000.00000000034.00000000000.011452. x....................................................................................................ustar.00................................................................0000000.0000000........................................................................................................................................................................28 mtime=1686220543.2942097.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):383232
                                                                                                                                                                                                                                                  Entropy (8bit):4.3682050352007735
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:iPfhJk6XlsbrElrmPARuDnQe09E32yIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AD:cfYKsHKmz+K32OTixcvcDwn
                                                                                                                                                                                                                                                  MD5:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                                                                                  SHA1:894F3E31CC3666728F2D7A8DB6840D4726843DE5
                                                                                                                                                                                                                                                  SHA-256:A178FFAD4526B68BA0106032D612164004F20F08B8EF7FDF986429A1CF7708A0
                                                                                                                                                                                                                                                  SHA-512:882A9392507BF0E089952F17E2F40DB0C5E1C52C6A6F5C7CDAD61DEDAF1AF734F23C317C0DA77A980D6ACC38E169302E1B024AD393BB730851786146BC38E17E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........2R..aR..aR..a...`X..a...`...a...`F..a...`t..a...`C..a...`@..a...`Q..aR..a...a...`S..a..%aS..a...`S..aRichR..a........................PE..L......d............................T.............@.................................t\....@.................................d'..(....P..(f..........H....6..........L...T...............................@............................................text............................... ..`.rdata..<].......^..................@..@.data........0....... ..............@....rsrc...(f...P...h...*..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):404480
                                                                                                                                                                                                                                                  Entropy (8bit):4.403596063022666
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:Pzfvhld4VAmlAfFUtxsIKGNGdyIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAA9:bvhP4VHlAfFUYdOTixcvcK
                                                                                                                                                                                                                                                  MD5:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                                                                                  SHA1:A6F3796A310B064D1F2A06FAA9B14C4A104506DA
                                                                                                                                                                                                                                                  SHA-256:77B695E9292A10A98C3FC1D25AE05C44FB18A54D74A473D4497B840C8BA94DEA
                                                                                                                                                                                                                                                  SHA-512:CBA5DAB19BDEAFC4ECA223A4858B566E3AF21FD690F4F6971864C519D284AAF5A3DF70B98AEB5FABC66A68E515505B203B0BF1C61ECB92070E8E30A92BDA6FAC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g0...^...^...^.;v]...^.;v[.U.^.;vZ...^.s[...^.sZ...^.s]...^.;v_...^..._..^.sW...^.s....^.s\...^.Rich..^.........PE..d...=..d.........."..........6.................@.............................@.......z....`..................................................l..(.......0f..........H....7...0..T...pW..T............................W..8...............@............................text............................... ..`.rdata..............................@..@.data................f..............@....pdata...............r..............@..@_RDATA..............................@..@.rsrc...0f.......h..................@..@.reloc..T....0......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdate.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):440608
                                                                                                                                                                                                                                                  Entropy (8bit):4.477495049012643
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                                                                                  MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                                                                                  SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                                                                                  SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateBroker.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):384296
                                                                                                                                                                                                                                                  Entropy (8bit):4.381583745540333
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:Vvs32BUKqsL6FBqrk0z3M+82nOiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAn:Bs3Uq+2qXnOeTixcvcGLNI
                                                                                                                                                                                                                                                  MD5:A86AD7C0E95907CBA12C65A752C02821
                                                                                                                                                                                                                                                  SHA1:26EE2DF5A6A47FE976AF1592B20BCBEBDAFFC4DB
                                                                                                                                                                                                                                                  SHA-256:4E596090A150EB2B7478A42B7A2287EB8E0C80ACF2776AA7A55DFE9CC5013718
                                                                                                                                                                                                                                                  SHA-512:62D869B8FEC28D10EC6A1B78B6F92555B0DBA2E92BAC203C569CACCB30B1BB33128346C158A04262271D43D09AB0ED207B99A19354215D5A8907FCA01B654C60
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L....d..........................................@.................................R:....@.................................$8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..b^.......`..................@..@.data........@.......&..............@....rsrc....f...`...f...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):438592
                                                                                                                                                                                                                                                  Entropy (8bit):6.45992761938075
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:/iooQx+F24u9wHXNiOc20bNcooY50EkY:/mQUkyiOc20ZcW0Er
                                                                                                                                                                                                                                                  MD5:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                                                                  SHA1:69D5E69DDF4132FA2A5AE8B8B36CE047E560A476
                                                                                                                                                                                                                                                  SHA-256:B2DAA382D892FEDB01EE0FC960671A96C1D21C663F1883D800F70D72FDD13F91
                                                                                                                                                                                                                                                  SHA-512:A484F13F5427B20623BC0451BD223C0D89EDA0B0789749B46F2981CD7818A0D795B2868840E5BB9A0C6C8020939D085814A6BBBAAE4425B2F0C398C913F246DF
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5..PTg.PTg.PTg.$d.[Tg.$b..Tg..!c.BTg..!d.ZTg..!b..Tg..!n.kTg.$c.ETg.$f.MTg.PTf..Ug..!b.QTg..!..QTg..!e.QTg.RichPTg.................PE..d......d.........."............................@....................................R.....`..................................................................p..t4..Hx...8......d.......T.......................(... ...8............................................text.............................. ..`.rdata...|.......|..................@..@.data...08...0......................@....pdata..t4...p...6..................@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..d............j..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateCore.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):755696
                                                                                                                                                                                                                                                  Entropy (8bit):5.78064070271127
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:W7HWEcC7f+bctMN8hnPTscowfOTieHsgX+:W7HWvbcNPTJowfOu2u
                                                                                                                                                                                                                                                  MD5:5174340282DD8A0FF39480395F5BC5D8
                                                                                                                                                                                                                                                  SHA1:08100AB4E019A149CC484BDA66CCC5C28DC2D2ED
                                                                                                                                                                                                                                                  SHA-256:C78E5106DEBB7D891A9B3DF684EDE2DA295B8E7B595F899CEB8400786A627EC6
                                                                                                                                                                                                                                                  SHA-512:8B2A3DB0DEE98435F2C5ACF8DE8617FE72ADD9155F3AF491CDFBE6770346DD31CAD387D3E2877E3E5332117A30D08DA428CBF9C7E3C72C6E6E486F4626BFD1AF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U...4.P.4.P.4.P.D.Q.4.P.D.Q84.P.hjP.4.P.A.Q.4.P.A.Q.4.P.A.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.D.Q.4.P.4.P.6.P.A.Q.5.P.AhP.4.P.A.Q.4.PRich.4.P........PE..L....d............................0t............@.......................................@..............................................f..........HD...C...`...A..Xw..T....................x.......w..@...............8............................text...*........................... ..`.rdata..............................@..@.data...DG..........................@....rsrc....f.......f..................@..@.reloc...A...`...B..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateHelper.msi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):3.710330368678027
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                                                                  MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                                                                  SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                                                                  SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                                                                  SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateOnDemand.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):384808
                                                                                                                                                                                                                                                  Entropy (8bit):4.377706577325397
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:zvMP2ZEKysLSFBqr80w3M+D2nKiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBAW:bMPMy+eqLnKeTixcvcjLNm
                                                                                                                                                                                                                                                  MD5:C9824519E8613D8B4CAD44060069C19C
                                                                                                                                                                                                                                                  SHA1:8D253977D0236494471FBFDAA6AB3EEF1315AC15
                                                                                                                                                                                                                                                  SHA-256:11F3E42F19333E5917E7DB62FA8E7F966EB9624E86711E413AA43284B8D03244
                                                                                                                                                                                                                                                  SHA-512:0F2E11E11C1C8D477EA8C2C6C70D24484AE913CC1FC785E945141BD035745914CA307D67BDEC3A45D443BEBEDDB536A910E4E1F2A285AA807217576262AE4D21
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.......................................@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text...s........................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1910576
                                                                                                                                                                                                                                                  Entropy (8bit):7.58137479903026
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                                                                                  MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                                                                  SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                                                                                  SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                                                                                  SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateWebPlugin.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):384808
                                                                                                                                                                                                                                                  Entropy (8bit):4.377540113876844
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:A3sX2IVBI6XgpbbreB3Hu9+323+iIFWNjdkjAGAOK0Lxmb9rvp3AzAwBf801AJBU:qsXTIgmbl3+eTixcvcXbM/H
                                                                                                                                                                                                                                                  MD5:1B7BD9F313FC670D5DFC1EDFEEF50D0E
                                                                                                                                                                                                                                                  SHA1:F95F0DB0E6392022D314EFD14F9B4D542D2DF3C2
                                                                                                                                                                                                                                                  SHA-256:968A9AE84C45CF635CAB1F50843CD970FAE0BDF3F7837FE26D7D64C8E3C0A837
                                                                                                                                                                                                                                                  SHA-512:232FFA2890FC3504EE8D2DECB80603B5873C8AC9E8F92D09E3E4BE7AFAE7DD88121CD176F5C487BB59809B577705F226B7C63D8743CBE4FCEABFECD429D765FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.z..@)..@)..@)>{C(..@)>{E(T.@)>{D(..@).~E(..@).~D(..@).~C(..@)>{A(..@)..A)..@).~E(..@).~.)..@)...)..@).~B(..@)Rich..@)................PE..L......d..........................................@.................................5.....@.................................,8..<....`...f..........H....6...........-..T...........................`-..@............................................text............................... ..`.rdata..j^.......`..................@..@.data........@.......&..............@....rsrc....f...`...h...0..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\Recovery\GUR74A4.tmp\NortonBrowserUpdateSetup.crx3

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):372
                                                                                                                                                                                                                                                  Entropy (8bit):5.477080087772333
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:hxuJzhqIzyYk+qRU4zEdxXZiqNpGeNEYEQQpFMq8hJg9O/UKUPUrhlUu9MK34QL:hYXc4xXgqmeNs3Mq8M0/hUcrHd9LIQL
                                                                                                                                                                                                                                                  MD5:B7009711580178EB3A5943C095E555E3
                                                                                                                                                                                                                                                  SHA1:F9B12D94A852C70973F1598E6E766E5C0BEE6170
                                                                                                                                                                                                                                                  SHA-256:76F2AF3F7033B55C399109D96541D76A91A00A51F3CDA7422F4A073D10A9E7C9
                                                                                                                                                                                                                                                  SHA-512:11C7E024A0616219BC7214071F66B7E8A930E60F22EF90F3619CE7B08497B95316FD23D2AFEB6EFD22DA92FC3DDCFE48AB3D831338D7D58403FE7AC7B4FB5105
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1.8.1649.5&amp;userid=%7B0E196050-DA70-4D2F-82A5-B1AF29DC64EF%7D&amp;osversion=10.0&amp;servicepack=</pre>.</body>.</html>.

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):561456
                                                                                                                                                                                                                                                  Entropy (8bit):6.89287156869539
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:Yfpc+D07/a7PLl5FibVV1e80fe7KM7DhphezIhSMXlLSGvYOO:ID0KcVV1e8IkKM7DjhezIhSMXl+onO
                                                                                                                                                                                                                                                  MD5:A400B5A4A3CA4745149ABAA4C58FAB2D
                                                                                                                                                                                                                                                  SHA1:D8BC7CF9735E4A6958FEB7079A505BD1C4516F24
                                                                                                                                                                                                                                                  SHA-256:89515235500904C8BD34844D4C71F2707750BC5E7C48AFD3409B012EB5A1E544
                                                                                                                                                                                                                                                  SHA-512:2762EE517E08FEBA6345521ADF6C516352B672882DB2A6D3220F2A62A60EFB6CB2DD2AB04BDC20A60092A5922A4B7C83484C8FD3FAAC3BA817A4BDE84D23592A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................................E.....................................u...........................Rich...........PE..L...[..d...........!.........p............................................................@.............................l.......(....@..p...........HT...<...P...8......T...................@.......h...@............................................text...d........................... ..`.rdata..............................@..@.data....-....... ..................@....rsrc...p....@......................@..@.reloc...8...P...:..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\acuapi_64.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):719056
                                                                                                                                                                                                                                                  Entropy (8bit):6.672324901238704
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:X+vBHtQ7iF5WOFQYOupOwoH6LztpMQV/t9WQF2FiWurraKlIDn1LGNGho44v+aXx:X+5HnQYOAR7WGtZhezIhSMXlgIv
                                                                                                                                                                                                                                                  MD5:56464A7270CDE8F1EFE3A4DF0C7FBA88
                                                                                                                                                                                                                                                  SHA1:3B857008BDB409DAEF3441C656C0CA09B283F80E
                                                                                                                                                                                                                                                  SHA-256:85FBCDB8D8FF254D35664000529BC1FDE00427B624F806E6A2CF839AD7332698
                                                                                                                                                                                                                                                  SHA-512:A0E7E8C45129E44D775DBB3DE53D72F17EA17EBDCCA89C0C69B56FB6AD3694227466452387378F915241390769BDF42B5E58D104C8C1839915878DD698F30CDF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.b2w..aw..aw..a!..`r..a...`{..a...`...a...`c..a%..`y..a%..`}..a%..`8..a...`p..aw..a...a/..`u..a/..`v..a/..av..a/..`v..aRichw..a........................PE..d......d.........." ................................................................aB....`..........................................A..p....A..(.......x........A..H....B......$...x...T.......................(......8............................................text...,........................... ..`.rdata..n}.......~..................@..@.data....?...P...&...8..............@....pdata...A.......B...^..............@..@_RDATA..............................@..@.rsrc...x...........................@..@.reloc..$...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdate.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1707520
                                                                                                                                                                                                                                                  Entropy (8bit):6.329347716504747
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:Lpkb22RntN0ttjsz1srDlmsmTKmTyuuNV:Lpka2Rn0ttjsQlms7
                                                                                                                                                                                                                                                  MD5:5F2D68D3FDAEB09AE78622A5AE59FCE0
                                                                                                                                                                                                                                                  SHA1:D959C2A9E03C0C4017682C5F48EB1BBD84DD796E
                                                                                                                                                                                                                                                  SHA-256:F2AF299BE74EBBFD19BB476D66BDE4D55BFB571004B6349EB5EF1971955F683F
                                                                                                                                                                                                                                                  SHA-512:D0F9BA99DF9153A8487FD0C4A3F81C0138AEABAAED9875A8E175531E2BDF18F7B89AE14CF52BF7F546B3B5076B87080096D5C15558B9BD16A44585C0C0171C54
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........n%.B.KMB.KMB.KM..LLC.KM..ML@.KM..HLP.KM..NL..KMsS.M@.KM.zOLS.KM.zHLZ.KM.zNL..KM..OLc.KM..JLi.KMB.JM/.KM.zBLr.KM.zKLC.KM.z.MC.KMB..My.KM.zILC.KMRichB.KM........PE..L...b..d...........!................oG...............................................E....@.........................`...T............@..(...........H....c...0..........T...................@.......h...@............................................text............................... ..`.rdata..j...........................@..@.data....\....... ..................@....rsrc...(....@......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_am.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44008
                                                                                                                                                                                                                                                  Entropy (8bit):4.850152460164065
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FR/vRi4k4+R2T35Jy0Wp2xPxh8E9VF0Nyme:FlIZJQy0WsxPxWEc
                                                                                                                                                                                                                                                  MD5:72E47A3D3E835B08D1AE65D4F69F77E0
                                                                                                                                                                                                                                                  SHA1:7F086000901CF2518C35E1734EA1ED9E10DE369C
                                                                                                                                                                                                                                                  SHA-256:FF74207E5107DC2DA38AAA4DE10BC8EA83FAECB2BCA0BF985A7E5A6B427643C0
                                                                                                                                                                                                                                                  SHA-512:02124755B52423CF734C6CC28AF44FA7F8DC79EB4E9E475208FB6591AA2317A149B7EFC0E5E7A3DFBAEB9CDEF9ED69084C45DB6221003DE69D6AD1B45B9C09CB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........z............... ............................................@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ar.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):42944
                                                                                                                                                                                                                                                  Entropy (8bit):4.835542008183028
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FruDM3lkCAu+JGPpHJy0W5m2Pxh8E9VF0NyhAd8:FUSlkCAd2y0WPPxWE7C
                                                                                                                                                                                                                                                  MD5:A37370A759932400EED7EAEDDBB482CE
                                                                                                                                                                                                                                                  SHA1:638E51217F7DF449D41067AB3135D5912517B858
                                                                                                                                                                                                                                                  SHA-256:F183305C17D1C06C3006816E1BAD733599E977C1207332799399CEBCBDC7DF20
                                                                                                                                                                                                                                                  SHA-512:9FAD66444C544519FF4898DEE7772923DD0708A27422D02475715E9F1B10C058CBDD8B4C53E8B0E25F7B0CC4B967DD33AD4A36BF21A4099699F87B69FEC4DD97
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...1..d...........!.........v............... ......................................{6....@.............................D....0..(....@..Pm..........H|..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pm...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bg.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.8691314938087595
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FsBzeydckieGZBOcuUFjJy0WgXTPxh8E9VF0Ny6gIBb:FmLVEDNfy0WQPxWEkDR
                                                                                                                                                                                                                                                  MD5:01F941A4B83FABF16E5BC21100B69D38
                                                                                                                                                                                                                                                  SHA1:AB6E4B97F90CF44CE6463E96FC97BAFBFDD750AC
                                                                                                                                                                                                                                                  SHA-256:79E3DA0E23396DABF17FDC7850D84BE5BFC7D6C7E27D6A83EC2DD3537CDE8912
                                                                                                                                                                                                                                                  SHA-512:DAAD8ABF022623447EFB08B1B931F52F2328587FE3FED0D510D036E72CC0F293C8584D10F63EF3268768E93C75018CDF4D4128BF863D517B432EB758570C8EA1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_bn.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.936222804071481
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F0aapGvUx7tYF7qWF0FrHF6rjbmBwRbooJy0WNRuyZPxh8E9VF0NykWri:FWsrBF0FrFnBwZy0WT/ZPxWE6
                                                                                                                                                                                                                                                  MD5:663E632846D59788FCEB10677488AEBC
                                                                                                                                                                                                                                                  SHA1:D55E88C98121FCEFF9D290E48982B7B4F2204BAA
                                                                                                                                                                                                                                                  SHA-256:1DFC05748521BCCA9C4BB71E2F02E2FA52B657D0F8DB1747BC9B4B27997A60D6
                                                                                                                                                                                                                                                  SHA-512:13F29325EA1C5055B4F344B7B43B52E754D3C1645263F0168F8936D26B98EB5E352E1F1DAFD68E99DC88A6B976A23BD0BA2DC1A73AC27186B8B5F742A18C8C09
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...w..d...........!......................... .......................................@....@.............................D....0..(....@...y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ca.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.655403186782661
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FTYiIP42ArzVuJG4bPl7aJy0W3kPxh8E9VF0NyVhQ6:F6Q2ArBuhoy0W0PxWED
                                                                                                                                                                                                                                                  MD5:EC63069EFD260AD24F218AE84882F3FF
                                                                                                                                                                                                                                                  SHA1:5875DEFDF669CC4747C4F68536E9117DE2BD4A53
                                                                                                                                                                                                                                                  SHA-256:BC60127E50FA8E89422966554F1E9319A0E0DD750525812463E0560E48D92FBD
                                                                                                                                                                                                                                                  SHA-512:13D4FE8F6227C54EF928CAE48F8B2854218DA04174B60D70BCEE410C248AD2CFA974402093A795AE275C5F4CDCECDD9426B50FCDBC3F0F64B6F0B0D9BB06EA2F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!......................... ............................................@.............................D....0..(....@..(y..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_cs.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.69656607023198
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FAthlsBWpKJkbYAA+fjoDJy0Wim+FPxh8E9VF0Nyy6:Fwb+y0Wt+PxWEs
                                                                                                                                                                                                                                                  MD5:0FCE99454CFCC351D251FA0E9EA77840
                                                                                                                                                                                                                                                  SHA1:7B9575192E105B4CB724F51238A2E5E956A76425
                                                                                                                                                                                                                                                  SHA-256:8DD39E95CD3515398AED12677DB59D71C0773588FF927A6A782A3BEFCF5B1F5D
                                                                                                                                                                                                                                                  SHA-512:61AA083B1C5E2EE9DE23C9BB14B25DEB71A3E6F962495542F83F8D068D5046722D287A7EF5247217FA5EA712572B0EEEADC1B2B3263CB70C061648FED030CEC2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L......d...........!.........~............... .......................................5....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_da.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.656501839350111
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FIq7uqfNnwtpY6PSKpJy0W/s0UEjPxh8E9VF0NykMR3nD:FLHnwkOdy0W0lEjPxWEqq3D
                                                                                                                                                                                                                                                  MD5:D6F44DC235F838BF4E52165182FC0969
                                                                                                                                                                                                                                                  SHA1:1EAAD935A6FF147ACBB041397B9E9D63B0EE1270
                                                                                                                                                                                                                                                  SHA-256:8883FD2E7810EB9C4DA66888BC548074FE990AE652CE59A053CBD25E39AE08DB
                                                                                                                                                                                                                                                  SHA-512:20792C1D1E1C174EB86F72BA92F83A92C025DEBF68DB2BA9E3C9346FE4ECCEAFE0F94BE62706CB8D16F8A6529A9358A4FC8A189B22178E501B654A1D4F6952A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...a..d...........!.........~............... .......................................D....@.............................D....0..(....@..Hu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_de.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):47080
                                                                                                                                                                                                                                                  Entropy (8bit):4.647516797051505
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FjmAR6HUj8gtdF0Me39ADEZoJy0WwymPxh8E9VF0NyaBB:F6ojeMe39APy0WwPxWEc
                                                                                                                                                                                                                                                  MD5:42B89B0A42B907D63FE680AEDD8B32C7
                                                                                                                                                                                                                                                  SHA1:2B36C8BD041331D835DD897AD5FFD29E41ABC52C
                                                                                                                                                                                                                                                  SHA-256:E1B6FA1ADC79ADD6CE803DFAF4CE5D5E4DB70EED08223C4EAA381CF0EF55C62A
                                                                                                                                                                                                                                                  SHA-512:539D3B51BF450BFB80FD90D52E8A8C2BE077ED39F3E3657FA21DE4B65E391144AFB80CE6C57AEF340EC67821EBA3A886B2E072F7D64152119187ED374B5A73C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................_.....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_el.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.945276126044921
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Fkwaa8EpeILkSIrGCSqlIxRFiAhAu8zBdfsBsTbV234sJy0WRiDEPxh8E9VF0Nyg:FgCplLO+R5U/+y0WoDEPxWE1
                                                                                                                                                                                                                                                  MD5:CB574CC86D8FD65185E9C93547D9B98C
                                                                                                                                                                                                                                                  SHA1:1271590C4BDED66D5179B1820E9F66C243DEBCDE
                                                                                                                                                                                                                                                  SHA-256:7AD4C02B86EFEAC6E068CB0A47D50FD305C2306D71D1BB9812BE9F712597FBDF
                                                                                                                                                                                                                                                  SHA-512:E170E7A987646CFC71D9A18FF7119DAEA7AD9C57040C4BD131F86499F663328E9A82240F130699AC10F9D2DDC04154C6D2661A32D768E98B40A0472698E31C3F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................X....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en-GB.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.636317941438334
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FR/vElagyh6QuXCA702Jy0WEwRPxh8E9VF0Ny9+W+Eh:F9gagyhiX9y0WFRPxWEjaE
                                                                                                                                                                                                                                                  MD5:D73F4E5F97B987B8CC6403909C3E6242
                                                                                                                                                                                                                                                  SHA1:0A7075A927333557161BCDE22D08C35FF7636425
                                                                                                                                                                                                                                                  SHA-256:30CD762237C21B6FBA4E0B165EBAB83A997C093BB088A3DF56CEE400F5946439
                                                                                                                                                                                                                                                  SHA-512:F7B561BCA0F7DBA8BEB19EA4E2B041766FCEBB940776ABD4C79E561ED0997E6D8E3F27927E5DAB6F03CD45ECEFB568BD872DC67F456BF19881546B51DE955B13
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................L.....@.............................G....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_en.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44008
                                                                                                                                                                                                                                                  Entropy (8bit):4.6565699525229025
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FbRnyUEagyWmpRjy+Jy0WXyDPxh8E9VF0NyYIm9:FbE5agyWqby0WGPxWEm
                                                                                                                                                                                                                                                  MD5:2059F62477F33F9943DCE5DB380F09A1
                                                                                                                                                                                                                                                  SHA1:62300C5FA2465D535D77B9D378BE7039CE32A234
                                                                                                                                                                                                                                                  SHA-256:CA0F11FE6BCD7CBD9897F73A0B5208C49779B298A2DF260CE084912AE73E5C66
                                                                                                                                                                                                                                                  SHA-512:AEC61BB34B79A6666E8EAF56372D049F184F02894B8425FAADAB9C4A2E812BFECF250FE561CB92FED2F3B965735BC2E7E97904C2667241A840611C0F4E0C768F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...L.d...........!.........z............... ............................................@.............................D....0..(....@...q..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es-419.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.646030612051221
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FI4fk8AqfN4imEDMaJy0WG6sPxh8E9VF0Ny2C4:Fdk8TfN40xy0WiPxWEIv
                                                                                                                                                                                                                                                  MD5:E4A1B678F8B6FAB9034EC4657F1D264C
                                                                                                                                                                                                                                                  SHA1:4ACCEDA598F41B7FED6EC58E65121D0A37256638
                                                                                                                                                                                                                                                  SHA-256:FAF3E79C113E5423DC0C2308FEEA2B1F1D8A5AFA1BB2D9AFCF4684DAF4B6CA95
                                                                                                                                                                                                                                                  SHA-512:2F0E1015224B255535ECBC3691E4F96A6885DC59CDDFBADCA160DA9A45C6BEF2C24AFB6FB3057FE7144E739AAB54F6BAB936A9EA59450411B8E02B318E495B3F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...5.d...........!......................... .......................................2....@.............................H....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_es.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):47080
                                                                                                                                                                                                                                                  Entropy (8bit):4.630177626115215
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FwNCID1Nz518DNQJy0WEnKPxh8E9VF0NyON:FbIxNN1SAy0WlPxWEo
                                                                                                                                                                                                                                                  MD5:5F9A8F94E5B85C41CD81F88119D04F30
                                                                                                                                                                                                                                                  SHA1:D5DAC5F57002A1B43B0A83EADC9D2627492505B8
                                                                                                                                                                                                                                                  SHA-256:AC2418963CA15734DE3135131C1BDA03D7E602034DFCA75F8D11BCA47B577AB9
                                                                                                                                                                                                                                                  SHA-512:A9BA94B650BFE076584D1F465B293F49C9DDFEF747EF51B728FB4988391874542F8029BF4699B304132C8B96A29F29935A213102F3A8EBD3086C54BE6ED86388
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..p|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...p|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_et.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.645463686029905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F3EEy0TbDFbDZETJXTSQ8QjGJy0WizPxh8E9VF0NySS:F9j96dHYy0WWPxWEE
                                                                                                                                                                                                                                                  MD5:9BC3B29E68A70E0DA276D2F80D5609DF
                                                                                                                                                                                                                                                  SHA1:DA3DA32BCA70E64D461B2B7F25C0FB1B0B4B5A0D
                                                                                                                                                                                                                                                  SHA-256:19BA49FA519608B6955018FB8B77E39D1356EB1817A8993622F8565322C14CFA
                                                                                                                                                                                                                                                  SHA-512:2781E997A4F3C92DE141F14250098779307513F4E7C4D493F40341B6A4FDF09671E6FC64781D2AF38B5F19FB8CDF9C2EC03A5724B291F8D279FFF952AD3DD3D2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................:.....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fa.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44008
                                                                                                                                                                                                                                                  Entropy (8bit):4.845272670813686
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FqrH4OZNIY5pihSQJy0W3ZPxh8E9VF0NyFxn:FO7cy0WJPxWEj
                                                                                                                                                                                                                                                  MD5:5089CC134B762C266A2D935DA3C8334A
                                                                                                                                                                                                                                                  SHA1:E4D142E7B12A64B396E83698467900209B2345FE
                                                                                                                                                                                                                                                  SHA-256:1D68B46775921FDE73E30BD0DEA980CEE5D7ACB191DF2D91E16E934400609B20
                                                                                                                                                                                                                                                  SHA-512:3A551EFDCC0C0D221EB8BF883EA5312C77FCAEFED6D1EB412351B63945DE9F905F2968C21DBEAD7634E180742DF668F8D1A5A2DBF1EE2C4102AC51291B7B1C3C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... .......................................r....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fi.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.6596573287160785
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FCcrgPnEzPhXY7R799hKh1GAm/RnVJy0WhhHPxh8E9VF0Ny9rrlR:FLinEVmNgiy0WDPxWEvf
                                                                                                                                                                                                                                                  MD5:5BAB01B758FCB17579A8AAA3ED7A6787
                                                                                                                                                                                                                                                  SHA1:53800C375AA17BB906ECA53548FA70191AF221E8
                                                                                                                                                                                                                                                  SHA-256:874E4BD71B4604929D88E50D673D52A1A1BC6AFA78C244DD642BA20F302F3E44
                                                                                                                                                                                                                                                  SHA-512:05C5936FE09642E71FF8A8ADE4F4F2283B67E8EA79B58C856008DE14CB7BA1163EDFE54B16E517CFF1354693792627B1CAF45D8F0BE5A3D563B9592A4711D4BF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ......................................3.....@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fil.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.640479522161056
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FUJKU7UNPli+B3RVaw7ykIIjyC/zaJy0WLnaPxh8E9VF0Ny4S:F72U9li+B3RVawW3WrSy0WbaPxWEG
                                                                                                                                                                                                                                                  MD5:17F5249CFB6519985F90655B8D802117
                                                                                                                                                                                                                                                  SHA1:2A09E55A2FD07214DAF47A331B6CDDFEA543141A
                                                                                                                                                                                                                                                  SHA-256:2362F65816A9D66D94E1B3B4BCE49D2E967B5C92C9326321107A84AB811ACA1A
                                                                                                                                                                                                                                                  SHA-512:0EE92E8D81A4E6988F1D2315D5E2AA78629EE142E38D6F104F5115FD983CC3E98142E88859DBCA879315A6843A8AE65B26C507AC4EF25D3B11293551C0B90DAD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................k.....@.............................E....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_fr.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.662517782893104
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FM1NdxA98EoIcpW4xq9aJy0WbiA4Pxh8E9VF0Nyko9hl:FadOaIcNjy0W2tPxWECah
                                                                                                                                                                                                                                                  MD5:FA87C9DCCA6C104EF4B31FA398150A98
                                                                                                                                                                                                                                                  SHA1:22A7F252994BD2C99ACA4F1C544BA1E88A249F4F
                                                                                                                                                                                                                                                  SHA-256:0B5678F58A8F8C8619D0940D981B40971F8B42028EDBB2FA845731C747D3B567
                                                                                                                                                                                                                                                  SHA-512:FD918AC8E95A7CB33CFCC141ED25F1D5848497BF3645F912FCDBEA64A1BAD1ABB440248E2F56E1C7D7BA8AFE4D3B44D83FEB8C759970203F5CBA147737F4C3B1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...b.d...........!......................... ......................................<.....@.............................D....0..(....@...{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_gu.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.923122510985089
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F0Uc/d3UTeAV4DzYCQ+fwmkIjkiJy0WpJ84nPxh8E9VF0NyZEdgnV:Fm1UTe7VbRy0WpPxWE/V
                                                                                                                                                                                                                                                  MD5:E9C9B0BAA58684779947F9DDAC85E83A
                                                                                                                                                                                                                                                  SHA1:FE70F8278CF6594D111BB53E0059F1C023AEDCC0
                                                                                                                                                                                                                                                  SHA-256:19154A82982A69B588B8A89AC086E80E515B05704899E1B8CA7AF3DE460568F5
                                                                                                                                                                                                                                                  SHA-512:41A03F1FA4242E5297F3D4FD18911B64AB1D31E529C964A7A5327E3B8C1389BD1F9CE4EA5A444D64B36808D908BF663235DA81BECA3145049257E258E483FBA8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................B.....@.............................D....0..(....@..8z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hi.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.8817065986468595
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:Fc6qx6AN6Aaqxzxm8qRXtpqCGay0WKLPxWEE:Fc6qMX31LPx
                                                                                                                                                                                                                                                  MD5:282452593ED4C14AA8AD486698BCBB31
                                                                                                                                                                                                                                                  SHA1:8CF912912503649E440E632CEA6B4427A0B1102E
                                                                                                                                                                                                                                                  SHA-256:CA151F677D1D9ABC95C708726B3D04C62AC7C7836ED9B875C5B1F7D67BC4F75A
                                                                                                                                                                                                                                                  SHA-512:9FC0A8FC7641A104B3976F37421DCBA2083878DA535B3662A6FC1F697CEF5108D1715BA618806CAD4E74B13F2E2AAEA10090937F1BD13CDCBB9D8EF7141CFFE2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hr.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.6636431303483
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FZitIPeVOXz19zzMH5KBL/yoiGgJy0WXfjjPxh8E9VF0Ny6/R:F8I+5oL/xwy0WLjPxWEs
                                                                                                                                                                                                                                                  MD5:85D54C0B73692E53C5B8657ACD189EF5
                                                                                                                                                                                                                                                  SHA1:907D142F69B742F7DE5F8738325C7CAE9CA06ECD
                                                                                                                                                                                                                                                  SHA-256:4BAD5B8F0372FC19E9414F997B2CF713D81F48FEC6238CDBEFA65CF138E9F5A9
                                                                                                                                                                                                                                                  SHA-512:3B1B2792237EF8F6143644FF54D25E7BC95ABF1C89291B0B1BB16DE4C8CC00B7DCE18510306BC94C19CA2BEB33472CCF4DB2976D508E817F06A695F4FB4F6345
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!......................... ......................................F.....@.............................D....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_hu.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.688666100525905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:FfG7U7RPX1C2TycfBwGFTbeSTZ46931lBVZpjqAy3FGVsTsy0WMNPxWET:FfG7U791C2TzpwGFTbNZ46d1lBVZ5qAV
                                                                                                                                                                                                                                                  MD5:EC0EAC7B38E7B4FB9F4F3E97CED70502
                                                                                                                                                                                                                                                  SHA1:8A21DEADB00C4A23ED0EF2728C5EBE6D58D8E93C
                                                                                                                                                                                                                                                  SHA-256:D083015F17E68E2304A2F4C9A130BF2891A1B3545DCF35E3E6367276BC8FF1C9
                                                                                                                                                                                                                                                  SHA-512:43E7EC301C8E4E7259B6038EC5F17C52C27B64CAC69511B6325B50B949F56A782312D28D7264BF4469D3A48FCB73DE831DE0FB388735E1928774742B0D0E8383
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_id.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.639484979051941
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FpZ0+vL3THRxVkAHqIaHQRf2I95yrUdGqPfpJy0W5C0NnPxh8E9VF0Nyoum:FEWfqgbfzy0WnnPxWE+L
                                                                                                                                                                                                                                                  MD5:351FAB792600FABBB172E0EB3308A6CD
                                                                                                                                                                                                                                                  SHA1:A9BD979F85AC2EE04B63A6F0A266EFA64318207A
                                                                                                                                                                                                                                                  SHA-256:FCF17CCCBD9988C121B3754DE7234B3041B7FE83C763A364AFD043297C780745
                                                                                                                                                                                                                                                  SHA-512:1C3F626FEF266DA6E8FA5737ECA5CF089150C7CCE2B990ED9F75B2757B509CCB0D15DD38B8CCFB05403C35DDD24745A2105D098B4855E951F987EAD934FC2552
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_is.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.658477005342536
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FOKL63eZkioif2lIPaAjYkUVQFoMUefV3PONJy0WBDPxh8E9VF0Ny6xL3:FouyibAIibkUVQF5UefV3iy0WFPxWEU
                                                                                                                                                                                                                                                  MD5:85BCF7664BAE9ECB72C8480214FAE669
                                                                                                                                                                                                                                                  SHA1:172FFCD25B4956AB674C008BA1BC6796FDBA11DF
                                                                                                                                                                                                                                                  SHA-256:45F41E8D25867AB8C2EF78B866FBED4A201CD451713AEFED27A1E6C4E550FE88
                                                                                                                                                                                                                                                  SHA-512:5A92ED998134963A7B76B44A5C6CA8F248BDBB13AFADDC72A5AD1915EC22C98415387295AE2E08209E1BFD866EF878BBBCCF9759C4442DB98340DFB6345B77E9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!.........~............... ......................................%L....@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_it.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.6324666300251005
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FLEXOjrIN+sah3MO/Jy0Wt9zIjoCPxh8E9VF0NyTKF8b:Fq2IN+P3Jy0WzI/PxWENw+
                                                                                                                                                                                                                                                  MD5:B85708D2C23D44CAC26488C1ADCD676E
                                                                                                                                                                                                                                                  SHA1:195D94B76B8D31976ED804DC79ECEE120BCCF6D3
                                                                                                                                                                                                                                                  SHA-256:DF621055A085663B147DBFD1F54961A7F4299E7714A69541CAC6E2A8DB17CDA4
                                                                                                                                                                                                                                                  SHA-512:83CBACA8F28F4855685365477B008993F00477C006B931B6413BA4FCDE89010B8BDFD0F4DBEEBF864802931BC95CFBDE7DF3D17CAB40D45661AF0B15143D78AC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ...........................................@.............................D....0..(....@..Pz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_iw.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):42432
                                                                                                                                                                                                                                                  Entropy (8bit):4.854173056599383
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FB3XBjD2r9v7hdVexaDyQa/f8sS+9GmJy0WJd1w4DPxh8E9VF0NyYok7o:FCFNMrSQy0WTZPxWEym
                                                                                                                                                                                                                                                  MD5:05AAEE6122E3534C4ABF3B3D95E6EAAA
                                                                                                                                                                                                                                                  SHA1:D17CEECA35099A36BD99CC017A603B4F486D9FE0
                                                                                                                                                                                                                                                  SHA-256:C7292A8852AF042741E768702611672C3CB51E6291A3856249FF240CF5D238A4
                                                                                                                                                                                                                                                  SHA-512:A58EB20DDCE03517804A80C536DDBD7866263A68D362AEBC9F7991B81ADF62069CBD39582A88F06F125DBC666EA5CA07C95CA36763B72FE22C6784A64F9CD8EC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........t............... ......................................H.....@.............................D....0..(....@..@k..........Hz..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...@k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ja.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):41408
                                                                                                                                                                                                                                                  Entropy (8bit):4.883723947959775
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F/RouMWEHjkgWDMNGJy0WUqcPxh8E9VF0Ny1nB:F9HEDkgWiey0WkPxWEXB
                                                                                                                                                                                                                                                  MD5:F88EF38633AF35044AD10C3400990BC1
                                                                                                                                                                                                                                                  SHA1:B605DA6DB49B5C7648912DBBDC17CD0CC70D7B11
                                                                                                                                                                                                                                                  SHA-256:9975AE9DF9F8B81C50DCCD0E95D5AAF279F7991071D09E05DC9F622E5497EEF8
                                                                                                                                                                                                                                                  SHA-512:D7BE229D8E65A47CF119AF62FDB6720D6A2C9263AC69B6AFA3FADB1BD79EC273D4B0842C73722B629BED0204558933BB108C1A156478E485A5304B39A9EDDAC4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........p............... ......................................F.....@.............................D....0..(....@...f..........Hv..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_kn.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.954692594620765
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FQdMeRW2As8RBSBRPfetJy0WYhupRPxh8E9VF0NyHZ1GF:FX/swkOXy0W+YPxWElrG
                                                                                                                                                                                                                                                  MD5:56A3857ADD97B0AB7C19D551028545C2
                                                                                                                                                                                                                                                  SHA1:10F0A5B7A2FBE9221C133529B8A5E0B36B421C4A
                                                                                                                                                                                                                                                  SHA-256:30B0A74E6F825986E8794911FCFCDA4131B505BB0B5E93BECB098CC1BBEE8D1F
                                                                                                                                                                                                                                                  SHA-512:83C846FA62A0AB70AB07B57927F4F53305949A14E942DB8398E6C90769B47894BC9BCB4E3FB9748173A492C43FF5849E4CAF59FD5242757C0DCF7664EB05E522
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................L.....@.............................D....0..(....@..P{..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...P{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ko.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):40896
                                                                                                                                                                                                                                                  Entropy (8bit):4.911833136088746
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FCJcEWZFDd4IY+N1vZsYoRHgA12MrlxB4xRkkTY1M5tkOe+VjJy0W7VPxh8E9VF4:FUlWXmmAq/jveoy0WxPxWEu
                                                                                                                                                                                                                                                  MD5:16454F5496343F3383905BEAD12F3388
                                                                                                                                                                                                                                                  SHA1:1F38F482A2957A5E19BCA744C13A8931E4AB73D7
                                                                                                                                                                                                                                                  SHA-256:4ADDF9F4A52596B37878C3CDEC55F962632272E6C81E4BE75F52C824CBAA840D
                                                                                                                                                                                                                                                  SHA-512:4D77D9102583AB084BD7BEE4345202CCA3F7AD1D9A307BB4486A38ACFDAE4F878908E411E1FC92B3CE08F284E3BD8C6DBF321A8F19592ECA7CBD257C413139C8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...e.d...........!.........n............... ...........................................@.............................D....0..(....@..0d..........Ht..x+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...0d...@...f..................@..@.reloc.. ............r..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lt.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.677692678096642
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FGqI1qXnc9eHz0CwTF1B+jF2Xw1KJy0WFEPxh8E9VF0NyO/dz:FOackHz05TF1YjFmy0WuPxWE4F
                                                                                                                                                                                                                                                  MD5:E0DA28606791E47FA9B7D50F3637FA65
                                                                                                                                                                                                                                                  SHA1:00DF626C1C14D57DC0AB1EFCCFC3CA0B700F3F26
                                                                                                                                                                                                                                                  SHA-256:FB4C1B85935F88E2215CCA897993AFDE01740A36429B1D515905AD42A5F9FA5C
                                                                                                                                                                                                                                                  SHA-512:9795261821859668D22D63086EC0A6D034043859229138B7899A862DDD6317754479B5D53ABC24895BF91A4370C4648EA9CBED1858E4F44992C6C498090DB1C1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... .......................................A....@.............................D....0..(....@...r..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_lv.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.703009692113209
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F4sqvepyAxOeKdeccQJy0WZy8Pxh8E9VF0NyISi:Fw8fey0W08PxWECz
                                                                                                                                                                                                                                                  MD5:C8802E1E924F5CA936D967BE9FA5DA69
                                                                                                                                                                                                                                                  SHA1:31FC7A8BCE71548AA52D0BBB877416BD3B647D98
                                                                                                                                                                                                                                                  SHA-256:92CEC5B3CF76DBA98E62A750EACDEE2BC871364133A4C76CDB1E8AEFCB702BC0
                                                                                                                                                                                                                                                  SHA-512:4289AAC7A6B5AC3EC0BC767612965D9F9386C832B6F98D44D245CB45D6239C620E7FFC0EBD47793C9014CBAB9B0BD56A6467191806841DA17059C3FE45E2F217
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ml.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):48136
                                                                                                                                                                                                                                                  Entropy (8bit):4.926909967496055
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F/TZz4S1BzFZygd8/JLosSJy0WucSjPxh8E9VF0NynYWq:FrR4ISJLgy0W/SjPxWEFY
                                                                                                                                                                                                                                                  MD5:16F9F18C873FB7C00F08917F1AF83EB3
                                                                                                                                                                                                                                                  SHA1:0FB99CC388FE54D5AA875F79E65A0A73E99D9323
                                                                                                                                                                                                                                                  SHA-256:E6F74C212F2E8EB4163C2DDAE84F488B73DEF9CE886340F4A9AF6864978D859E
                                                                                                                                                                                                                                                  SHA-512:799209ABEC146B52F3EB5C4D5AFC3DC6482A3B0CFB21C1F1F876BD87D1014E7079AE694C12A80D4660063D9C3D309E9028B4A90887572BCB848B5ABC21AB7317
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...l.d...........!......................... ......................................[.....@.............................D....0..(....@..8...........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...8....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_mr.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.898551846960824
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Flbeoedw/7JK7bABYlNpJy0WfWPxh8E9VF0Nyq4D:FAlw/7JK7b9jy0WePxWEU6
                                                                                                                                                                                                                                                  MD5:B44F9C9DCB53514D6A496C3506F74DBB
                                                                                                                                                                                                                                                  SHA1:1DC610693F782D08E3D6985351C298A61AE40614
                                                                                                                                                                                                                                                  SHA-256:430FEF5E3BC821188BFC9A180334495B92CB0E8D8C7FA0CED774031D9A7FC8B6
                                                                                                                                                                                                                                                  SHA-512:B7C9E4F838BFEF2B781D3871455D7B850135B8FF97FC1968E49BC2AC0B0B1F33DA759AD34F8E43D858A0971F8C2DDCA51925A5A65061E5B90DC4505405DC5748
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................8....@.............................D....0..(....@..Hy..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hy...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ms.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.652027629630858
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F546L/TKrQLtUv6oNpaAYjZZ/fbMgTRlRE/5nJy0W8g/Pxh8E9VF0NyNDA/XV5:FVw+f3TFAy0WH/PxWEXDiL
                                                                                                                                                                                                                                                  MD5:8E1DC4C71BC03D10ED3BD2293B6C3A21
                                                                                                                                                                                                                                                  SHA1:6649BCDF0D137AFFA4CA983135FE5EBE3336A495
                                                                                                                                                                                                                                                  SHA-256:0C0B827C7ED352F5FC376B3F2F2064CA7A27828907BE77C66585CC457A769F16
                                                                                                                                                                                                                                                  SHA-512:AB785D0FFA1F7FA7754254905752366B9BE7B592248DFCF036B087A2EAD07E112228B4D36B954DAEFF2ADB24A0566A9552168BC3FE7FCC5E4DF0E56A95B8042D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ......................................7"....@.............................D....0..(....@..ps..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...ps...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_nl.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46056
                                                                                                                                                                                                                                                  Entropy (8bit):4.64263735417891
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FUdjv7nGXd/T32SPxLLJy0WGT1+Pxh8E9VF0NyazyEH70:FwGtKqNy0Ww1+PxWEU
                                                                                                                                                                                                                                                  MD5:9DAD72B74700EEE3D33603BFFF9E1F98
                                                                                                                                                                                                                                                  SHA1:5C9DE57CFD021549D6B34AE225E44BF0BFD662CB
                                                                                                                                                                                                                                                  SHA-256:6BDEF62FBFEB7B054E17F463C24A878F537EFFC82F8E3CF96D977265E44F2659
                                                                                                                                                                                                                                                  SHA-512:DDF30DD81788173FB0332B548C40A03B9BBD1B32074C54C36150D7AD64AA7DF5974A8FE6D2155E17E22A505F66DFC54147E7B9F88B644EC0F573ACBCB61992CE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...[.d...........!......................... ............................................@.............................D....0..(....@...x..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_no.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.660574455025035
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Fio75JZSiyCSiyVKwRAYSTv4q6K3Q5PacJy0WlxjPxh8E9VF0NytvuLK:FWhCYWv6K3Qby0WbjPxWEHGLK
                                                                                                                                                                                                                                                  MD5:EE0889163C7A670DD81A3E05D52EE458
                                                                                                                                                                                                                                                  SHA1:A7A834305FAC8F75B1556234F5C0381623B29984
                                                                                                                                                                                                                                                  SHA-256:E1960E7A05427B85D79F60F8A163A68CC29C6011A87521DCDC00B1F1A3D8B606
                                                                                                                                                                                                                                                  SHA-512:679C4163ECE96C888D3B72926A1BD710C444A07290E60DEB274A7426B7850826650F3CAEF4338639881526F1C7FE179C12AF671C13BF24BB5E67052B37F23D88
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... .......................................}....@.............................D....0..(....@..Pu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pl.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.699948735964885
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FuwzJhn7KZHCCN08Gp6WDgxTJy0WppKPxh8E9VF0NyKNky:Fb7y3+yHy0WqPxWE8a
                                                                                                                                                                                                                                                  MD5:4C826E19B27FC31A8141C1735A3A093C
                                                                                                                                                                                                                                                  SHA1:E74FA47D26AB8A2C45E6DB2DB94E27FB84FA6437
                                                                                                                                                                                                                                                  SHA-256:421DDAAB31E480790E5989E145C050010959E629702E3187870C12E451278A92
                                                                                                                                                                                                                                                  SHA-512:0AC44BD5A24B05D49B08ADFCD53C7C5A45D97E8798A854AFDF9BF374438F657C56255C690BDF0837EA154ACB71DF83D0DF1491DEC7D5D4DFB9FE272AB507C593
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..(w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...(w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-BR.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.66752824702996
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FGTbq/Zc+GZX8aF8zQJy0WCJ65Pxh8E9VF0NyL5:FuCFSy0Wk65PxWEd
                                                                                                                                                                                                                                                  MD5:C5DA26E0E296C4C1666BF60B0CE16911
                                                                                                                                                                                                                                                  SHA1:93D4C57699BF8AA981E3EBF8B33992F2CA45DE75
                                                                                                                                                                                                                                                  SHA-256:5A04FEA91640E065F67F1427F171270CE769CB3E2155F340834C935783AAC634
                                                                                                                                                                                                                                                  SHA-512:E6175D639071FD13F00ABB0C2B1876387899158CB824182783710C1177E18B5E02B18B70C0CE91F32F1367F8CA5C92F1E8D1F98BA6918D7312BD6ADE56D9FABC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...O.d...........!.........~............... ......................................-C....@.............................G....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_pt-PT.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.646340111209961
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FVEK+wstFNEx6ewBIiI2XhJy0WQGSPxh8E9VF0NyC2nEm:FVUMx/ULry0W0PxWE88N
                                                                                                                                                                                                                                                  MD5:1ADDBCF6719F81E880737EF30CA89BE5
                                                                                                                                                                                                                                                  SHA1:043C046AA3420339067C6DDFFBA253393057B0A3
                                                                                                                                                                                                                                                  SHA-256:9E229B99EC1725BA355B7F905A46BD4C7D15DAE3A7FA5CF54A8C199B6BB572BE
                                                                                                                                                                                                                                                  SHA-512:6931634D5096C236930FD4CA3C850D9DA325010DE96D99A7C26EEB9E7153DA7F4D3203F7D332820DE5F4D045296CDDBF9890EB6D157E27E82C46AA098EB6ECF7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................Da....@.............................G....0..(....@...v..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ro.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.668533720243672
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:FTnC1yNbMUB251BRHc871nDtCsy0WK4PxWEr:FTeBRHnRDLJ4Px
                                                                                                                                                                                                                                                  MD5:0802BEFFB8CC1942F450403A83DAD91A
                                                                                                                                                                                                                                                  SHA1:6BFE6CFCFDB789FE15365AD39AC60D7CFA782C31
                                                                                                                                                                                                                                                  SHA-256:A15770A440E09967BBB25E4B8B326AE2596DD80F483CE12AA21678D0DBAD9233
                                                                                                                                                                                                                                                  SHA-512:6F960C168536251F871F1FD3EB6E62AEA407DF0FE3218EBCEBEEE2CD5B3DE0675CDD874253F3259776B9338FFB9B6B4C608E769E21F9847C25600E3769B303BC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@...w..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ru.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.876003031420293
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Fm5y4uF44vKAvHdho4d283lmJy0WR22dPxh8E9VF0Nyvdz:FtZvHsFy0WnPxWEJ
                                                                                                                                                                                                                                                  MD5:722B3E9E83D16481C12B803537F72AF3
                                                                                                                                                                                                                                                  SHA1:D245E7A40305CFCA26A9EE4B95CB7C1859EBBDB8
                                                                                                                                                                                                                                                  SHA-256:F44BBD97D7B300262AB1F9D4C918B3B980D41419E91669B04E36756A5683974D
                                                                                                                                                                                                                                                  SHA-512:4A5A6DCF554C97885DA2632850CE380A7371264F78D0E268E34690E6820CDC2B7B671F7055709DD92A77291FF618FC9619308B89D4D7920F46CBFDE284FB00AA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...9.d...........!.........|............... ......................................GM....@.............................D....0..(....@..xs..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...xs...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sk.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.69456859037089
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FpXaHdicuh+PiR6gLTPB2wJy0WELPxh8E9VF0Nysz9:FpQqjRjJy0WKPxWEy
                                                                                                                                                                                                                                                  MD5:F8796BBEE22813BE0658163260FADA1B
                                                                                                                                                                                                                                                  SHA1:F0AD54100A996E41011D9FFBE084CE7681299C9E
                                                                                                                                                                                                                                                  SHA-256:8EE1C8984C63767959CD2ABC99BDBD860DA47B9D4B762982E045764F2FF56FE0
                                                                                                                                                                                                                                                  SHA-512:8D9D3168D4D4A7E50AB856D3BB87CDABA5609B809BF0BDB9BFF00D7FD925B4AB750FA19DD9FD44131B46C72F87852D1FFC76144DF3F3CA450A0E173BFCB3C76D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@.. u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sl.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45544
                                                                                                                                                                                                                                                  Entropy (8bit):4.657549160186828
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FuqToeST0shVyixlk5TpWBdf1i2IXouscM89Jy0WrTpKPxh8E9VF0Ny2WW:Fhv4lk5y1YZsAy0W0PxWEYP
                                                                                                                                                                                                                                                  MD5:A7B4B48A39BFD0C344FE3D41545B76C9
                                                                                                                                                                                                                                                  SHA1:B28B71015E1A3710F1C042291D398C6119FD48A7
                                                                                                                                                                                                                                                  SHA-256:C828237E6C4C8623F1F2E9598A62936769355EE7BEA317460CE645CC7AF1D911
                                                                                                                                                                                                                                                  SHA-512:1D15AA6913E32D7200055F8B29ADD8E5A2C4A9070B9CD906788E4DBCC5F5BD5FBC14E47805A051569AE51792C0065F8ED6F9414E968D466418B10056C0A541DD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ......................................V_....@.............................D....0..(....@..pv..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...pv...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sr.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.872942179610346
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FWPbqSW7ixHUjY13tGPJzJy0WEtqkPxh8E9VF0NyBF:FKqOUjudGHy0WwPxWEb
                                                                                                                                                                                                                                                  MD5:799B04C0C9700BAED67AE3AF641B8946
                                                                                                                                                                                                                                                  SHA1:25050A1D302F6F3BAB291FAF07C7AFB147BD6992
                                                                                                                                                                                                                                                  SHA-256:A77EC067351FEEB80B8F8375C98F993360CB52B7C5F90DA90A8C9A08CD544E5F
                                                                                                                                                                                                                                                  SHA-512:D3D15D4BB99EB167040A319BA56797F718DA3FAB1CDF131E290F5A9A03876C9F41705820EC52E55686DE7FD5B1969ED7896888A2358FD41DB3588EBB63ECD58D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...K.d...........!.........~............... ......................................L.....@.............................D....0..(....@..Xu..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Xu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sv.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.664578663662526
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F9a0GdxC7vc3ELOlJy0WcCDJjZ2Pxh8E9VF0NyP+/o:FRAxCDc3Eyy0WsPxWE9c
                                                                                                                                                                                                                                                  MD5:CA50F99E4418798ADDA414C81118C2B5
                                                                                                                                                                                                                                                  SHA1:2F24E7B5C81DF67236C1A692E3FF4091D10907F5
                                                                                                                                                                                                                                                  SHA-256:C055262DE24BBC07462232258CB082C6E6D5FF1502CE2909B9CDA46CD27ABF75
                                                                                                                                                                                                                                                  SHA-512:83C199505517CCA36FB86066C73DAF9C35611A5E58EEAD3F49AFF1631DEEB188CCBE7B671439CACC0904B3CDF9A7C8EAAE0CE371AFE14F4ADFD5D042D31D2C7A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_sw.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.694492393037756
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FnHdpqgicgiY7upv4M5IOyAeJy0WXaQPxh8E9VF0Nyz1R2:F9QQ07Gv4M5My0WJPxWEh10
                                                                                                                                                                                                                                                  MD5:1DC167C856FE15596A907B56A5451F38
                                                                                                                                                                                                                                                  SHA1:6803F563B7F78C6D7133FC1D2C6126EEA1D9FEBF
                                                                                                                                                                                                                                                  SHA-256:E31B4E78C820A17124669D3A2B56C2373FD2C21BC5F0E87565C0AE8B5307E236
                                                                                                                                                                                                                                                  SHA-512:18FDE8537E95411C9814DB12E780CA7AD4E6756A97F2CE05CC30653E2C4F3735BD09AF6D2F9C23BC6ED5DB09231D8070E1025738B8C0B32214E217CBCD250A13
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... .......................................F....@.............................D....0..(....@...z..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ta.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):47080
                                                                                                                                                                                                                                                  Entropy (8bit):4.948448659499415
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Fd08e0wcY51ZLm+4Lw3OTJJy0Wn+EsCLePxh8E9VF0NyK9Qm:FX5fY51ZLm+4Lw3wy0WXs+ePxWE8p
                                                                                                                                                                                                                                                  MD5:F2827506727689200C75B134AF3A81B7
                                                                                                                                                                                                                                                  SHA1:701B606A684B30BFA376F4F244582FF32BB9E6CF
                                                                                                                                                                                                                                                  SHA-256:8831BDCD00FE1055E32CED62DBC3437612EE704FD331DF35D8ADF4450C95D3B6
                                                                                                                                                                                                                                                  SHA-512:3069C2BFBE34E27A4309843B79585F89C44D0949F1EF51C3FBB79A91310CA8C8C9373E603E356AE1DA575A7D60A056FFAA2742AC356248A30C00BAB02B2AB680
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...4.d...........!......................... .......................................r....@.............................D....0..(....@...|..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_te.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46568
                                                                                                                                                                                                                                                  Entropy (8bit):4.900098776782017
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Fxfyhq1o45Z4aJALD61VJy0WVDPxh8E9VF0NyEc:FshGV5yaaLDiy0WFPxWEu
                                                                                                                                                                                                                                                  MD5:C6A338676486B4405CBCFFD9E95B6DFA
                                                                                                                                                                                                                                                  SHA1:6B7E2FE7EEDB08B289FC4DAB01BFB1EC648EC416
                                                                                                                                                                                                                                                  SHA-256:EA52171A1BA9D431C9E4E99DB45EF64D5AAD5C224A80A731BBAC428D626360DC
                                                                                                                                                                                                                                                  SHA-512:08C73FB7DAA69E6D7F5E3A23D1D5761EBE158A7863CC754F80EF7CEB57100E2337819F6733203121C85FB898002660298BD8B9221D96E5B1FA3D96CC22D05406
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!......................... ............................................@.............................D....0..(....@..Hz..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...Hz...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_th.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44008
                                                                                                                                                                                                                                                  Entropy (8bit):4.898585189301246
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FAcYp+lrGsMKNMAcetNebrJy0Ww+w8Pxh8E9VF0NyHS2t:FaglrGszNMJetNmy0WttPxWEdXt
                                                                                                                                                                                                                                                  MD5:921A76FC57260B64D56F85651968A802
                                                                                                                                                                                                                                                  SHA1:DE76CBF4AEECB954EB67937D57FEA4D053AAA89B
                                                                                                                                                                                                                                                  SHA-256:CE33AD0DBA4BEC40377B9ABFED4EE3C03CF1F159DB500F95366C377F6FE49664
                                                                                                                                                                                                                                                  SHA-512:62BC3D4395562561A52E0A387454C631ADDE175AFDDAA3DE6084E0B55D89538AC49D3A7AC04EDDDB1E4013862AF9C3706D40EAF249443598A16B5521852DE00C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...z.d...........!.........z............... ......................................#.....@.............................D....0..(....@...p..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_tr.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.710217028647626
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:F0Jp9ABk6qXQEdmvgh57GE+G9Ahrx++BzQSXjy0WebPxWEC8:F0JZhdmva7GESxLQK7fbPxt
                                                                                                                                                                                                                                                  MD5:5BA91381EEAE1785BA89FC890808C7A9
                                                                                                                                                                                                                                                  SHA1:CE3CD4E4007837F3A8D1629AA9366A0FAF4B2792
                                                                                                                                                                                                                                                  SHA-256:B6B7B4A056D3449349BD0981B48AD1DCBC32AA5B41C4FF9B680F994D540744EF
                                                                                                                                                                                                                                                  SHA-512:E8325BD2E545D322AD9627F6B631402A3868612B407C4F84CAD0B3C834EA0EA5D4ADF5DD88B7D539BC231B4651A5F2C0BFF1FC1D843005B1C96A56BB249D2DF0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........~............... ............................................@.............................D....0..(....@...u..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_uk.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.886468370762969
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FNUVbL1KgHWyC2EeEWNXE/GfuyziJy0WlUPxh8E9VF0NyJTgk:Fy31luhy0W+PxWEH8k
                                                                                                                                                                                                                                                  MD5:65C37B9914F7786AC7E3C3584C8F7A62
                                                                                                                                                                                                                                                  SHA1:3B2D785698F96CC92A6AF481283406657FFF65E0
                                                                                                                                                                                                                                                  SHA-256:9945A40CD5E0075A55A6691717D8A59C98BD85AE84E938041DD6EF5427A88B0A
                                                                                                                                                                                                                                                  SHA-512:5005A480EA3243F8232B44BA091A66227AC10CA51219B9915923B7C394538BD498B33062C1E88316BBD84CEBBCDEF80B901014A8A595DED29BDDDF2F85904308
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....t...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_ur.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):45032
                                                                                                                                                                                                                                                  Entropy (8bit):4.8564330106913625
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:FmQE7wL2A+OmAcoWu9OeeZyYGdJAAJy0W5ySxPxh8E9VF0NyVQcVfC:FkE2A+OmAcoWAOeesYRQy0Wg+PxWEXV
                                                                                                                                                                                                                                                  MD5:CBAFB9B9B8760B0C3DBC3F0216C7513A
                                                                                                                                                                                                                                                  SHA1:0A28C2BC915B06C549DDADD8A31FE0A912090155
                                                                                                                                                                                                                                                  SHA-256:5E7C4916662FED930983ED046FF7DEF877F10D5375C510653C37A985BC547531
                                                                                                                                                                                                                                                  SHA-512:5FE40E9A820C46055B0E9934C5A8BC2E43BE90396436CD076752696C8576E2212D0A5D15F4C149866FC68500410727C1D30A6F1EF55ABDC0CF96DEA2F2BB3AC8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...f.d...........!.........~............... ...........................................@.............................D....0..(....@.. t..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc... t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_vi.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):44520
                                                                                                                                                                                                                                                  Entropy (8bit):4.771867334398084
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F+SM5fQghFjncDyv4Jy0WAWBQHPxh8E9VF0NyDff1R:FzYfDhVc5y0W3OPxWEh1
                                                                                                                                                                                                                                                  MD5:C34505DD2FAE316B795AE2D1E934AFB0
                                                                                                                                                                                                                                                  SHA1:864A67B9017573DD438AE321210ED720C454184C
                                                                                                                                                                                                                                                  SHA-256:0AF644546C66B952795B0A7D05AFCCFE87E9D572073C99F8CDCF146EE5705857
                                                                                                                                                                                                                                                  SHA-512:00B2FDCFE24CD17C7418E471BEC762F235669E0DB35D05D2023E155D0B543F65BA1115450D01FC5D02177AAA2CDAF10CC640506E6CEAB716F0C4F2ED44D7767E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........|............... ............................................@.............................D....0..(....@...s..........H....+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-CN.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):38816
                                                                                                                                                                                                                                                  Entropy (8bit):4.841517965818435
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F5xjPSJshAFBMHwzJy0WKGPxh8E9VF0Ny/NU:FrpAFBTy0WvPxWEJa
                                                                                                                                                                                                                                                  MD5:2BE99DBDE29BAB1363E5848B84362E23
                                                                                                                                                                                                                                                  SHA1:3149C9598CE3CB29EA0E756C9E12DCECB8628283
                                                                                                                                                                                                                                                  SHA-256:B5927FB9699C79D77B1D49F322BACE29801776CCEE4F91EECAE00F04F6431396
                                                                                                                                                                                                                                                  SHA-512:44E66C99747F6857883585653894F333B638A4A19AEBD1C9CEF6D264064EFAFD7A77FDED06F5F5C14F0E489E2555D17576EE3152E347CC74B8BC7E5741F3A5A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L.....d...........!.........f............... ......................................c.....@.............................G....0..(....@..`]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc...`]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\goopdateres_zh-TW.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):38816
                                                                                                                                                                                                                                                  Entropy (8bit):4.854603942594096
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:F++/JutGmmBdcJy0WsinPxh8E9VF0NygBjY:FNATy0WjnPxWEKK
                                                                                                                                                                                                                                                  MD5:2667B44345F8C493F41C9C65B2B40B70
                                                                                                                                                                                                                                                  SHA1:0969DC5411520E3FDC242D6D1F5289DC69218526
                                                                                                                                                                                                                                                  SHA-256:3BEE374E97F8C0A2EDA5A6509CBFE21B4DC3BB9E0CAC62CA908F8EB049A3EFEC
                                                                                                                                                                                                                                                  SHA-512:8D746F5AA6A21EC1FBB05E35554396BCD0E017CED7D65409D721B75CC4DB04FE7FA944F4122C1BE1E6AEF47E1DEADDF444A943BF9D5632E906BE123013B85ECA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q/.A.A.A.A.A.A..eE.D.A..`@.B.A.A.@.G.A..eH.@.A..eA.@.A..e..@.A..eC.@.A.RichA.A.........PE..L...P..d...........!.........f............... ............................................@.............................G....0..(....@...]..........Hl..X+...... .......T...........................`...@............0...............................text............................... ..`.data...(.... ......................@....idata..f....0......................@..@.rsrc....]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\npNortonBrowserUpdate3.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):519152
                                                                                                                                                                                                                                                  Entropy (8bit):6.796206581178465
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:bcP2nPG96akIIm7D0W1IK+K2XaTPwKwJIC:AP2n+96WD0vWoaTYKwJ
                                                                                                                                                                                                                                                  MD5:6B3F50DD9E9D077CD50902BF1B79427C
                                                                                                                                                                                                                                                  SHA1:32B57A6452CABF75DC4162EE026D396A13933955
                                                                                                                                                                                                                                                  SHA-256:9CC9D08D8E71D15E15D32B2A5DE58766A7DBFFEA37F476A739A42231C26A2777
                                                                                                                                                                                                                                                  SHA-512:5856C0B791F93E4DB5C0950568C45BCC3D132466661B7A9C1B85C21ADBEA91EB5C9744E67F5CF2877F934DA3C278550D7FDE294A6CAEAFC634CBCE71DBA40EC4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........iI..'...'...'..}"...'.rx ...'.rx!...'.rx$...'.rx".Z.'..T...'..}#...'..}$...'..}"...'.rx#...'.rx&...'...&...'..}....'..}'...'..}...'..}%...'.Rich..'.........................PE..L......d...........!....."..........[........@............................... ............@..........................=.......>..........h...........H....;......8I...&..T...................@(......H'..@............@...............................text.... .......".................. ..`.rdata.......@.......&..............@..@.data....I...`.......8..............@....rsrc...h............J..............@..@.reloc..8I.......J...f..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):396216
                                                                                                                                                                                                                                                  Entropy (8bit):6.6364472604888975
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:n4bSrQpVFWtouGV7AstKS4rHICzoHz25HxPqJKCJAOFbr0uY6ckgOdi:qSUpVF64XsS4rHIC7qVJz0eHLi
                                                                                                                                                                                                                                                  MD5:8648A09E9EB09453D7153101E25F8FCE
                                                                                                                                                                                                                                                  SHA1:B55B5E28317A5F1452BCBAC2704747B3DC4483D3
                                                                                                                                                                                                                                                  SHA-256:BE8DB74FBEF1CD2EEE7C2A8957B33634913EEA9CBD20B1E875B95878BBFBC42A
                                                                                                                                                                                                                                                  SHA-512:57BFF27A142062691507B1D99AB8086FACEFC3A211484B97281964F615F2C5259760622FA83155F4198BB48E3D2B54795B4E316D9156C293939D318ED959CDC4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......[....@.........................P3.......4...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psmachine_64.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):521784
                                                                                                                                                                                                                                                  Entropy (8bit):6.353157166068969
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:lcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0ToohzmVj50ZfxA6ckV:bnSgciKFK/IMakZvvClDE0TooU10xH
                                                                                                                                                                                                                                                  MD5:29991826BE3385C3A92B49F672F92026
                                                                                                                                                                                                                                                  SHA1:9F16C72BA044E378167F631C41CE1B3D818E0806
                                                                                                                                                                                                                                                  SHA-256:7FCEBD4FF83566305500F9BFDD342EB57C502B427A12EF281092FAB94E142827
                                                                                                                                                                                                                                                  SHA-512:F525CDF3EA0B77CCA0475433E6DF3A577F76479C0B6BECCC0B41A147D9372A4BA8586D84FB0ADC5660A4BC28359DACCBE76691C604748AC56991210E344D748F
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d...M..d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):396216
                                                                                                                                                                                                                                                  Entropy (8bit):6.636012823818412
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:S4bSrQpVFWtouGV7AstyS4rHICzoHz25HxPqJK7JAOY1r0Oc6cOgOdi:dSUpVF64XMS4rHIC7qIJW0ypLi
                                                                                                                                                                                                                                                  MD5:737520D5A13D92E1210CBFFFC64C109D
                                                                                                                                                                                                                                                  SHA1:F6677A3AA960225DBE682678289FBFFE4AF3C9CC
                                                                                                                                                                                                                                                  SHA-256:6A59B47E916C73C046D604956A050CC5AF9A0C96D1DAE51CD8ABDEE17F273085
                                                                                                                                                                                                                                                  SHA-512:89BD770D565553ADA2123CAFDBCB3443E5B304BF0D0EE901CE2DE0E7C6245B08162F2FE39C7FCFC1A7908105A3A00DF3BD8DD3EA0CE13F96C91DAF21EAE2155B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........IB..(,T.(,T.(,T.X/U.(,T.X)U@(,T.](U.(,T.]/U.(,T.])U.(,T.X(U.(,T.X-U.(,T.(-T)),T.]%U.(,T.],U.(,T.].T.(,T.(.T.(,T.].U.(,TRich.(,T................PE..L......d...........!.........................................................0.......d....@.........................P3.......3...........V..........H...p7......L5......T...................@.......h...@............................................text............................... ..`.orpc...c........................... ..`.rdata...X.......Z..................@..@.data....4...P.......,..............@....rsrc....V.......X...F..............@..@.reloc..L5.......6..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\psuser_64.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):521784
                                                                                                                                                                                                                                                  Entropy (8bit):6.352828173572569
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:ZcYznGwe1OMgciIogFK/IMakdTv4aU5i2s1uEn0Tooh/RYD50Zfx86cSAj:HnSgciKFK/IMakZvvClDE0TookV0xr
                                                                                                                                                                                                                                                  MD5:4FBD1394EEAA4D5F7BD66AFDC6FA088C
                                                                                                                                                                                                                                                  SHA1:8D09DC6A9C06A8B549273BF121E7D3D41E8929CC
                                                                                                                                                                                                                                                  SHA-256:7A9F75B840515009ABDA7BCA9372C97C5514E32D0324A2D01A7FE377A3889762
                                                                                                                                                                                                                                                  SHA-512:089160F6D4AEE7A1C6C550F256BF52573A71E8CDCBFF19AA829618DC1D29B772288CA76A270001DA09B19BFA175DC20829607F9C3035C672D2289550927371F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-..i...i...i.....b........;..y...;..c...;..$.....q.....v...i......1..W...1..h...1.V.h...i.>.h...1..h...Richi...........................PE..d......d.........." ................(........................................0............`.........................................`....................V...`...9..H....;......(......T.......................(...P...8............0...............................text............................... ..`.orpc...$.... ...................... ..`.rdata..Z....0......................@..@.data....N.......&..................@....pdata...9...`...:..................@..@_RDATA...............J..............@..@.rsrc....V.......X...L..............@..@.reloc..(...........................@..B........................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):440608
                                                                                                                                                                                                                                                  Entropy (8bit):4.477495049012643
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:TjbidjsOQe3H/lqa8ggDemWSzuwJWwqjPpiIFWNjdkjAGAOK0Lxmb9rvp3AzAwBv:ytqa8VxJMReTixcvcF4fZNVw
                                                                                                                                                                                                                                                  MD5:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  SHA1:B267CCB3BBE06A0143C1162F462839645780D22E
                                                                                                                                                                                                                                                  SHA-256:66E75EA8A3641E419D5226E062F8F17624AFBEE3D7EFD1D6517890511E7111D9
                                                                                                                                                                                                                                                  SHA-512:512F2C2BE5EE5F61F31719344CD20DD731898C5B63F6E1ABDBFC81821533D93AE06C96F256AC1196E9F457A927C4AA61C35D00B45181793547FF3B6670866CCA
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T.<r..R!..R!..R!..Q ..R!..W ..R!..V ..R!B.V ..R!B.Q ..R!B.W <.R!..S ..R!..S!s.R!H.[ ..R!H.!..R!...!*.R!H.P ..R!Rich..R!........PE..L...b..d.................<...L......;z.......P....@......................................@.................................`q..x...................H....8...........^..T...................@_......X^..@............p..\............................text....:.......<.................. ..`.data........P.......@..............@....idata..P....p.......J..............@..@.rsrc................T..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):42
                                                                                                                                                                                                                                                  Entropy (8bit):4.624111172624227
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:xVRcyqFhXUAKFn:xVRaFhiF
                                                                                                                                                                                                                                                  MD5:4957ED73D5E5E303E351C8F8B7B53E1C
                                                                                                                                                                                                                                                  SHA1:E61238F49E44237C56D4D5B41AEB150160880B74
                                                                                                                                                                                                                                                  SHA-256:59727F7A256B7A70971F2E62B43B0A923937F85689FC3AA4AE50E4FBFBF83499
                                                                                                                                                                                                                                                  SHA-512:DB4854667285BB1CD8D07AB189607EC5BC489AFB2D0A5B5A3388F91CEFD012FECA689787452901E0EB1DE6E8792E69C0097C38B89BBA0D977D0B29E5E5EF2FEB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:[App]..ServerURL=http://bcu.ff.avast.com..

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\BrowserCleanup.ini.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 42
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):170
                                                                                                                                                                                                                                                  Entropy (8bit):6.515978266451506
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:mlll/Q0LUUtkqiTISB3YXnaSWAaDVVg4G8prFgGjYwW8mLhx4HXn:Bb+7SBpaaDIl8prFDy8mwn
                                                                                                                                                                                                                                                  MD5:3A0E9E1388676424A5D3F23C23A251C2
                                                                                                                                                                                                                                                  SHA1:719F3425FA6255561FEE23D6688A69A1FE3DCD58
                                                                                                                                                                                                                                                  SHA-256:49BD4673A416AB9EBB6235F51FDD9E4F09CE1F00428DB0C541C249F9929DDF23
                                                                                                                                                                                                                                                  SHA-512:A422103851E269482FA667FD149DF337D3863F850BE2C32B79790BFC906E4B429BDEF17EAE00C8978B76EA0E350362494953D7E394F813B43A677E5CB82E62E3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.*........-.J....G.....F.G.......c5.......%...E.....@.....p.ASWiSTRU...d..BrowserCleanup.ini%-{0a,.v.3...Y...I.X.E#..f.....}.m\.h..~...+|.09e.N~..{*({uq.MASWSig2B

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1068256
                                                                                                                                                                                                                                                  Entropy (8bit):6.25247393831248
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:xAg2736UJeKSaEKqHbq4wTX89D+4TcmuOtU1dQ7E:xA1pJnSx1bq4wTX8Z+4TcmFtUp
                                                                                                                                                                                                                                                  MD5:3EEE4838B06924D5E499164A1DE20A3E
                                                                                                                                                                                                                                                  SHA1:A6F3D3E2A9CB292772F1C7F4C237718B4A2BBDAF
                                                                                                                                                                                                                                                  SHA-256:1A78E88DCF5EEDDE1F27233959F8294B69B28CCF5439BD65ABB64D94B681DA61
                                                                                                                                                                                                                                                  SHA-512:E61899534FEE47E694AB34728C132DC9CC55729BB28FD9B857A793E671985D935D7077AA0E2FF0D176166256ED41ACDE2184A1F2605A99DF1C0AE9F959376383
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........................................................................................y................Rich............................PE..d.....g.........." .....r...........}...............................................u....`A.........................................................p..............."...*......L...p...p...................x...(.......................h............................text....p.......r.................. ..`.rdata...............v..............@..@.data....w...@...V... ..............@....pdata...............v..............@..@.tls.........P......................@....gehcont.....`......................@..@.rsrc........p......................@..@.reloc..L...........................@..B................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwaapi.dll.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 1068256
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):363623
                                                                                                                                                                                                                                                  Entropy (8bit):7.999451395078015
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:6144:RK6aYwewWxD9DZuhLC25Rm0mcfX1kWVin6fcdMV7hk2TzG0CUayibEA32iFa2:R1apePD9DZuY2QcfX+686US7h1TzgbEe
                                                                                                                                                                                                                                                  MD5:C0D83C94E28BE46885BEFC75954CF343
                                                                                                                                                                                                                                                  SHA1:E1AB83F40A0CA2B78691F15865F12636F4E5D2E4
                                                                                                                                                                                                                                                  SHA-256:5142C917D08FA58767D5BFE12039712A2799CD79D6D8DECE576894BCA7822D3F
                                                                                                                                                                                                                                                  SHA-512:E790AFC101658C88871ACBAA4BC55A3BDB1B720D21EF6723CA561A1C284B74BA5AA4609F6E918DED5A7C451A0BA0F21E5D832CF97871261F185C8DEAB2D48AED
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@..L.......&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X......k?....!.k..Z4L..?o....?..A.X&....K.".&.....)%n)j.2b...1..xwZ....I.(.Q..................C..)q^.. ...^.L.+~.<..}...7.TX........u.8M..T3.m;.... ...Wv.J^..n.f.........C.+..C.....Ry.v..+..x.Z>O....U........u .t..a..pQ..Y.T..w,..G/.s7..CgQ.7..&(.....Y.&.A...r....1.... .~F......B...........T.a.Oc...0..d/OW ......#j..'...F+.O......I..F...wb..m.X!....+v./3"8.......gCx....Y..fD..\Z.d>..hg..p.G0.l...r.....|bi..(..eN....&.xI....5Y.'Je*.3T.....*x...._k...<...9;E/Sz.....kg5...MJ6.#.......V_.`d....Q...E.3N..'.V(...W.LrW8.A..L.nh5.4..5.:^.2LW..JI...../..8]...V..x....Q...s.B.YF.y..."O%k..X.(.2.L7..5......A..B...yb......G>...S9n.hWIF...f.s...R.b2.6.u...W.e.jr....$....e..J.[.:.btT.".j..Q%..J"..g.a.5._Y,\w....na.r..B6u ....G.c]D......3......p.V..h.9I.'$.~....7...o.......%$.OC=...x...rU...1?NQ.3o..B......P[..uW.O..O...A...7kxu....-}q~3.~......Q.LM._.;...9..u..

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):103648
                                                                                                                                                                                                                                                  Entropy (8bit):6.195667678157773
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:PsEMdY59enGtW/zc7fKJP5MYEh1nql94d7ed:S4iGtAz0fU7ju7ed
                                                                                                                                                                                                                                                  MD5:CD50E16876C1F6C9D298E6701542C98A
                                                                                                                                                                                                                                                  SHA1:8E610BE20057D3D47827B29E9D0E47590C35C5A2
                                                                                                                                                                                                                                                  SHA-256:4B3EBCA714DB750DEAF104F45F3A235731091669C4E0F8DCBA96AFAD2271CCDC
                                                                                                                                                                                                                                                  SHA-512:AECEB71551D9CAD04A404D0D56BAD5FCEDCE7EBBFA2069287090BDC2E3D2EE63C579AA434EC5E05AF50D2E3A44B8A14B22B900479B0A74D4A26F479AD4E5D12E
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Z...Z...Z...N...^...N...Q...N.........]......N......J...N...Y...Z..........[......[.....{.[...Z...[......[...RichZ...........PE..d...M..g.........." ................@................................................:....`A.........................................Q..L....R..(....................j...*...........C..p............................C..................8............................text............................... ..`.rdata..............................@..@.data........`.......@..............@....pdata...............J..............@..@.gehcont.............X..............@..@.rsrc................Z..............@..@.reloc...............b..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwaheap.dll.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 103648
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):47913
                                                                                                                                                                                                                                                  Entropy (8bit):7.996162103213019
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:768:fTfTFGrIeKbap6bJ0nXE50yFB3RpxK012tL7RaHsCSRbNGhorOtAoVHK:fTLft+4KXEBJRpo0iDCW4horOGodK
                                                                                                                                                                                                                                                  MD5:B6629DF7058B4E69C497DCE5C1FAB29D
                                                                                                                                                                                                                                                  SHA1:6B8B9DBCF400F46F701591B1F6B84F7F7E09B955
                                                                                                                                                                                                                                                  SHA-256:A4FA25AC18776F3BB956C5EB785D0CDDA7A5E0104590CD5B267EC0158BA0DFD6
                                                                                                                                                                                                                                                  SHA-512:1EF830329DE7FDE8DA67AEA2F0ACBADD1A0FCA7414D889DBD89419F6C47E5010FFA532CB4F2148CE4D3BE9F65EEE2AA41FBF47870C070E8F2228982548C4899B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@..........&..p.........../D.|...!.6.uc..L..BW..........*....~..4.+mW....#.{*...u..Z.t.'.r......T......vJ.]].....-r..~.p...ry....%..o'.Q...W...M?].G....).e.l>.kE.m..O..f@..3.xPS..Fl.FOt.=....C d3......i..3.3...r.....>.PQr..U..*.k%...*.<.......O.....-...A.m.YI......?..P6.f.,B......+`.3.w.TsC.u7.>.Ez...W...r(uH..;4.%,0.....3Jvs..F..._..[U..G?..`........Mb..w......Fx._..|.._-..:..W..-.X.......H.T.).....-4.a....7Po15...f.6.l.C.iV...`.....i..Z..'.K*..l.^.JD...v..;.... .............\86..j...!.uy...~.X..c ...[..F...B".Y..J.tv.{...1.b......`.Y^....>...d.ox'.2Yk.i.....n..V.{...!.E.6."..cL...<.........KFJs..cV..P.'.V<..8.."..1....7.,....{.3......"{..G0......@Bl.....'^....7..u..&.....2.q.....M.&.k.k.:%.}..4.V{....]]..?...T....W.....au...2..........A.\6.... e.V......x.u;.:."...`E#.e..7.|rJ.W/.Z>P..wvn..Y.m.>.[....1....e...Z......$T.6........a.....5%e..V.g...#.....35N$..:j.....N'.._-..q......r..5>77f...W"..c%.......^v+.D4..."....+L...._y.Ft_M

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1939168
                                                                                                                                                                                                                                                  Entropy (8bit):6.41298411154414
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:ZAGJlMHxUZD+1/59GEGjKYHiJ0/0iqRocc+4:gC+D9BYHFK34
                                                                                                                                                                                                                                                  MD5:560E15436650CD78FF67300AC11E6906
                                                                                                                                                                                                                                                  SHA1:4F791757AA5F8C87901FA73C22730BD007D73372
                                                                                                                                                                                                                                                  SHA-256:32A00811469303853D0DB51C5F51623667E8D9F142F8F96BB7C1DE8013151CE0
                                                                                                                                                                                                                                                  SHA-512:8BF2834ADF14245296C50D9F3B7F0C4AB42BABCB155BD43588B9B192FF284BF06D5A0A13C0BC46EF37051DCE7AA070397ACCB84E22CE957FD4CE3BE930B5BA5C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........N...N...N...Z...X...Z...C...Z........o:.O......D......%......i...Z...F.......@.......I...N...........W.......O.......O...N.j.O.......O...RichN...........PE..d......g.........." ................0B..............................................e.....`A........................................P...........................d....l...*.......'...L..p....................M..(....L..................@............................text...r........................... ..`.rdata...7.......8..................@..@.data............t..................@....pdata..d............V..............@..@.gehcont.............8..............@..@.tls.................:..............@....rsrc................<..............@..@.reloc...'.......(...D..............@..B................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwalocal.dll.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 1939168
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):755645
                                                                                                                                                                                                                                                  Entropy (8bit):7.999738396370558
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:12288:X7Y3JSDbE9dv9xtn4SQo/jJPje7qVuBe65g/YwllEdWZfU5KSWdk8HkfKjbdhjPf:LYZSDbgdhf/NcHBzq37Lh6KSVfybPgdy
                                                                                                                                                                                                                                                  MD5:7EEDD775E13A6BB329D30513E9C4BD79
                                                                                                                                                                                                                                                  SHA1:1D31A1527839CA98CD8F6C0259D81EC86EF472DB
                                                                                                                                                                                                                                                  SHA-256:5D5427FDD3DBE7B1972E8ACCD51DC8E603D3F5AA6B9FC1B68425D2E5D93F85FB
                                                                                                                                                                                                                                                  SHA-512:46F449B3C24005D943105A4FA34855543F01D8694678D0E5CC3EFE797082407241A1F9A4DAA5EF141C0504A59E3CDD8684BE41B6C091C0C55DBA066BAD0902A6
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@..........&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X.....{....7x=.iU..qct..z.U..Q..k.u....sLu.cfL...h.......o.m.(.6V..jv..:.W^%.L..0..(@s..\/..ug.J....b08..2..u......... ...*,.:.|..\b.DX&.G.......As....V..W.. .*.B'H.....P.J'.i.K1....$a..i..A..S.a.....c...a..K(...Hy.9s...?...2..t.X3S.Y......FzE.F..ME...=Sz..l....'..(.U..>......:...DX.(...6T..5HH..wP...D.51..<.OE....d..s)..h.}C.s.N.[..z....5nZ...4...'.P=\;$..p....G......E.}..{x&.#3...7.^c.t*.#...?...X...K...l...*)..p.A.../.v...4._L.,.$.T...c...p."-.<...>.`t1....^.....e..x...lM.DZoK5..Sj6L.8r.Po.$.2\..s.k..0...8..U..z......2..#..;..p.F....D.|..&..[....!...a...I!g<.&{\o.&"..twj$`i9..H..>>..}.$..g......Wglz5WV....;.F.<.. .Y...K..tU...x.pe.d!Rh}..\K.H...k4....i..O...9.8.6.y...F...-....T.>R/......z.1..].nz.pP.......Ql.UD..1.g._.~....0.f....m.............z..........W.z0U(....yDir5.....z.....".?@.?....2$..........S=^.q.$(.[(..N.S.2...Qr...#.'6.b..{..=....

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5553376
                                                                                                                                                                                                                                                  Entropy (8bit):7.985234413492871
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:bZ/VSf0JyAXlnqg5YFKhC0szInLQYVt5vWgAQc6xEuGs+9:bZC0gwlnTYFKhC0suLQYVq1Q4uGR9
                                                                                                                                                                                                                                                  MD5:806D9988AA2D554F347C868D4F673500
                                                                                                                                                                                                                                                  SHA1:18C873E06BEDECF086BCE677833F32EA8A9791CA
                                                                                                                                                                                                                                                  SHA-256:BA25881FD19FDD6B5AC87E50C87411E8D7485BD7F3587E1EEEAB0585C99EF9CA
                                                                                                                                                                                                                                                  SHA-512:B1256662AF428D583E41B7DF169F9BA28154F1362F57447508BFD314936DF40D55E1EB3DCA705A1D5B2D5CD265BBEF50825B731731574FF62906DFB7C0D2D646
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................J...............J.......Rich............PE..L......g...........!..........T...............................................T......U...@.......................................... ...T...........T..*..............p............................................................................rdata..............................@..@.rsrc....T.. ....T.................@..@.......g........*...p...p..........g...........................g........T..................g....................RSDS.y.5..@..)0..|n....libwaresource.pdb.......................GCTL....p....rdata..p........rdata$zzzdbg.... .......rsrc$01.....&....T..rsrc$02........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwaresource.dll.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 5553376
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5525694
                                                                                                                                                                                                                                                  Entropy (8bit):7.999962255984575
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:98304:3UCsWXDqcxMKnCd+7ZQUKgcTCf7uUTv9BFMVuKemWRci3Z3mQblMkSzCuFE:3UCseDzltUef7dJMVufPRP3ZWUli/+
                                                                                                                                                                                                                                                  MD5:71F433C9382D3BB96B1ED2165C06452D
                                                                                                                                                                                                                                                  SHA1:C8D537B711C749805D6DF00EDBBEBF9EB34CF669
                                                                                                                                                                                                                                                  SHA-256:A686B0BFF2C2E4C39B2FA19D5D79C9900F09700C83FF861069471BC92221F5CA
                                                                                                                                                                                                                                                  SHA-512:B792F2FC4845FC9F8F930227AF0ED21EAA47864A562C2D77148375D0498C04E22C8D51EC597DDAA829E0CCAEDA3C791458AD1EA4D541C3DA18ED48EF44B57622
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@..T......&..p.........../D.|..<...L..j!..@. Iu.u........qm;.7p...7.(...`..W...i....x4........l.~..41D...=..J..`BMC.7./.k%y...-.U^.....(.]...Pd..c..F.....&M..})....+t...z...1A.^.A..a.-.M.3J..4.)=?P.....on........\z%.%.......WB.....Ff.......,&....l...Z...^.g....B..5..YO.a.{O.4.B2K.q.Ce..+$N.....`W..Q.#..O..\}wqv..*..#?....d]@...)...J1.@..8.0-.;.9Q(#fk~...G........k...H.2'!..L.k..yCy.e.=D..`.L.sb...t.<..h.B..t....$.~._Xk.q?.....b.]}=.z>..."R...%;.U.]g..L.(.....]._.....m.JEQV...@.u~A.....*...vu.;.+B...e..s.....T.f....z\b|...:........X..{#.r.E_v.U.r.1........Y...*..z...}.....X.*.W...H...zx..A.`..v....T....E...e=.<...G+.Hx#oh@...I......I>J.&kM..Z.P.x..tJl..=./...}..c\......~L..-:.c....GB.6.Fc.:...e;.R'n.b)Z%.y^..7.$...D......\m...\.Y.Fc.3..kD..^R..y.......J....~...PC0.)j....U...-.....v..Wp.;T...../.j.o.I>Q.=.]O..K.....R..RR.......w_9...P....uZ.Vz*...X..z...{...r2...A..b...C._.b^C.8....I.S_.V..$#.....5.}.M.X..%s.ui..^?(.../...8..G..F.<..

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3687136
                                                                                                                                                                                                                                                  Entropy (8bit):6.266368108850902
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:M5MVHkXXl0C5Hw3mPgXDU5w5jlryYdq4wTBCBkS8Ft7wBO+iKS1cKzwJ/8:MGNcQq6xBkCO+iKSh
                                                                                                                                                                                                                                                  MD5:CEB5EDE01129C47FD048DC779766D5A1
                                                                                                                                                                                                                                                  SHA1:B4DCCE1D0DFBC58EDAC4674A025354445FD79162
                                                                                                                                                                                                                                                  SHA-256:7CA2E06A57C965CD365DC706EF484476F6A7442EC0FEC76C859014994B394C61
                                                                                                                                                                                                                                                  SHA-512:865C905EBB9A87EF6CC6C1D2AEBABA54BEA649783DF4101DC26F6B326C41798C0848F5E2F6642047A9BCC40CD40D9CD0DD148449E595530075B69F40FF5619FD
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........m....................x...$.......!......!..................!.......!...............~..}.......!.......!......!......!............!.....Rich....................PE..d......g.........." .....$#..........|........................................<......)9...`A........................................p.3.|....5.......<.......:..n....8..*....<.,+....+.p...................p.+.(.....&..............@#.......3.@....................text....##......$#................. ..`.rdata..@v...@#..x...(#.............@..@.data.........5.......5.............@....pdata...n....:..p...`6.............@..@.didat..0....P<.......7.............@....tls....a....`<.......7.............@....gehcont$....p<.......7.............@..@.rsrc.........<.......7.............@..@.reloc..,+....<..,....7.............@..B................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 3687136
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1075166
                                                                                                                                                                                                                                                  Entropy (8bit):7.999841245759444
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:2VFoXlVvphGYcazuXDqqrWThMqxHrSGm7m6Lq+DOmoxXRg4S:2ViphQaiT9qrSGm7F3HoVRTS
                                                                                                                                                                                                                                                  MD5:D10F6ED03BE2A72DC864B869A65D99C5
                                                                                                                                                                                                                                                  SHA1:4374E7B2B7041C9C8381876292B909A0CFAE5EF2
                                                                                                                                                                                                                                                  SHA-256:E4FAF41AECBC6E323972AFFEEB16E11A9F44A15B31E5F2DD087CC6B06B3498F8
                                                                                                                                                                                                                                                  SHA-512:CE8BF6D103DA4FD775C704DB21423B91009F4BF6F2BBD591FCC871CAF47997F54A7469C99B2257E8AE7635F0E19ED2ED42BE533817E884C88E547A29754456A2
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@..B8......&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...ax......R......:8:Z.8...&... .V..V?.$:w.I.C..u.!....8_..w..%l......M4..:..5..3...,S&.."....z...P...n...l.I.d..E....j.L....X..$........z....J...JY.5..&8....N=.....5.3...54...Ac<Q{.K+0.....T.."....w2....I........jp..S.P.$.v_.X.x.'.FkXWez@....Q.l..A....v....8Z...[G......QR6..R..l.ANZ.@..-P..Qk....VWM...`.]..d.......e!wv....24.^e.3..V...o7.vw.xu4.....<....f@.S.|w[.c......L..Zf...$.g..6....5..X}.q...Xwd....'"..(6..2.........Ke-..6.h.....3h..`....r..[....|b5..p01uf.`1...{6.6.C......o..e&.=........@q.....`......6n........3<6V&.-9r..\T./w......u7.L.8..j.I0.#..a...W..]..@A....>..Z..%.S..S.-XY.........Wpa..(.z...y.uQ.....s..E..11......kK7....J@~...QH.R...k..w.R...).p..q..7....3..Hs.BhATi.H.%k.........$~D(D...p.M..*...W..5.S.L&.....R.B$...L.....)/........y.N.cA.8.a..7.?..f..#i..k..@.z.f..t....M.F..h...s...1A..}......Z.7.=.vj...P.8....t&.c.4.2 Y.....'T..

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5191392
                                                                                                                                                                                                                                                  Entropy (8bit):6.269190421422258
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:RYzlmyFceO5NQpafVmSnVtKw8N6Xt00+I3u+Mm:RYzlmymeO5mpafVmSnVtKw8sK0ZMm
                                                                                                                                                                                                                                                  MD5:7F53AECA6B9A601D957AFB91C8169FA6
                                                                                                                                                                                                                                                  SHA1:68DC9B27924AC2BDBD5E57F023573DC49D13C2EE
                                                                                                                                                                                                                                                  SHA-256:471077CC29241FFFACEC8BC50EA6A9F976ACA2E0A6375F4D231978C38C89BBF1
                                                                                                                                                                                                                                                  SHA-512:EAFEA98D8CF17B46D2F367FF548DF432F8CE6C39A82267CE1FC6C6CCF9D2CAB098CFE12804BCDEF89F2764424DF3E087B0A714FE4113BCB1453407ACD6F5C18D
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........%r.pK!.pK!.pK!..O .pK!..H .pK!..N +pK!p.!.pK!C.H .pK!C.O .pK!..M .pK!C.N .pK!Y.J .pK!&.O .pK!'.O .pK!-.O .pK!..J .pK!.pJ!.qK!Y.N ypK!Y.K .pK!Y..!.pK!.p.!.pK!Y.I .pK!Rich.pK!........PE..d......g.........." ......8..T......`.,.......................................O.....,<O...`A........................................`.K.....(.K.@.....O......0M.|0....O..*....O.(,..`.@.T...................X.@.(.....@...............8.0............................text.....8.......8................. ..`.rdata...f....8..h....8.............@..@.data........@L...... L.............@....pdata..|0...0M..2....L.............@..@.tls....a....pO.......N.............@....gehcont$.....O.......N.............@..@.rsrc.........O.......N.............@..@.reloc..(,....O.......N.............@..B........................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\libwavmodapi.dll.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 5191392
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1504080
                                                                                                                                                                                                                                                  Entropy (8bit):7.999871683214955
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:RCSVvBkkoviN66nTugo/k0JI7Yuk5UMxJEALBNGWy3t9OMLCyqikWx0KKjsfvC:3kUNQgo/kvcuk5UeEtBWekRdp
                                                                                                                                                                                                                                                  MD5:D7C228C03712D0EF557DD3522CE8424F
                                                                                                                                                                                                                                                  SHA1:B77995BD36C68A8A4242ED87D40B255C3C57BD21
                                                                                                                                                                                                                                                  SHA-256:B199DB026BF421C72F4CA39482B7DBC20568AC01266DF11FB4A87BABCE9A54EE
                                                                                                                                                                                                                                                  SHA-512:D0F29E79BF6D775283EACCCD68B0FB84DB65E722FF4E5EA9AE327ACB4C97AC1CC02E4739037AA381D6A458147AF0DEA3DE7812748B04A74A983DEA25A42D17EF
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@..6O......&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X...au...!X.Lt.I..ge...c.<.%..<ktVr.Z.]...9..^..`..A. ...7J..y...#=Q......BL1.V....U..$.^.;..vN-`..9Lzk.(..m.".!0^.h..*...... `6.S].pK8:......]y.kj..h..o.52.uT0...0^..-F.s...21..Vr..F...V....U,.....8..a....?......X.1u.A.QAi....._.y?._....S...\.."..=i...6/^.mS.\9.!.0.%U.lm....`..@.sr$..p.|..*.c..V.b!...Z3I..h...y.Qs..G......o.."D...@.Q..X....H.#"...x...1P...&.-o.%.7......x|...%.3......#...N..a.p}...(Q.Q.a....jb.....i.s...Y..:..Y0....>........gB..../rL2l........ln.?.......S..mo4....Dk...R._G..Wn..-.. w..W.V.A.R.*.(kV..~.g.7g.s...n..k.\...C.+.k..K.....R.b".....suW...6..h.[./j.H......n..0..'.v.u.:.a.+s.{....6Q.I.K..>*...8..*.j60...[.p...g.P#....Q..(;.............I*.r.UU.....54...n..4.z.OF..-..@M.....3.9..B.ER.lSd-....f.R..p.]u...._..-\.....J0m....qTw..L...w.......I,[..........x....q....1..n..uC......L.0e..../Y....s.Z.!.+.\.7.....$.e.C.....L~@.....M..

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\setup\asw6f647d2b80e600d5.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21873
                                                                                                                                                                                                                                                  Entropy (8bit):5.690464339074782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:D4JxeXHtpV2gtJi0YbwA+V4B3p+3JBG1srr7dld13eWc8oEKAo:gxe99JiF+4BWBWwL13ej8opAo
                                                                                                                                                                                                                                                  MD5:E9865C49EFCC70C08B60AB5A99BFD76A
                                                                                                                                                                                                                                                  SHA1:12FF40AC0ED120D246BB7C1DB56066682BB60C4D
                                                                                                                                                                                                                                                  SHA-256:267481C5C3FF66EC6DDA02134B1216D85C12470555581F92B423A29C91DB547A
                                                                                                                                                                                                                                                  SHA-512:E9185E7B2622E03B158C6991F7DE414319EE499B7A4B01AA82C36D193D0432392D89FE4678B48FC53EDF3D4905F314F0AC67F93812162BF8DD445BE6AC647F8D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..streaming=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[WebShield.WebScanner]..VpsFileRep=1..VpsFileRepScanAllPorts=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\setup\config.def (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21873
                                                                                                                                                                                                                                                  Entropy (8bit):5.690464339074782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:D4JxeXHtpV2gtJi0YbwA+V4B3p+3JBG1srr7dld13eWc8oEKAo:gxe99JiF+4BWBWwL13ej8opAo
                                                                                                                                                                                                                                                  MD5:E9865C49EFCC70C08B60AB5A99BFD76A
                                                                                                                                                                                                                                                  SHA1:12FF40AC0ED120D246BB7C1DB56066682BB60C4D
                                                                                                                                                                                                                                                  SHA-256:267481C5C3FF66EC6DDA02134B1216D85C12470555581F92B423A29C91DB547A
                                                                                                                                                                                                                                                  SHA-512:E9185E7B2622E03B158C6991F7DE414319EE499B7A4B01AA82C36D193D0432392D89FE4678B48FC53EDF3D4905F314F0AC67F93812162BF8DD445BE6AC647F8D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..streaming=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[WebShield.WebScanner]..VpsFileRep=1..VpsFileRepScanAllPorts=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\setup\config.def.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):22038
                                                                                                                                                                                                                                                  Entropy (8bit):5.68898765386383
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:DdJqUXHtpV2gGJi0YiwA+T4b3p+gJBG1srr7dld13eicHoEIks:TqU9WJi804bXBWwL13enHoHks
                                                                                                                                                                                                                                                  MD5:EB4B78EBFB796B32E09981C73F576AAB
                                                                                                                                                                                                                                                  SHA1:3C6C28C88AD5D385F9B0DEE1F50E5D58B553AA77
                                                                                                                                                                                                                                                  SHA-256:A863C196CB3FD213D972966370747BFC3AAC486F6054A44FD80BBB4F2D488C0E
                                                                                                                                                                                                                                                  SHA-512:24EC3294280D620D19E3FDB631449F32212ABDB0618DABAA2173D23CAD384D35637C64F23C074F27C566BA9FB84B4A14E102E018E19C6328EF9609BC69076AB2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[WebShield.WebSocket]..Enabled=1..[Settings.UserInterface]..ShellExtensionFileName=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[WebShield.WebScanner]..VpsFileRep=1..VpsFileRepScanAllPorts=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInter

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2725192
                                                                                                                                                                                                                                                  Entropy (8bit):6.499351150831322
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:6FMG1CllYiY3TN5SxWC6ppkviShWIGrqw/1TQr:OQb6Ty6ppkviShWIS
                                                                                                                                                                                                                                                  MD5:548FF176E24CFC2401CC41CF9CB9F3B8
                                                                                                                                                                                                                                                  SHA1:1E2F8ACAF53F0F4BEBAC71B280362DD86AB24702
                                                                                                                                                                                                                                                  SHA-256:0E72FEE6FB647EC817D64221319944C6E74A90925EA03AA4E88F0B9D69BD663C
                                                                                                                                                                                                                                                  SHA-512:F68E88495691AF112CB9708C444173CCA68795624C699AD5FE54F8072E1087935964B32A8900F74FE826DC372AFCA5814958F282D54624CA5CEC904E1869A419
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........q..".."..".qi"..".q.#..".q.#..".q.#.."{..#.."{..#.."...".."...#.."b..#..".q.#..".q.#.."...#.."...#.."{..#..".."Q.".q.#'.".q.#..".qk".."..."..".q.#.."Rich.."........PE..d....N`g.........." ...&............`!........................................).......)...`A.........................................y%.`....{%.......).X.....(.@m..Hj)..+....).X"..8.!.......................!.(.......@...................Dq%......................text............................... ..`.rdata..6...........................@..@.data...,'....%.......%.............@....pdata..@m....(..n....'.............@..@.didat.......p)......<).............@....rsrc...X.....)......>).............@..@.reloc..X"....)..$...F).............@..B........................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\su_adapter.dll.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 2725192
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):879506
                                                                                                                                                                                                                                                  Entropy (8bit):7.9997702134486905
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:oRreJDsijFVA2kBdzSt4xU5uXRl0qN5QJqEKULX:nJDs+kPI4xUefqqE1X
                                                                                                                                                                                                                                                  MD5:13FEF5DF45D723C40F1C2F7D17211648
                                                                                                                                                                                                                                                  SHA1:2D3BFD84484B5DC061349B9085AE17A90E0D1304
                                                                                                                                                                                                                                                  SHA-256:D8FD9740CB2FDBD0DE996748422CBDC93713EEE0FBE95D80D52A524F9DDD8DF5
                                                                                                                                                                                                                                                  SHA-512:6C65CAE08A8810A5665BD5C979AED5FB88D2F5EA862DEA2D770178F67671C5937A8B27A2B62166E02F06190F2DA10D3C3715F2BE669AEE0ACE821ACA9AE8DAB1
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.H.)......&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N..........Q.o(V.JW .........oc)...fL...+=..=.?..#.......2..PF9k.-.+.{.d...IW...N.V.may....m.t..,.@.Z...... ....0..p....c..1...... .$M..51.|C..'....V..L.....n {1...\....^.bNp`(?..K.k..@...l...x...^.9.9...}/Di.J}...Cg....l5...'.<YL..>"".........?g9..=......k3..+.YVP.....y'.u+n....A@^............N.V..6~.;]....-...~.:.....BJ.|...}+~.....#...^..;9...y{]i...\......TwF..x....L..C.........Q...k.....Yw@~...3..|...j0...\..b...V...e.9.....m....:..y.G..Q..2...9C.....Y.i..SOM.1H+1.........z.?.t.R......._=Y..0y.$..N..b..k.U]G.1`..1.b.V.g..U....\..."=M..\.-....k.\...DkL..g............0/......s{..ZG.\{.....)+...mn/}V:....N..1nvK%....-9v-....jq.]....-..v...!..Y...7.9.A....u.5j...a.........I.:y.`%vFg..].........F7......r...8.3..hj..V....R._.-K...%Ko.Y|{.;.=7.4.Yg..}r.A.l.5..O<...^..G$.........2...Y......OQ..Oq"..u\..VP.h..1...5h-.....N.zI7.i..n}w.!....B....c

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\su_common.dll.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):253256
                                                                                                                                                                                                                                                  Entropy (8bit):6.791883910972933
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:hPNKzt1lvINhb/v4ps8xph0LR/hSMXlk4ZqKFya5XB67TT173cOMHo67:9NMtrI7bcph0lhSMXlBXBWn173cOk7
                                                                                                                                                                                                                                                  MD5:FC290ACD457E70A34FD9B81D153A696D
                                                                                                                                                                                                                                                  SHA1:A0B8BCFDD45A002A0D4D26F3D0894BFC82050670
                                                                                                                                                                                                                                                  SHA-256:465E3D7A6797FF83EF9CDFC59F3E18F5E6D9B7D2AAD9DD007CBD8676BEA8369D
                                                                                                                                                                                                                                                  SHA-512:4E4A07680E48537CCC6F2709355FA658334C11F726924F0A1D512A91E940E01245BEB64C3EC149C1C5D0258C353D9CEB42572BB3FE7835C1DDE568E92981F0C2
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........E...+...+...+..o....+..o/...+..o(...+..o*...+.z.(...+.z./...+.......+.z.*...+..o*...+...*...+..o...+..o"..+..o+...+..o....+......+..o)...+.Rich..+.................PE..d....N`g.........." ...&.&.......... ................................................?....`A...........................................T...D...........0.......@...H....+......$....f.......................g..(.......@............@...............................text...[%.......&.................. ..`.rdata...a...@...b...*..............@..@.data...............................@....pdata..@...........................@..@.rsrc...0...........................@..@.reloc..$...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\su_common.dll.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 253256
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):90557
                                                                                                                                                                                                                                                  Entropy (8bit):7.997811962033521
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1536:q5Ja9ahrtRIbM7vz0UcLmRmJ+t5tRqHA+0FVwScFxlgjeVFB6IXKY1XnWt:+ntDo8Ro2tRUA39V6VFoIfXW
                                                                                                                                                                                                                                                  MD5:17DF1531F7CDF68F1C01A4C2A21A9630
                                                                                                                                                                                                                                                  SHA1:88CDD3FA3A00F03CC8C48A03331B8D0EAE3FCCEF
                                                                                                                                                                                                                                                  SHA-256:C4CE435270A1D76D63833E6063BF0F8CB50A92F7B996F3E8116005772A2D396E
                                                                                                                                                                                                                                                  SHA-512:3D0FD2645BBD66FB1B1E14662E5B339E1D05B67ECB390B3321A9FECC96CD091073E522C944FBB400D0BFB2A786FDB60112EF8793A5708A6A8780B05FC384DAB4
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.H........&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../..gK.....J(a........J".......7o...p.f...q6..H....B).^.k5....tS.tyg;..k...B.^fW.5..kD3.U.KN5.6..6..&.7`1P.p.]........[..<.2.)...2..Kdy:..\..Tl..F=..*.......y....n..VZd..v..L.....s..K..5jMJI...i..B......(......AA#.:....=;..w...z..f.I...tw.5/K....F.D..G..U..[..4.........65.WE..O....0y.[..X.?.0..H/1~.D..4.5.........t.X....2.U;......;.uM.x..k...W...MW.!.....l....^...;C.xT2..J... .7..M.R8P.a...6..3....q.]Q....1@.V6z.\..e.....g..z..BR.,......Fl:Dl....W.F...io........s.@..3..Q:. ....<.R.c....w.d./..o_.r..........y.A...}.H......ix[y...L;.....S.-.T...$<a........f.Q.)......|..@..l..8....J.[p..3..Gs\<.q.1.n....;...Wt.Vb.GZ......4.mt7. 3..4X..R%....B....h...uyr.4.^.'...........gT..a...\......A.......a...."`.K.`Y..|.8..U...'8...yb....'..{.S.h.mz.;.4./T....<........~.zo.r...2~.............T.........)...]....G?.b.]Q..)`.>..Eo...8u+[...u...?.Aj.qY..B..X.f\P.J...._..0~8.

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1629000
                                                                                                                                                                                                                                                  Entropy (8bit):6.532447463222375
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:yJhqUXbHEDQSxQ8DbDUeqQ2h0lhSMXlutveynaN7:yDTXADQQrbDUnCQve
                                                                                                                                                                                                                                                  MD5:8ED228055F4A834AD15D8E9F32223941
                                                                                                                                                                                                                                                  SHA1:9BB77A691BE8C19EC89603F7181BD60EA4FCB59F
                                                                                                                                                                                                                                                  SHA-256:8BC99C388A6901D489FC76EA798147C4325864C42D341C8EFC22D8E26EBA45F0
                                                                                                                                                                                                                                                  SHA-512:B12AAF657B9B2B5B4CD023AF59FCB5EED5A99AFC4EA2406C9085BEC1BE19598A666BE9539D6550C1D5B009746FDFEA4C48F510D7B3750DA316AE8D3D4125EF17
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......8.[.|z5.|z5.|z5.z..}z5.z.1.tz5.z.6.xz5.z.4.tz5...6.~z5...1.~z5.u...jz5.z.0.Xz5...4.~z5...4.vz5.*.0..z5...4.iz5.|z4..x5...<..z5...5.}z5....}z5.|z..~z5...7.}z5.Rich|z5.................PE..d....N`g.........." ...&.............v....................................................`A........................................p...t..............`.......$...H....+......H ...8.......................9..(...p...@....................... ....................text............................... ..`.rdata...7.......8..................@..@.data...............................@....pdata..$...........................@..@.didat..............................@....rsrc...`...........................@..@.reloc..H ......."..................@..B................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\su_controller.dll.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 1629000
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):451836
                                                                                                                                                                                                                                                  Entropy (8bit):7.999584425867543
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:12288:eqdk18/jcYLhEEWkXF5iguYPvMWiVdoARDZGJy1Bzc:AW7FhkkXVucvMWiVeAhYJ5
                                                                                                                                                                                                                                                  MD5:B98B07A01E6133AB3D9589050BAFF66E
                                                                                                                                                                                                                                                  SHA1:B3190121C7EDFF68A57E4B5BDA6ECD24134B52F4
                                                                                                                                                                                                                                                  SHA-256:77EC5B99B6FB9537DF3DF18F55DFA88C8416D3A0537FE93B038A6070DE202D1F
                                                                                                                                                                                                                                                  SHA-512:7933DC5A0FA55362923E19E22E391E0430A8992ECE5C1842A271BE5027736154DF383F4797DAE1243A84EB7702270E7EE15B1324FCAC1858E6BC2CE77D77042D
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.H........&..p.........../D.|..N...mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X....|g.=.y...w.<,.?..U..x_XdpC..k........ku..z....l..v%.f. .B...{rg...+.t0...1...9..g=....<..~..Po.0....#....q....i.!....`9%..,.%Vqs.O.V0XKg.H.v...).9.f...U(t...kY....`G.C.ML...@V...;...zS?K..l....j..fY..YD..P.g...(.=..L..Kc!F}........4...cR..U....lp....4...=.a...y......VL..|......<......z..o..?4r#.z0.y...jx.........B+HA.pZ._..U.x...vE.,._.zf.*...Tcj..(g..n....*~.}.T...*.i....f....}b.9.6... !-z...3d...}...J6?.2<..@.|._DXy.%.{..C...,..gj.f>j.. .jM...B;{..GR{H4..#..f...p.bW=.&.8.'O.....].>..NC....._2....g...h.F....y.zuM...0.myU.5.WE.......b.~..R.b\#..p.s....Rj`,S.qXi.BFB(:G!Y.............9.....X......P..E.3.I.Qw3.:.,.N..ny5.{.h..W..E...c..~.3..l.f..C..p.@.p.....}_..Qs..kx,0.b.3.".g?,.....+s.N.e..5..... -.xL.3...]....lq....D....&..v.....CPX.L29.......j....$...pW_.b....6!. 1.?....(U..H.....s?.}.F.w.....UI.4...........3..`.4...te.r.rB6B....k...]...>...._...;..

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4927304
                                                                                                                                                                                                                                                  Entropy (8bit):6.494068924919758
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:k2dLHdl4jqTKaYngG3jHB1uhpU6Of1M6gBlwmN/CJXcXgI7sg8Dn0i7GVBdvKARU:8oc6S641cBCcQI7sg8Dn0i7gF2
                                                                                                                                                                                                                                                  MD5:21AC48F95FD029C9B64EEF0D35990E95
                                                                                                                                                                                                                                                  SHA1:7A5BF5D15FBCEC71D416C9B068CAD78EF19A03F6
                                                                                                                                                                                                                                                  SHA-256:F7B15C8F64E58CEB4118C1333D9255364CF02CA4D257BF06333FA4060B72E34E
                                                                                                                                                                                                                                                  SHA-512:688BF2A9E53EB8073E1ECD88FDEA4F696B1CEB5620BB95A1F8BBF8317C86C16802E41E0D2D64CB3AD7D391584BB9C5C29F8A77AFF8CDCA44A33F2C5EDFADE138
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........LSV.".V.".V.".PK..Z.".PK&.\.".PK!.P.".PK#.^.".PK'.n."...&.W."._...L."...&.L."...&..."...&.W.".V.".P."...'.U."..#.T."...#.s.".V.#. .".<K+.F.".<K".W.".<K..W.".V..W.".<K .W.".RichV.".........PE..d....N`g.........."....&..0........... ........@.............................pK.......K...`.........................................0.?.......?.......J.......H..Z..H.K..+....K..g...8.......................8.(.....2.@.............0..............................text.....0.......0................. ..`.rdata..Xw....0..x....0.............@..@.data...df... @..4....@.............@....pdata...Z....H..\...8H.............@..@.rsrc.........J.......J.............@..@.reloc...g....K..h....J.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\su_worker.exe.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 4927304
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1395094
                                                                                                                                                                                                                                                  Entropy (8bit):7.999867387001488
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:eUoVPFZCbRGSVFl/AXB6G6Z76oBibe4wiEMBcdIsV+ixqTLca:eUoVFcFGGAXB6GrbFwpYiUfD
                                                                                                                                                                                                                                                  MD5:DD70ABC3A0B465BD7FE9A913CB95A451
                                                                                                                                                                                                                                                  SHA1:2FAEB5050B8EDF20CDA0BB8727D132EA23DD9E9A
                                                                                                                                                                                                                                                  SHA-256:A9F406654BADC9805405452F00B831861C58181C7663AE6C6613271C2EFDC654
                                                                                                                                                                                                                                                  SHA-512:E81D5B82705652B1EF122AFC99B3241C64F46F82E83EF67007467DEB8A19E5B6127A56F50DE123318E59B7CBEA6F235969EF7472E532FE1E22EE910EEAF5C2C0
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.H/K......&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N.........{>>]@..x)pz.......S....*fl.u.B...Wi.5...y.w...G.........C...Mg..a....~A..df.o.&r.-8..P7....o..&.~C......W$yY......%O..,.a._...Y.p.d...Zn......Vh.J,.='k.....a..h.i. ...7.%.-u}..g\ro...p.h..QG6F"..mH.TdK2k.=/v8.5..-..Y4w...C.....C..o.e.-.h.Mi.vq....3.w.U..i..L..6.|.Yl....s............z._...O....MCl8z~.......uR...|I...M..m.L*....F......@#.v..<..5j...K.s.i.o+w...-.(.....;......q....;Y.O...A..l.A<.~...CP..Ci:V..z.4.*..WK.$m...HF..B...9r..* ....).h...|/...Y.'..D%....0...x...n..Fa\7@..eP.Z....y&......... ..5..n......?..h.T./>.....A.H.y.....3.....J.c.r.*.an8......<..h..:.@.G_......JN.....f..f/. ...&.|xy....F.x.5.....?....?w%^.Q.........J.;.wrz.G..)-s0R...N o\.>a..Z..(.9.8...CPx..+.w..=...L.4s..J.9.(.2.>...\Q.....b..L..:.8.v....!..g(;".5D..[(...e4.'.KG.&../8...qq11oyz....Y.6.i....I]....... .]4.>P8..rz..........aB..\Z..6=...V..8w...r..8;Q:....Jb/*T.8

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\wa_3rd_party_host_32.exe.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 2297056
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):15958
                                                                                                                                                                                                                                                  Entropy (8bit):7.988692089398869
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:Vef6vuN+KYRbRwWNkJQTP0lOkk+kMMTKVuslyM+Gt8s:wf6vurYRySkJQgltkMKcc2d
                                                                                                                                                                                                                                                  MD5:6811C9B204C06FAA530D8F6DB25779BD
                                                                                                                                                                                                                                                  SHA1:02B3566A5CB4789858B61C9500D3C7C7798059BC
                                                                                                                                                                                                                                                  SHA-256:0782018558EA99DC00BA0A9FED252B97EB9573D7E3810F42AF5FB49B71B4131E
                                                                                                                                                                                                                                                  SHA-512:ACA0B7C7D7276455B2E5C6A1CF9F323FB061C5052631C05B784D2A965EC2A69D1F162BA56C7CD7BB18FDF5C0D58FD02518692CDBBECB62D75C4441FECC62F4A0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@...#......&..p.........../D.|...<..mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X.......b....<i..>.Z......Z.....i...i..<..5..gI........Ux..E.....{7.8n...6...&Bh.!..AU......OG..|i`N...5..Xs........9s.K....t......$lz=.wl......A.Y...D.p?m.O.6...t..;..qETG.pl.:m&.....4._...'..O....i._<.....GrWHF..&N ....n....m......,r.=.....qO.Z.YUK..t.AY.f]..o..TQ.......G..a....q........a..$.....x.....x...P X.H.&..xX.Q.Y..#...9..i...y......a...g\.G./.z....84~U.o..Y...J.....rI..a....~.%d6....+I%....e....J...Q3.W......q(W....m...&a...kl......yK.].E..}.L..;G.......>..H.......E-.(`@.d...y..&O.G...5..s..~..G.Ma..d.....#a!.s...u.R`O..8.^.4..9.ty....8...ThZ..x..~HmX.L.........n5,......$XT.?1F....e..l..O..S.....[.Ir..J.Pd...H..H.{......~...#..^.u..)...f(Q.b.v..R<......u(;.L..K=..p..E.Q.0v9I.&F-...VP..~1#EB%s.q....yw.F.s..y..=....".z&.v....iWV..OQ?....)w(!.h+..!...+.-.P..$.&.. V.1..0...W.K@=.b....V.r.\.d}.!....,`....Ts.X......t.7n.5.x.o./..9.OX..H...xRD

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2892512
                                                                                                                                                                                                                                                  Entropy (8bit):6.399881569757676
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:XyWKeLO9VgpshjgKyycgwk5dB8sd5ICqM:XyWdpFvk5RwM
                                                                                                                                                                                                                                                  MD5:CD457186825A4D00D4204F8750E14BA8
                                                                                                                                                                                                                                                  SHA1:FE619166CF445344B499E42ADA7C8A2514782DF2
                                                                                                                                                                                                                                                  SHA-256:9CD44679F177066F4F78916AE1017CB35B265271FECB84B8AC0513EA881AF740
                                                                                                                                                                                                                                                  SHA-512:90D396FE84CB8C4C42D91704D8C29BFF8B16FAC21446F6B780F47E124FA8E633A81F9ABA2DF41AB915E363A00B5E5DC5670C07A1AB9ACFE5B985F3ECB3D93EF1
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........<V.noV.noV.noB.mnZ.noB.kn.no.#.oU.no..mn_.no..jn~.no..kn.noB.hnT.noB.jnN.noB.onG.noV.oor.no..jnE.no..fn..no..nnW.no..oW.noV..oW.no..lnW.noRichV.no................PE..d......g.........."..................?.........@..............................,.....C2,...`..........................................L).X....Q)......0,.`A...p*......+..*....,..*..p#%.p....................#%.(...P."..............0.......L).@....................text...<........................... ..`.rdata..r=...0...>..................@..@.data........p)......\).............@....pdata......p*.......*.............@..@.didat.. .....,.......+.............@....tls..........,.......+.............@....gehcont$.... ,.......+.............@..@.rsrc...`A...0,..B....+.............@..@.reloc...*....,..,....+.............@..B................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\AVG\Antivirus\wa_3rd_party_host_64.exe.ipending.af551dba.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 2892512
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1036251
                                                                                                                                                                                                                                                  Entropy (8bit):7.999826702106487
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:9HFmfultzZGI5OmX7FrsiLfLJ/EfZvCufrMHIJ1jKklhv4LtCTo2:9HFO4ZxrFr9LfU8Tu1jNv0tCTf
                                                                                                                                                                                                                                                  MD5:CA53DE839D5C970715C9194CA6CDCF57
                                                                                                                                                                                                                                                  SHA1:E2068FCB296C5C7C787B3E40330721FC15E1CCAE
                                                                                                                                                                                                                                                  SHA-256:A9CEF2B3C55194A08DF3580725914B9BB39E192A4E0607B39FED064DD18B7362
                                                                                                                                                                                                                                                  SHA-512:858D3F7EF81ED5F44A9615E7258823EBECBB837DC08190885ED222C123124116C6B89DBAA822CE5F825984FBE9316B0FEAAED0C1B5D7840753A9CE6F7DFB5C31
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@..",......&..p.........../D.|..'.J.mx...6.`....U....U6.2..}.a.Ys..NY..T..:D.0Ww..N...X..../.?q.......s9.T.?.*...1..,.q@..<.0.M.....X....>j{.2hQ..X.....o......'4.....x..>...d.l.....8......,0.)..I2.h..K.(...i_.F.}..E.R.9.........O.....y.]|.I.W.^....Gnj=#W..a?T..Y.........L.f.:.F..&.eJi...Q!n...=?.:.]..1.C/...{..ynC..u..4s`Oo:........x...t,A...^..1.;.......NW....$Q..@....".@\..,.b.d..q..$VvY.~xN[.....3=...p%$s...1.6..t}.;E.~..RWr..........$..|W,....;.ah...=E.4n_^...e.!..9K$..Y....O..,.E....l..SYZ....=..p};xEC.....x.=....D...q.yY..q.-.u;9...8W.....7>..oG".p..x?.......O......p.X...o......qjfJ..Q.D...........!..c...C..........bOa.......z.%.D.b..WP..0.y..X.yEX..a1...P..).,l...mV.....}.......2Q.....x.g..t......N...*..Z.`...9..iZjmK+j.0)2..LP.....q.............(....J.3.......I.".w..K...F.AH.&.2.3}E.....e.......<.....)...%>*...(..-......bw,..D..,.Z.$.U..............W_.Z.i..U9.{....$8...b.b......=Y._......:.>1.....S....[..5......q|....).

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\analyticsmanager.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 1873389 bytes, 2 files, at 0x44 +A "\analyticsmanager.dll" +A "\analyticsmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 167 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1884085
                                                                                                                                                                                                                                                  Entropy (8bit):7.9996505622372345
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:49152:LlNi5UxPyveWv1Kq0bsw2m0ynXCuTDEU9t3DupTUrhGB/34WSID:BNi58y2qK7CynBTcp2s3pSID
                                                                                                                                                                                                                                                  MD5:D879D97ACF98B6EC553731A91D9FCD1C
                                                                                                                                                                                                                                                  SHA1:B001BA483BDB22E75069BE626946C9BE06AEA9F5
                                                                                                                                                                                                                                                  SHA-256:D5D6D579965CB2E231AF81A2BF60A39A1955EC3782F27D9B1B8177F87B202C94
                                                                                                                                                                                                                                                  SHA-512:0514F7F80D7D2D05F949621B80166602096130DB5F18C6099C35A0EE18DF8EAAF056557F24DE1D2B7C5C4817056B4CDDDA42231243FA35B64BD1853558FE4236
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF...........D...............................)....................S........YBq .\analyticsmanager.dll.......S....YLq .\analyticsmanager.manifest.i....+..[...3 x...@..$"....ZN..2\X.$.H.....JfBF.VPA..@&l R6...9E..#@.6....D..-.$.Ho...L...`.S.Df..j....y....{u.g9..x...H.3._.&^..!.?..V...sX...S.{V/...j>..Nn.Y.Nv$....c.\.].X..p...p.k...J=..A1.j.` (..|...CHH.b@...........PU.A.9........I.u:.n.h h..bD.......sXK.F0.u.K..^\.....(L.Z....`.f...T;.3...b..j.......m.N.;....m......w.7.In.....o....r.^...n.Y...T.........._>.1.^{..6...)..m...h...T..f.rw^c..uEW.7w}...5I%m..k...?<n...f..6....C.?..?.oV...6.{{..7W...s......k9..I...g5..PG.....\c...m.^..P...TS?.hv.Bz.....w.|.......G.]...k....?vM.,...@.g......Xol.."...{...).t../MY(;..&.....e...q.Z.R.[w.3h=7.|_..;._g.v8k..{l...3~........uK...k;....O=>.C.;....n..Iup..?...0.&.\.r..m...........:F.n...O....1.._..t....g.5Q..{.l....A.....0...}.5.0..xz.L.]U..@..y.:...7..H.....+..n..k......}bbW..6.2..Wo......._..Gcp$.vG....oA...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\analyticstelemetry.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 39734 bytes, 56 files, at 0x44 +A "\analyticstelemetry.manifest" +A "\context\analyticscontextconfig.luc", flags 0x4, number 1, extra bytes 20 in head, 4 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):50430
                                                                                                                                                                                                                                                  Entropy (8bit):7.941471101884989
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:Hd16nLMR3pD1CrhfSYKhdrFo5h3rzmXDQ8nDx7/c9yI46JKwF2PsS2EF:HT6nIhp4rI1diL+D71zhXw7SL
                                                                                                                                                                                                                                                  MD5:A15CF0E1FEA6C857CD90A27073009053
                                                                                                                                                                                                                                                  SHA1:0C5735098A552EF00F0E3E406A0D8887F296C7B7
                                                                                                                                                                                                                                                  SHA-256:63B731A170F3EEC34F4EEDFC1727F9C6343C0AE2F981783873C638F9A8F16EBF
                                                                                                                                                                                                                                                  SHA-512:851765E13AF4444AF9DDECBF48E4D11A83B8E8494CE6795C97855A90F7F24163F6E4548C4FDE451E45FC1B17BCC54618FCC780B9263D223961E02CAB355E1D9C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF....6.......D...........8...............6....)..........T.......Z..........YWq .\analyticstelemetry.manifest.....Z......Y.l .\context\analyticscontextconfig.luc.....g......Y.l .\context\analyticswpssetting.luc.....+......Y.l .\context\analyticswsswps.luc.....G$.....Y.l .\context\browserinformation.luc......7.....Y.l .\context\browserversion.luc......;.....Y.l .\context\contexthandler.luc.....d=.....Y.l .\context\externalutilityfunction.luc.J....@.....Y.l .\context\featuretrackingfeature.luc...../^.....Y.l .\context\hashedmachineid.luc......`.....Y.l .\context\msspstatus.luc.O....g.....Y.l .\context\samrecoverable.luc.....7k.....Y.l .\context\sequencenumber.luc.....?m.....Y.l .\context\smarttoasting.luc.R....q.....Y.l .\context\subscriptionexpirydate.luc.R...]s.....Y.l .\context\subscriptionstatus.luc......w.....Y.l .\context\subscriptiontype.luc.Y....y.....Y.l .\context\suitestatus.luc....."}.....Y.l .\context\wpssubscriptionexpirydate.luc.F....~.....Y.l .\context\wpssubscriptionst

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\balloon_safe_annotation.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3166
                                                                                                                                                                                                                                                  Entropy (8bit):7.890916051269147
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODx7FspC:bSDZ/I09Da01l+gmkyTt6Hk8nT3KC
                                                                                                                                                                                                                                                  MD5:2048DF489A12C4C9E2341BEF42883205
                                                                                                                                                                                                                                                  SHA1:281863D9F8B8D4D0DAD62E66E35F5C96CA0155FD
                                                                                                                                                                                                                                                  SHA-256:DDA74B071B5869A22B327633D9641F1340EC5B913359BB389C34C44A6DB579A5
                                                                                                                                                                                                                                                  SHA-512:815FC1E3A2E623FEA3B13AA2BCB3895FF9DDB2A7A05E1633C83D3F647EC4A4050AF0670ED01CABA47F02A920BF6AD84191B0B03EAD1E45105DD20D302D00CCE2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\browserhost.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 1302240 bytes, 8 files, at 0x44 +A "\browserhost.exe" +A "\browserhost.manifest", flags 0x4, number 1, extra bytes 20 in head, 121 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1312936
                                                                                                                                                                                                                                                  Entropy (8bit):7.9996906406741735
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:YKpc0IfBMQK252fl8b2Rd6cTiIYF3wiXNuBERjpvRKxrOoCxX2htEPh3hDr:YK8jK25GKb2R6IYFAeNuqDvKCmDEp3h/
                                                                                                                                                                                                                                                  MD5:F81CD9F1599139C5DE0CCD3B13285927
                                                                                                                                                                                                                                                  SHA1:59E7C8CF872C2F781BB1DD8A735E5610535F4C43
                                                                                                                                                                                                                                                  SHA-256:808E5DFBAF55691037A992E719F1FBF5BF5FB40F8D6440D0706F27D4E7FB9CE2
                                                                                                                                                                                                                                                  SHA-512:167E42368002C5CF233D4F8A39C3E5FDF0BA952DE024E1AE4951AD2C7F0E989AC615A0A57E006E653A77F971E73C708A8EF6E26C6049BD76096D28B764C4CCD6
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF............D................................)..............y.....;........YLq .\browserhost.exe..-....;....YTq .\browserhost.manifest.f....)<....Y"k .\edge.com.mcafee.webadvisor.json.e....+<....Y"k .\edge.com.mcafee.webadvisor_v2.json......,<....Y"k .\webadvisor.mcafee.chrome.extension.json.L...%/<....Y"k .\webadvisor.mcafee.firefox.extension.json.....q0<....Y"k .\webadvisor_v2.mcafee.chrome.extension.json.K....3<....Y"k .\webadvisor_v2.mcafee.firefox.extension.json.6...~...[...G .C...@..4.....j..Tj}ZYjY.T.X.QE;uF...Q..#..:G..nlwgT.X3*h...5.....F..........v........\..7....Zg..........U.! @........&-s.*..-f....u....58u..j......B3.G...M.Q.R.JS.n*pI........>!..KB...................B5S4VVVE........VlP.<.H9.L.......q..X.Zc+.[.......O.(..q...j...1n.w._;._e..l../.C}op..q.........Q./...w..{.=....[....!.x`...r...on3.U....<......{....F.o.......|.....r...wy..i.\[:...g/.w.~...=V#^....<2.................}O=..../K....v.y.......`.6..a....?.5W.|.i.=......#o.w....q..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\browserplugin.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 5067323 bytes, 2 files, at 0x44 +A "\browserplugin.manifest" +A "\e10ssaffplg.xpi", flags 0x4, number 1, extra bytes 20 in head, 183 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5078019
                                                                                                                                                                                                                                                  Entropy (8bit):7.999204670703307
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:98304:rPTtx20xoUoRYyKXJT6me+cU7Zd94YoMVvtvQNUznnFu5U3z:rX+cyKXRbe/U7ZgYNV1vMULFdj
                                                                                                                                                                                                                                                  MD5:AFA82B1222D9A93CE2EC0279DC025671
                                                                                                                                                                                                                                                  SHA1:C9297D806D299DA095F9D1979DB9C5B54BAF237F
                                                                                                                                                                                                                                                  SHA-256:FFA9CE39C49A226732E75BC8B5558FFC9DB3C12A7984FF4D99C9CE5E8BF214B6
                                                                                                                                                                                                                                                  SHA-512:65B63AD867F922F1053E51420B98B46BB6C5E05FD7A7E01E52F89914E206704D28FACB8C426558290034A212E6FF4B75A68FCE2E1E7D41A97539F96360F1AB5C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF....;RM.....D...........................;RM..)..................u..........YUq .\browserplugin.manifest.xU[.u......Y.p .\e10ssaffplg.xpi...A.[..[.....pj........*.D..]..qwwwwwpw.P.....\p.].....U.........6j...V..<M^$... .#,.a...OS........Z./O.@..O2..1.....i.)%M[..8p.u.`v7...&.Z.BGy.....A.."......7..$.N.6p.N..3..A...@..(..55...~?.c...l.K.c..LM......-.4..))..!...P..=...,+.....k.CG..+...i'.m+...L.* ...XgbZ^X.\.Ww..._.X\\[.i_.`..[.a.....}jn.......K8X.o....L.........1o.f._&......_.5..:....:k*....b>Z.r...?..f......sOp....L.8j...=...........f........_... .ZfZdd.X."....._...{.O[S.._.....e.[..}9*b..5.,5.......7..V}...Y...Wt(....../.Y...cm...._....5/..I..\:..v....~.6.~.../S......5......q?\..E.......4........'......U...Y.x.~.:..P..w...>..>6..,....1RZ..q.I.23...:;.....Sj]d]`Yffc._#.2......C.........}C.D.......?.n..V..Uf.k]Xn.i......E..L.....MF..}_..G......R....I...;...j.....[.E.....9.ai_q.........`..{o.c.....:........c....>LG...j.g......o.a^....E...G...R.......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\icon_complete.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3219
                                                                                                                                                                                                                                                  Entropy (8bit):7.7127647052020425
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:ek20QaOtG6FvySCYWm8yAxvU+LblYFv2tct:eQQaOwhS8m8yH+flLtct
                                                                                                                                                                                                                                                  MD5:4A09448B224F83F4E6D36AEC9FF4DA1E
                                                                                                                                                                                                                                                  SHA1:CC42250CAF610210EFF2904B1A08630A0888AB2F
                                                                                                                                                                                                                                                  SHA-256:911215D1ADA8D78A33F6ED9A3740A0652BE74EFA34ED22AE569D143F9B3B5040
                                                                                                                                                                                                                                                  SHA-512:390587FA96D17112CA7EC1ADFE2BA103FE39E980A35A2D4C7A3B6BCF4DE9E95B200DDCEE3C4B6C34899DE51F20F9635D41259558C77CF24279D26264DA953E2B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...d...d.....p.T....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:013EDEF9F71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:013EDEFAF71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEF7F71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDEF8F71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>d.8.....IDATx..kL.W.....Z(....h5>J....T,...4U...h.I..&~...`..hc......"h.. X.....m...Q....%...........'..ta.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\icon_failed.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3390
                                                                                                                                                                                                                                                  Entropy (8bit):7.74331289225542
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:ek2J8fBtCIc5eJXe1TDiotN45Myx7n6v9+j0ZH:e98fB8vcJqVUtx+9+j0p
                                                                                                                                                                                                                                                  MD5:AEE9C26A50511C3E4196C28662BCE665
                                                                                                                                                                                                                                                  SHA1:ADF6DA6EE3EAAD88E8EF1C9C07505AEFFDE89B57
                                                                                                                                                                                                                                                  SHA-256:0E2904A557F79BCE71A47BFB03E49FA9C5B54C7855017B54143EA2214501BFE6
                                                                                                                                                                                                                                                  SHA-512:F90AA520FD9308C502B857C4425BF6CF6E12C401EA4B538534E58655448232CF797AA9A9BA60B0932DBAFC28EE925D22BED6740DF82BB02C5C99EF851389F783
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...d...d.....p.T....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:013EDEFDF71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:013EDEFEF71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEFBF71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDEFCF71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..*.....IDATx..klTU...v..--/5.<.J...."F.aD.HQ4..(...j.P.a...?T ..F...........5..... ..jU..Q#.V(.]g...w.g.n.$.m

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\icon_laptop.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 100 x 73, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1511
                                                                                                                                                                                                                                                  Entropy (8bit):7.072392857408681
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:YQ1hepWwjx82lY2T3JbVvdgqud1oUUyJ3Vnf//XPtGiLBVa470GoqF0ynT6/at8a:YuccNn2Vw7znJ3BvPtnLW5qF0yTUa6fC
                                                                                                                                                                                                                                                  MD5:4D3A0258CF71A406CB7669FBE3FBEB2E
                                                                                                                                                                                                                                                  SHA1:0811273369EADF2604DB3C53426F85FE74B785E4
                                                                                                                                                                                                                                                  SHA-256:C156050A5D788BAD7D8F36482072B44A23F502F23C5F9198F6EB1EB066765DEE
                                                                                                                                                                                                                                                  SHA-512:837A275BC63DD19F5F8553E056C5EAF257D530A54E0EC386BB28B0A515CA58929E3464612C30D9E7034ACF7473119E03B00EBAB26B220391330FEF12BC087973
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...d...I............tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c014 79.156797, 2014/08/20-09:53:02 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2014 (Macintosh)" xmpMM:InstanceID="xmp.iid:3EBDD818F71C11E4981AC0D7455F8258" xmpMM:DocumentID="xmp.did:3EBDD819F71C11E4981AC0D7455F8258"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:013EDEFFF71C11E4981AC0D7455F8258" stRef:documentID="xmp.did:013EDF00F71C11E4981AC0D7455F8258"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..}....UIDATx..K.Q..sj-HT...X..t.Z.P.A$...v...._.-]DAkG....#.B....dr.(..@.*......-y.......<H.......{..^.\NA|h..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\installer.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3079968
                                                                                                                                                                                                                                                  Entropy (8bit):6.4924663136231695
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:x4h9JG7wvcPOowb0j5LjY58nbwsMB/KLGVwazuZbQH8:49/cPOoG0j5LjYObU/SKuZi8
                                                                                                                                                                                                                                                  MD5:9B6FDFBC11B51E810F01598730A002F4
                                                                                                                                                                                                                                                  SHA1:E93BBC426BE5BA4D4E9A8FE6C59404C9C693223F
                                                                                                                                                                                                                                                  SHA-256:C9E3EA8126273B9FA2439F674767F420630C46D68C02A9940EE97AAD05C42872
                                                                                                                                                                                                                                                  SHA-512:9D6E8C635FABDF71E4E0EB694CED5348445B69F7DB0F3DE83348B441DF2B4A24282C56C5E7AC1703060C5A106C28E9F06B71AABECD62DC67EFF944B057B8DA95
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........&f.{H5.{H5.{H5..K4.{H5..M42{H5O.L4.{H5O.K4.{H5O.M4.{H5,.M4.{H5..M4.{H5..L4.{H5..I4.{H5.{H5.{H5!.L4.{H5.{I5.yH5..A4l{H5..H4.{H5...5.{H5.{.5.{H5..J4.{H5Rich.{H5........................PE..d...TYWg.........."....$............P..........@............................../......./...`.........................................0.".$...T."......@&.8h....$..c...l.. ...../.h2... .p..................... .(....h..@....................."......................text............................... ..`.rdata..............................@..@.data...4.....".......".............@....pdata...c....$..d...f#.............@..@.didat....... &.......$.............@..._RDATA..\....0&.......$.............@..@.rsrc...8h...@&..j....$.............@..@.reloc..h2..../..4...8..............@..B........................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jquery-1.9.0.min.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (32132), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):93205
                                                                                                                                                                                                                                                  Entropy (8bit):5.288377247760317
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:fYcvR3VhH37Ha7EmakRhIHASkCDy08otU6myJXXxMZyYk0AjrzCqlKDo9YhnaTdf:fY8MaW2c+UELKUqnAdiG
                                                                                                                                                                                                                                                  MD5:A75A7E75DE7E95D0CF44254B591A0EAD
                                                                                                                                                                                                                                                  SHA1:A495F1544144C935F83A30E025265E3314E19078
                                                                                                                                                                                                                                                  SHA-256:E88147A2742CA1378EAB2E0E684C0898FE156DDDBCDBE142CBF8A8C1FE25BEB6
                                                                                                                                                                                                                                                  SHA-512:4CF67506E0C6E6A0D44A9C796092C09D99D834F9A5C94352A87880099BED1CA99086EED502B9604B64753E4BA56C5F15FDD1E47B2AF6CAEF9EA1B7F02A55EE06
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! jQuery v1.9.0 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license */(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i||c[f].data)||!u||r!==t)return f||(l?e[s]=f=K.pop()||st.guid++:f=s),c[f]||(c[f]={},l||(c[f].toJSON=st.noop)),("object"==typeof n||"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-cs-CZ.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2374), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):74892
                                                                                                                                                                                                                                                  Entropy (8bit):3.8109048145074778
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:MtrgKi7KxT98/9UIBtIFbxb6EFNBRV25JWavzs87n37ebyUDfIjGB:hs91bzNx0JWGsiUDwI
                                                                                                                                                                                                                                                  MD5:EF03E8660898846DA8DAAE5F63A6D510
                                                                                                                                                                                                                                                  SHA1:3131A93875E49EBA659D56EC9264DF716FBA7196
                                                                                                                                                                                                                                                  SHA-256:B2F89F5F2FDCD42E4DABC6967CAB68FCF5B0A9F2DD935F0F8D079D4014CD2430
                                                                                                                                                                                                                                                  SHA-512:0D2233C2648A7CFA4E977490E0DB00FFA7AA32E2058B66376CB4D5C2EFB40D6BA4CC4D5519C3B76EDBB0AD122B08BD3721EED48C00BCA0046A5EF011F33221FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..L.i.c.e.n...n... .s.m.l.o.u.v.a. .n.a. .b.e.z.p.e...n.o.s.t.n... .s.o.f.t.w.a.r.e. .I.n.t.e.l.........D...k.u.j.e.m.e. .z.a. .v.y.u.~.i.t... .b.e.z.p.e...n.o.s.t.n...h.o. .s.o.f.t.w.a.r.u. .a. .s.l.u.~.e.b. .s.p.o.l.e...n.o.s.t.i. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .(.d...l.e. .j.e.n. .. S.o.f.t.w.a.r.e.. ).,. .k.t.e.r... .p.o.s.k.y.t.u.j.e. .j.e.j... .s.t.o.p.r.o.c.e.n.t.n... .v.l.a.s.t.n...n... .d.c.e.Y.i.n... .s.p.o.l.e...n.o.s.t. .M.c.A.f.e.e... .T.o.t.o. .j.e. .p.r...v.n... .u.j.e.d.n...n... .m.e.z.i. .v...m.i. .a. .n.a.a... .s.p.o.l.e...n.o.s.t..... .I.n.s.t.a.l.a.c... .n.e.b.o. .p.o.u.~.i.t...m. .S.o.f.t.w.a.r.u. .v.y.j.a.d.Y.u.j.e.t.e. .s.o.u.h.l.a.s. .s. .p.o.d.m...n.k.a.m.i. .u.j.e.d.n...n...,. .p.r.o.t.o. .s.i. .j.e. .p.e...l.i.v... .p.Y.e...t...t.e... .........T.a.t.o. .s.m.l.o.u.v.a. .n.a. .b.e.z.p.e...n.o.s.t.n... .S.o.f.t.w.a.r.e. .I.n.t.e.l. .(.d...l.e. .j.e.n. .. S.m.l.o.u.v.a.. ). .u.p.r.a.v.u.j.e. .v.a.a.e. .p.r...v.a. .k. .p.o.u.~.i.t... .S.o.f.t.w.a.r.u.,. .j.e.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-da-DK.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2582), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):91776
                                                                                                                                                                                                                                                  Entropy (8bit):3.4531006440869785
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:nVNCGgfhrLJT5kmiYjC8DZ9p7WmTg5MSItM7Q1cTm/diaa8mwQUIqetIHi7M6X65:nVNCGgfhpTziY2Ol7FtD0aa8mWe9+PL
                                                                                                                                                                                                                                                  MD5:E7B24B072397487B19385511F573B992
                                                                                                                                                                                                                                                  SHA1:CD88B156249AAA968CCBC12BF54F5149DA2BAEBA
                                                                                                                                                                                                                                                  SHA-256:E8013A95BF7632B1F129F7DAEBFF48A742EEFAE9729B2BDD9F2B0920688A4BC0
                                                                                                                                                                                                                                                  SHA-512:174DCF163649A3355B36A1A8E948EC85588CD29A2B57DE60DA861195EEFAB6909134CE26445160E26088EC2CB9575480154859DE4D7DD32C53D7CD7855CAD0A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..L.i.c.e.n.s.a.f.t.a.l.e. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.k.,. .f.o.r.d.i. .d.u. .b.r.u.g.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.s. .s.o.f.t.w.a.r.e. .o.g. .t.j.e.n.e.s.t.e.r. .(.".S.o.f.t.w.a.r.e.n.".).,. .d.e.r. .l.e.v.e.r.e.s. .a.f. .M.c.A.f.e.e.,. .s.o.m. .e.r. .e.t. .h.e.l.e.j.e.t. .d.a.t.t.e.r.s.e.l.s.k.a.b. .a.f. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .D.e.t.t.e. .e.r. .e.n. .j.u.r.i.d.i.s.k. .a.f.t.a.l.e. .m.e.l.l.e.m. .o.s. .. .i.n.s.t.a.l.l.a.t.i.o.n. .e.l.l.e.r. .o.p.r.e.t.t.e.l.s.e. .a.f. .a.d.g.a.n.g. .t.i.l. .v.o.r.e.s. .S.o.f.t.w.a.r.e. .b.e.t.y.d.e.r.,. .a.t. .d.u. .a.c.c.e.p.t.e.r.e.r. .d.i.s.s.e. .v.i.l.k...r.,. .s... .d.u. .b.e.d.e.s. .l...s.e. .d.e.m. .o.m.h.y.g.g.e.l.i.g.t... .........I. .d.e.n.n.e. .l.i.c.e.n.s.a.f.t.a.l.e. .f.r.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".A.f.t.a.l.e.n.".). .g.e.n.n.e.m.g...s. .d.i.n.e. .r.e.t.t.i.g.h.e.d.e.r. .t.i.l. .a.t. .b.r.u.g.e. .S.o.f.t.w.a.r.e.n.,. .b.e.g.r...n.s.n.i.n.g.e.r. .f.o.r. .d.e.n.n.e. .b.r.u.g.,. .v.o.r.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-de-DE.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (3216), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):104206
                                                                                                                                                                                                                                                  Entropy (8bit):3.4917892348426625
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:Sw8jufxOksgk9WB2s9JIEwSKjKmDwwy0U6QVMsaXSTLgaP3FGb:FahQVS
                                                                                                                                                                                                                                                  MD5:2358F282F57F60EEEF57A981D52E34EF
                                                                                                                                                                                                                                                  SHA1:85F899EC06E3276222EF630715E982522D15CC73
                                                                                                                                                                                                                                                  SHA-256:C5E6541AB7B449EAC82BA40CBF58BE36DF771636AFB8A377927DDEF846D63A17
                                                                                                                                                                                                                                                  SHA-512:5482E0D53F82EB52F837F391E1B2D8FD6C7D12CFD67A97BF2DE54EDCF849A7C760DDAE2537B122D8A4EE723349F2E0F1DABC08441A9D38A60F8B5704A760D770
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.z.e.n.z.v.e.r.t.r.a.g.........V.i.e.l.e.n. .D.a.n.k.,. .d.a.s.s. .S.i.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .S.o.f.t.w.a.r.e. .u.n.d. .D.i.e.n.s.t.e. .(.. S.o.f.t.w.a.r.e.. ). .n.u.t.z.e.n.,. .d.i.e. .v.o.n. .M.c.A.f.e.e.,. .e.i.n.e.r. .h.u.n.d.e.r.t.p.r.o.z.e.n.t.i.g.e.n. .T.o.c.h.t.e.r.g.e.s.e.l.l.s.c.h.a.f.t. .v.o.n. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.,. .b.e.r.e.i.t.g.e.s.t.e.l.l.t. .w.e.r.d.e.n... .D.i.e.s. .i.s.t. .e.i.n. .r.e.c.h.t.s.k.r...f.t.i.g.e.r. .V.e.r.t.r.a.g. .z.w.i.s.c.h.e.n. .u.n.s.. m.i.t. .d.e.r. .I.n.s.t.a.l.l.a.t.i.o.n. .o.d.e.r. .d.e.m. .Z.u.g.r.i.f.f. .a.u.f. .u.n.s.e.r.e. .S.o.f.t.w.a.r.e. .s.t.i.m.m.e.n. .S.i.e. .d.i.e.s.e.n. .B.e.d.i.n.g.u.n.g.e.n. .z.u... .L.e.s.e.n. .S.i.e. .s.i.e. .d.e.s.h.a.l.b. .b.i.t.t.e. .a.u.f.m.e.r.k.s.a.m. .d.u.r.c.h... .........D.i.e.s.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.z.e.n.z.v.e.r.t.r.a.g. .(.. V.e.r.t.r.a.g.. ). .u.m.f.a.s.s.t. .I.h.r.e. .R.e.c.h.t.e. .z.u.r. .N.u.t.z.u.n.g. .d.e.r. .S.o.f.t.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-el-GR.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2776), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):103714
                                                                                                                                                                                                                                                  Entropy (8bit):4.054402888023057
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:7NPKnckk7Va7/ZYluLyBO/mw5rMpNVjX7MYeFz8cX:lKB5rMdX4/H
                                                                                                                                                                                                                                                  MD5:07550B71611D249AD061DC876AB53C6C
                                                                                                                                                                                                                                                  SHA1:D2C9A88A2830DA9103D20392DFFD2A637586B276
                                                                                                                                                                                                                                                  SHA-256:F922665E3947D8555D96607A1CAF20A1C3CA650C4A42F518EA9765502FF01062
                                                                                                                                                                                                                                                  SHA-512:BAAF338E1FE444B38EBB015802D40D3402E541C2C42202A534C59034187A0D7B5C681FB135B732B596CD8679B7900CEDD47882EE2CA605EA76CC5415F7DEDE26
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:................ ............. ............. ..................... ....... ................... .I.n.t.e.l. .S.e.c.u.r.i.t.y............... ......................... ....... ............................. ................... ....... ................... .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. ................... ).,. ....... ............... ... .M.c.A.f.e.e.,. ....... ....................... ..................... ................... ....... .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... ... ............... ................. ....... ............. ................. ............... ..... ......... ....... .......... .. ....................... ... ..................... ....... ..................... ....... ....................... ....... ..................... ..... ......... ................. ...........,. ................. ....... ....................... ..... ......... ................... ....................... ........... ............... ............... ............. ............. .....................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-en-US.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2456), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):85990
                                                                                                                                                                                                                                                  Entropy (8bit):3.453112144507336
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:/F7Fw4sT8hXmsqSrobeIT6f9BMaR4EYtI7F56:aoK
                                                                                                                                                                                                                                                  MD5:01BD6FB66DC6D58D2B1722D83FE26440
                                                                                                                                                                                                                                                  SHA1:B2766FF537D2883630EE3FB148E6A159EFB8383E
                                                                                                                                                                                                                                                  SHA-256:9A97854186CD17584C9649FEC8B77C2BB059B5ADA7AF9D128092E6EC30A377E5
                                                                                                                                                                                                                                                  SHA-512:578E5267FFC67F81D8B0782071033C9622CF9D8199B9118FA1CE80CB8D3F0AC101D0D81AF8B0A0B64ADB9A0FB69C7EC237632F0C02200D8655F9C071ADA6129A
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t.........T.h.a.n.k. .y.o.u. .f.o.r. .u.s.i.n.g. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .s.o.f.t.w.a.r.e. .a.n.d. .s.e.r.v.i.c.e.s. .(.. S.o.f.t.w.a.r.e.. ).,. .p.r.o.v.i.d.e.d. .b.y. .M.c.A.f.e.e.,. .a. .w.h.o.l.l.y. .o.w.n.e.d. .s.u.b.s.i.d.i.a.r.y. .o.f. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .T.h.i.s. .i.s. .a. .l.e.g.a.l. .a.g.r.e.e.m.e.n.t. .b.e.t.w.e.e.n. .u.s.. i.n.s.t.a.l.l.i.n.g. .o.r. .a.c.c.e.s.s.i.n.g. .o.u.r. .S.o.f.t.w.a.r.e. .m.e.a.n.s. .y.o.u. .a.r.e. .a.g.r.e.e.i.n.g. .t.o. .t.h.e.s.e. .t.e.r.m.s.,. .s.o. .p.l.e.a.s.e. .r.e.a.d. .t.h.e.m. .c.a.r.e.f.u.l.l.y... .........T.h.i.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t. .(.. A.g.r.e.e.m.e.n.t.. ). .c.o.v.e.r.s. .y.o.u.r. .r.i.g.h.t.s. .t.o. .u.s.e. .t.h.e. .S.o.f.t.w.a.r.e.,. .r.e.s.t.r.i.c.t.i.o.n.s. .o.n. .t.h.a.t. .u.s.e.,. .o.u.r. .r.i.g.h.t. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .r.e.n.e.w. .a.n.d. .c.h.a.r.g.e. .y.o.u. .f.o.r. .p.a.i.d. .v.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-es-ES.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2904), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):100834
                                                                                                                                                                                                                                                  Entropy (8bit):3.4283040020854774
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:JgO+5MfF+qvVWjB19FUUl2whazC7vT/yFjaX5Q9+5SYALxacixm44ri7qYdZ+vQm:Jg/5R9WPzzC3cix5kzYdZ+vQNQOW
                                                                                                                                                                                                                                                  MD5:EE9BC03D94335360BE94CFE2ED38F2E7
                                                                                                                                                                                                                                                  SHA1:D79ADFD3CBF5FB2BAA048DCD577FB82B02759F7C
                                                                                                                                                                                                                                                  SHA-256:2B6CBEA00317FDFF876880A2EB2590A06D79A9EBA05B72A08F7AF674C3441AE0
                                                                                                                                                                                                                                                  SHA-512:CC65C061A107DF5A19FE3077A31417A75DD6798A17D30CC4CE08DF1724D849538BC8589FF6D561368BEB1B70060AD344DE37D0C4ABC5471CC3BEA1A14D847007
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.c.i.a.s. .p.o.r. .u.t.i.l.i.z.a.r. .l.o.s. .s.e.r.v.i.c.i.o.s. .y. .e.l. .s.o.f.t.w.a.r.e. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ).,. .s.u.m.i.n.i.s.t.r.a.d.o.s. .p.o.r. .M.c.A.f.e.e.,. .u.n.a. .f.i.l.i.a.l. .p.a.r.t.i.c.i.p.a.d.a. .p.l.e.n.a.m.e.n.t.e. .p.o.r. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .e.s. .u.n. .a.c.u.e.r.d.o. .l.e.g.a.l. .e.n.t.r.e. .n.o.s.o.t.r.o.s... .A.l. .i.n.s.t.a.l.a.r. .o. .a.c.c.e.d.e.r. .a. .n.u.e.s.t.r.o. .S.o.f.t.w.a.r.e. .i.n.d.i.c.a. .u.s.t.e.d. .q.u.e. .a.c.e.p.t.a. .l.o.s. .p.r.e.s.e.n.t.e.s. .t...r.m.i.n.o.s.,. .p.o.r. .l.o. .t.a.n.t.o.,. .l.e. .r.o.g.a.m.o.s. .q.u.e. .l.o.s. .l.e.a. .c.o.n. .a.t.e.n.c.i...n... .........E.l. .p.r.e.s.e.n.t.e. .A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.e.l. . .. A.c.u.e.r.d.o.. ). .e.s.t.a.b.l.e.c.e. .c.u...l.e.s. .s.o.n. .s.u.s. .d.e.r.e.c.h.o.s. .d.e. .u.s.o. .d.e.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-es-MX.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2904), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):100834
                                                                                                                                                                                                                                                  Entropy (8bit):3.428277035149879
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:JgO+5MfF+qvVWjB19FUUl2whazC7vT/yFjaX5Q9+5SYALxacixm44ri7qYdZ+vQH:Jg/5R9WPzzC3cix5kzYdZ+vQNQO3
                                                                                                                                                                                                                                                  MD5:C3BF812E539D6533C1835F2750E2576E
                                                                                                                                                                                                                                                  SHA1:DA5D515CAD63E95762BAFFF2610D9E9C80D35EB9
                                                                                                                                                                                                                                                  SHA-256:F181CA55AF444B171A8360B33A3521AB9118B9F36F944BF687D43EE0563C0C9C
                                                                                                                                                                                                                                                  SHA-512:26F23774F7D665AEB550C5BFE5FA012FE08CCE2ECD7A6EA246F8A2233FAA7329A1D52F50CD1171089B473BCB49B96858B8CAA90C6E882FB8FB4BA3682BD25747
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.c.i.a.s. .p.o.r. .u.t.i.l.i.z.a.r. .l.o.s. .s.e.r.v.i.c.i.o.s. .y. .e.l. .s.o.f.t.w.a.r.e. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ).,. .s.u.m.i.n.i.s.t.r.a.d.o.s. .p.o.r. .M.c.A.f.e.e.,. .u.n.a. .f.i.l.i.a.l. .p.a.r.t.i.c.i.p.a.d.a. .p.l.e.n.a.m.e.n.t.e. .p.o.r. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .e.s. .u.n. .a.c.u.e.r.d.o. .l.e.g.a.l. .e.n.t.r.e. .n.o.s.o.t.r.o.s... .A.l. .i.n.s.t.a.l.a.r. .o. .a.c.c.e.d.e.r. .a. .n.u.e.s.t.r.o. .S.o.f.t.w.a.r.e. .i.n.d.i.c.a. .u.s.t.e.d. .q.u.e. .a.c.e.p.t.a. .l.o.s. .p.r.e.s.e.n.t.e.s. .t...r.m.i.n.o.s.,. .p.o.r. .l.o. .t.a.n.t.o.,. .l.e. .r.o.g.a.m.o.s. .q.u.e. .l.o.s. .l.e.a. .c.o.n. .a.t.e.n.c.i...n... .........E.l. .p.r.e.s.e.n.t.e. .A.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .d.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.e.l. . .. A.c.u.e.r.d.o.. ). .e.s.t.a.b.l.e.c.e. .c.u...l.e.s. .s.o.n. .s.u.s. .d.e.r.e.c.h.o.s. .d.e. .u.s.o. .d.e.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-fi-FI.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2621), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):90558
                                                                                                                                                                                                                                                  Entropy (8bit):3.4500679413514117
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:HE2oXLv8VtIG4O4mPf5lC66AlB1Fd+NlLVlbH2ZuWUh/U:Hl4gtI24cf5c6J7l8vWUhc
                                                                                                                                                                                                                                                  MD5:678A39502230D029CC22AB42787EC4EF
                                                                                                                                                                                                                                                  SHA1:7314F42A6412DF9ADC98261EBF674C417A9E2437
                                                                                                                                                                                                                                                  SHA-256:73CCA4EF648544FAF7B4E20B7F54D7D4B2761674D61ADE0CB0943CB98BC22897
                                                                                                                                                                                                                                                  SHA-512:B00BF94EBFA427A2B669F18F963640E9C6442137BC7647F0EBE75A1D00E2D8D0696A10A49A238962014F17E26E6946861EFB5BD4931D5D6157AEB29EFB4C9C9D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .k...y.t.t...o.i.k.e.u.s.s.o.p.i.m.u.s.........K.i.i.t.o.s.,. .e.t.t... .v.a.l.i.t.s.i.t. .I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .o.h.j.e.l.m.i.s.t.o.n. .j.a. .p.a.l.v.e.l.u.t. .(.. o.h.j.e.l.m.i.s.t.o.. ).,. .j.o.t.k.a. .t.a.r.j.o.a.a. .M.c.A.f.e.e.,. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.i.n. .k.o.k.o.n.a.a.n. .o.m.i.s.t.a.m.a. .t.y.t...r.y.h.t.i..... .T...m... .o.n. .l.a.i.l.l.i.n.e.n. .s.o.p.i.m.u.s. .m.e.i.d...n. .j.a. .k...y.t.t...j...n. .v...l.i.l.l..... .A.s.e.n.t.a.m.a.l.l.a. .t.a.i. .k...y.t.t...m...l.l... .o.h.j.e.l.m.i.s.t.o.a.m.m.e. .s.i.t.o.u.d.u.t. .n...i.h.i.n. .e.h.t.o.i.h.i.n.,. .j.o.t.e.n. .o.n. .t...r.k.e.....,. .e.t.t... .l.u.e.t. .n.e. .h.u.o.l.e.l.l.i.s.e.s.t.i... .........T...m... .I.n.t.e.l. .S.e.c.u.r.i.t.y.n. .k...y.t.t...o.i.k.e.u.s.s.o.p.i.m.u.s. .(.. s.o.p.i.m.u.s.. ). .p.i.t..... .s.i.s...l.l.....n. .k...y.t.t...j...n. .o.i.k.e.u.d.e.t. .o.h.j.e.l.m.i.s.t.o.n. .k...y.t.t.....n.,. .t...t... .k...y.t.t..... .k.o.s.k.e.v.a.t. .r.a.j.o.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-fr-CA.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2833), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):100074
                                                                                                                                                                                                                                                  Entropy (8bit):3.4570958714075197
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:YUojrJ1ucLHrQIvVQXrsE2Kd6kPu1dTNjOy+psORpT6koBWT7qO6H5U8mSwE9Neu:YwrsE2KdYmfwqjlK2BZVqCChcw0c
                                                                                                                                                                                                                                                  MD5:11FB5D919E8D4CA8E251B8316C0D9FDD
                                                                                                                                                                                                                                                  SHA1:844E3895654A12291557A08C0B8EDDEB931CA55B
                                                                                                                                                                                                                                                  SHA-256:9D13797690BB4B88C62A53CB602249BEBCF6604931241EC7481CB4B132863B11
                                                                                                                                                                                                                                                  SHA-512:2BC3C24A5F696589A075AB3BA64E823056EA53E1773B1183B4FCF06E5E17A21ED3C521639C29FE8E4F5CA1FD51F8FE496A22A1B84DC7DF34FEF63D6E6825F16A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..C.o.n.t.r.a.t. .d.e. .l.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........M.e.r.c.i. .d.'.u.t.i.l.i.s.e.r. .l.e. .l.o.g.i.c.i.e.l. .e.t. .l.e.s. .s.e.r.v.i.c.e.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....L.o.g.i.c.i.e.l.....). .f.o.u.r.n.i.s. .p.a.r. .M.c.A.f.e.e.,. .u.n.e. .f.i.l.i.a.l.e. .e.n. .p.r.o.p.r.i...t... .e.x.c.l.u.s.i.v.e. .d.'.I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .L.e. .p.r...s.e.n.t. .d.o.c.u.m.e.n.t. .e.s.t. .u.n. .a.c.c.o.r.d. .j.u.r.i.d.i.q.u.e. .c.o.n.c.l.u. .e.n.t.r.e. .v.o.u.s. .e.t. .n.o.u.s... .E.n. .i.n.s.t.a.l.l.a.n.t. .o.u. .e.n. .a.c.c...d.a.n.t. ... .n.o.t.r.e. .L.o.g.i.c.i.e.l.,. .v.o.u.s. .a.c.c.e.p.t.e.z. .l.e.s. .p.r...s.e.n.t.e.s. .c.o.n.d.i.t.i.o.n.s... .V.e.u.i.l.l.e.z. .d.o.n.c. .l.e.s. .l.i.r.e. .a.t.t.e.n.t.i.v.e.m.e.n.t... .........L.e. .p.r...s.e.n.t. .C.o.n.t.r.a.t. .d.e. .L.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....C.o.n.t.r.a.t.....). .p.o.r.t.e. .s.u.r. .v.o.s. .d.r.o.i.t.s. .d.'.u.t.i.l.i.s.e.r. .l.e. .L.o.g.i.c.i.e.l.,. .l.e.s. .r.e.s.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-fr-FR.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2833), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):100074
                                                                                                                                                                                                                                                  Entropy (8bit):3.4566889314561657
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:YUojrJ1ucLHrQIvVQXrsE2Kd6kPu1dTNjOy+psORpT6koBWT7qO6H5U8mSwE9Nec:YwrsE2KdYmfwqjlK2BZVqCChcw0a
                                                                                                                                                                                                                                                  MD5:32C0E5CC752C2F76FF6AA79B9D7E4F58
                                                                                                                                                                                                                                                  SHA1:A4C7E48D029A4951B43D2948B20A8B12FFCF619F
                                                                                                                                                                                                                                                  SHA-256:B003840DF4B91DD867552137E01BE0BD601EAAFB74E9974F83144FDC9EE9BF0C
                                                                                                                                                                                                                                                  SHA-512:B1F61FF518D1A972574E9FD2AC763BF82BEB985AACA7661164AFCB28AF75709F539A837A8A7347F677FCEBC034EB96498E7F1A121967A8D5A0F807683618A2C5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..C.o.n.t.r.a.t. .d.e. .l.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........M.e.r.c.i. .d.'.u.t.i.l.i.s.e.r. .l.e. .l.o.g.i.c.i.e.l. .e.t. .l.e.s. .s.e.r.v.i.c.e.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....L.o.g.i.c.i.e.l.....). .f.o.u.r.n.i.s. .p.a.r. .M.c.A.f.e.e.,. .u.n.e. .f.i.l.i.a.l.e. .e.n. .p.r.o.p.r.i...t... .e.x.c.l.u.s.i.v.e. .d.'.I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .L.e. .p.r...s.e.n.t. .d.o.c.u.m.e.n.t. .e.s.t. .u.n. .a.c.c.o.r.d. .j.u.r.i.d.i.q.u.e. .c.o.n.c.l.u. .e.n.t.r.e. .v.o.u.s. .e.t. .n.o.u.s... .E.n. .i.n.s.t.a.l.l.a.n.t. .o.u. .e.n. .a.c.c...d.a.n.t. ... .n.o.t.r.e. .L.o.g.i.c.i.e.l.,. .v.o.u.s. .a.c.c.e.p.t.e.z. .l.e.s. .p.r...s.e.n.t.e.s. .c.o.n.d.i.t.i.o.n.s... .V.e.u.i.l.l.e.z. .d.o.n.c. .l.e.s. .l.i.r.e. .a.t.t.e.n.t.i.v.e.m.e.n.t... .........L.e. .p.r...s.e.n.t. .C.o.n.t.r.a.t. .d.e. .L.i.c.e.n.c.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.....C.o.n.t.r.a.t.....). .p.o.r.t.e. .s.u.r. .v.o.s. .d.r.o.i.t.s. .d.'.u.t.i.l.i.s.e.r. .l.e. .L.o.g.i.c.i.e.l.,. .l.e.s. .r.e.s.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-hr-HR.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2677), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):87744
                                                                                                                                                                                                                                                  Entropy (8bit):3.5874191528402934
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:4D5AY14mQom+cQuoy8H5Zo3ij63ydrXxYM+gDUC5lBvt4UgmsiyePIOA:3jelDB1vm
                                                                                                                                                                                                                                                  MD5:5CC370E61A37DF91B7D6C966805A5926
                                                                                                                                                                                                                                                  SHA1:8CE489F5074986D14A1735B7D276265A61BAAAF2
                                                                                                                                                                                                                                                  SHA-256:82C092D77335642F2968FA74C0F50079EC2A2A81A3E3A8A0636C1219DCC10FD7
                                                                                                                                                                                                                                                  SHA-512:4CDB0FF15716FF82843CC0AC6F3DC2F07C16EEBC62E1377F6F951211F0984A98322F8F71824F6C859C1D4D779A11D947A2784454B8D12CF7EC2297E5415CBDBB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..L.i.c.e.n.c.n.i. .u.g.o.v.o.r. .z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........H.v.a.l.a. .a.t.o. .k.o.r.i.s.t.i.t.e. .s.o.f.t.v.e.r. .i. .u.s.l.u.g.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.v.e.r.".).,. .k.o.j.i. .i.s.p.o.r.u...u.j.e. .M.c.A.f.e.e.,. .p.o.d.r.u.~.n.i.c.a. .u. .p.o.t.p.u.n.o.m. .v.l.a.s.n.i.a.t.v.u. .t.v.r.t.k.e. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .O.v.o. .j.e. .p.r.a.v.n.i. .u.g.o.v.o.r. .i.z.m.e...u. .n.a.s.. i.n.s.t.a.l.i.r.a.n.j.e. .i.l.i. .p.r.i.s.t.u.p. .n.a.a.e.m. .S.o.f.t.v.e.r.u. .z.n.a...i. .d.a. .s.e. .s.l.a.~.e.t.e. .s. .n.j.e.g.o.v.i.m. .u.v.j.e.t.i.m.a.,. .p.a. .v.a.s. .m.o.l.i.m.o. .d.a. .i.h. .p.a.~.l.j.i.v.o. .p.r.o...i.t.a.t.e... .........O.v.a.j. .L.i.c.e.n.c.n.i. .u.g.o.v.o.r. .z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".U.g.o.v.o.r.".). .o.b.u.h.v.a...a. .v.a.a.e. .p.r.a.v.o. .n.a. .k.o.r.i.a.t.e.n.j.e. .S.o.f.t.v.e.r.a.,. .o.g.r.a.n.i...e.n.j.a. .u. .n.j.e.g.o.v.o.m. .k.o.r.i.a.t.e.n.j.u.,. .n.a.a.e. .p.r.a.v.o. .n.a. .a.u.t.o.m.a.t.s.k.o. .o.b.n.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-hu-HU.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2782), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):98690
                                                                                                                                                                                                                                                  Entropy (8bit):3.685619337213005
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:3+Y5qMxXdv62/0ojFC0hQY+eUbM5wbg6u+sWOvm1SeWN3CBw4bZKMoBwAbCxpI1t:zsGDmMeI
                                                                                                                                                                                                                                                  MD5:747D979803169F76FFB0694E906515EC
                                                                                                                                                                                                                                                  SHA1:88615D66D8601DBB4F647BBEF9F33BC09F139CB8
                                                                                                                                                                                                                                                  SHA-256:4DD8DEEA7EF8DB214D5C9E8A524EE0FD1BEF58937623945BB17DE69CD8C4125A
                                                                                                                                                                                                                                                  SHA-512:3F33985624C3FF4989A9C37350EFFD4E07CF70195F4F462E4359EF3215DECFE1DF0772ECE2201EA620BE3B5CA1650F87D2F10CA08BA9926F799BDC77324DB3BE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s.........K...s.z...n.j...k.,. .h.o.g.y. .a.z. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .t.e.l.j.e.s. .t.u.l.a.j.d.o.n... .l.e...n.y.v...l.l.a.l.a.t.a.,. .a. .M.c.A.f.e.e. ...l.t.a.l. .k...n...l.t. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .s.z.o.f.t.v.e.r.t. ...s. .s.z.o.l.g...l.t.a.t...s.o.k.a.t. .(.. S.z.o.f.t.v.e.r.. ). .h.a.s.z.n...l.j.a... .E.z. .a. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s. .e.g.y. .k...z...t.t...n.k. .l...t.r.e.j...t.t. .j.o.g.i. .m.e.g...l.l.a.p.o.d...s. .. .a. .S.z.o.f.t.v.e.r...n.k. .t.e.l.e.p...t...s.e. .v.a.g.y. .a. .S.z.o.f.t.v.e.r...n.k.h...z. .v.a.l... .h.o.z.z...f...r...s. .a.z.t. .j.e.l.e.n.t.i.,. .h.o.g.y. ...n. .e.g.y.e.t...r.t. .a. .s.z.e.r.z.Q.d...s.b.e.n. .f.o.g.l.a.l.t. .f.e.l.t...t.e.l.e.k.k.e.l.,. .e.z...r.t. .o.l.v.a.s.s.a. .e.l. .f.i.g.y.e.l.m.e.s.e.n. .a.z.o.k.a.t... .........A.z. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .l.i.c.e.n.c.s.z.e.r.z.Q.d...s. .(.. S.z.e.r.z.Q.d...s.. ). .a. .S.z.o.f.t.v.e.r. .h.a.s.z.n...l.a.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-it-IT.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2974), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):103642
                                                                                                                                                                                                                                                  Entropy (8bit):3.410756917907654
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:D+piF3I9T9qL1rEINLBC7LcfZJJSMqHDYCebssNKlU8rmjVHJkItVdM1OrzjW:6/c16yjdM1OS
                                                                                                                                                                                                                                                  MD5:D9AFC6FA5E620BA21FC7AAE5EEA075A1
                                                                                                                                                                                                                                                  SHA1:722FAFD586D555E67868847BE2D590728211F968
                                                                                                                                                                                                                                                  SHA-256:D87E62812B503E53398140F0FA7F334647D1F44AE8A7BA8F070FC783F1BA9730
                                                                                                                                                                                                                                                  SHA-512:4537A9755CB3B960EECA97E7E3DD415E206628E1426563F982EE7FF957B1784F4FFEA825635447F43F6043E1FADD7B8643F3FB7ADBB7B95B80E86D35986866D4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..C.o.n.t.r.a.t.t.o. .d.i. .l.i.c.e.n.z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........G.r.a.z.i.e. .p.e.r. .a.v.e.r. .s.c.e.l.t.o. .d.i. .u.t.i.l.i.z.z.a.r.e. .i. .s.o.f.t.w.a.r.e. .e. .i. .s.e.r.v.i.z.i. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.w.a.r.e.".). .f.o.r.n.i.t.i. .d.a. .M.c.A.f.e.e.,. .c.o.n.s.o.c.i.a.t.a. .i.n.t.e.r.a.m.e.n.t.e. .c.o.n.t.r.o.l.l.a.t.a. .d.i. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .I.l. .p.r.e.s.e.n.t.e. .d.o.c.u.m.e.n.t.o. .c.o.s.t.i.t.u.i.s.c.e. .u.n. .c.o.n.t.r.a.t.t.o. .l.e.g.a.l.e. .t.r.a. .n.o.i. .e. .l.'.u.t.e.n.t.e... .L.'.i.n.s.t.a.l.l.a.z.i.o.n.e. .o. .l.'.a.c.c.e.s.s.o. .a.i. .n.o.s.t.r.i. .S.o.f.t.w.a.r.e. .i.m.p.l.i.c.a. .l.'.a.c.c.e.t.t.a.z.i.o.n.e. .d.i. .q.u.e.s.t.i. .t.e.r.m.i.n.i. .d.a. .p.a.r.t.e. .d.e.l.l.'.u.t.e.n.t.e.,. .c.h.e. .p.e.r.t.a.n.t.o. ... .t.e.n.u.t.o. .a. .l.e.g.g.e.r.l.i. .c.o.n. .a.t.t.e.n.z.i.o.n.e... .........I.l. .p.r.e.s.e.n.t.e. .c.o.n.t.r.a.t.t.o. .d.i. .l.i.c.e.n.z.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".C.o.n.t.r.a.t.t.o.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-ja-JP.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (1234), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):41412
                                                                                                                                                                                                                                                  Entropy (8bit):5.772085659974916
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:8bY257pwJE0xJUhghf/3Gkojyef4ktbfR/KSCDpKIb5MhON:8E257OJE0ighfSyKtbfxapV
                                                                                                                                                                                                                                                  MD5:98E639EF30DAC59ECA90EEB00D0E43E6
                                                                                                                                                                                                                                                  SHA1:31AC8D540EA3A0202797CB3B3B370128B4D17D81
                                                                                                                                                                                                                                                  SHA-256:CC3A2E0426012943EB51B2A2568F06F0273F0CE5403ACA4A906278186126E5A9
                                                                                                                                                                                                                                                  SHA-512:29201C2D4A8E465BB045FF8F415BC43834B4E6D55C3A561B2039580291B21472F54A092E551F8A2DA2B7EBF7EA65CDED46993BF287B6D89E1BE0CEB801E61E51
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ..O(u1...QY.}........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .n0hQM..Q.P[.O>yg0B0.0 .M.c.A.f.e.e.L0.c.OY0.0 .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..0.0.0.0.0.0J0.0s0.0.0.0.0...0.0.0.0.0.0.0.0...0)R(uD0_0`0M0B0.0L0h0F0T0V0D0~0Y0.0 .,gQY.}o0J0.[.ih0S_>yh0n0..k0.}P}U0.0.0.l.vj0QY.}g0Y0.0J0.[.io0.0S_>yn0.0.0.0.0.0.0.0.0.0.0.0.0.0~0_0o0]0.0k0.0.0.0.0Y0.0S0h0k0.0.0.0,gQY.}n0ag.Nk0.T.aW0_0h0.0j0U0.0~0Y0n0g0.0,gQY.}.0.0O0J0...0O0`0U0D0.0 .........S0n0 .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..O(u1...QY.}.f...0,gQY.}.0..o0.0J0.[.in0.0.0.0.0.0.0.O(u)j.0.O(u6RP..0.0.0.0.0.0.0n0.g.Q.0.0.0.0.0~0_0o0_j...0..R.vk0.f.eJ0.0s0...Y0.0S_>yn0)j)R.0J0.0s0S_>yh0J0.[.in0..k0zv.uY0.0.S..'`n0B0.0.}.Nn0.N..k0.[Y0.0J0.[.in0.T.ak0d0D0f0....W0f0D0~0Y0.0 ....j0.0,gQY.}h0h0.0k0J0.[.ik0i.(uU0.0.0.0S_>yn0.0.0.0.0.0.0k0..Y0.0.X.f..h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.j.a.p.a.n.e.s.e./.i.n.d.e.x...h.t.m....0+T.0...Rag.Nx0n0.0.0.0L0+T~0.0f0D0~0Y0.0 ..T.Vyr.gn0ag.No0,gQY.}

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-ko-KR.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (1439), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):46328
                                                                                                                                                                                                                                                  Entropy (8bit):5.58543674296238
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:iLBTRAz/+e7qDm/7QgTt2Bk6baOLFureI5mIxFRlKi3lu:iLnAz/+e+DmzQgZ2BdblJsSi3lu
                                                                                                                                                                                                                                                  MD5:F890FFDF8BBEB7A877F1DA8978AFC5CB
                                                                                                                                                                                                                                                  SHA1:1920F72796976EB486C3AB9B2BBA34530DE4CC84
                                                                                                                                                                                                                                                  SHA-256:6522E4325DBA7429F941B435FDC5F79281582D4F04BF13C3708ECA24385A7F96
                                                                                                                                                                                                                                                  SHA-512:50EA45A40A907FE41FF0F15AB1A36311053C76703E0AB07407FB6554954F2A7F96363E8FB46DBD6E401D9F6B7D03175016243C0C0D54BA86A241844EB8289FE7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .|.t. ... ..}.........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.X. ...a. .... .....x. .M.c.A.f.e.e..... .....X.. .I.n.t.e.l. .S.e.c.u.r.i.t.y. ......... ... ...D...(.t.X. .. ......... ).|. .....t. ...T... .....i..... .t..@. .....@. ...... ...t.X. ..... ..}...... .....X. .........|. .$.X.X.p... .a.8...X.. ...@. .t. ..}. .}..... ..X.X.. ...t...\.,. .}...D. ...X. .J... .}.<...0. ......... .........t. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .|.t. ... ..}.(.t.X. .. .}.. ).@. ......... ..... .....,. ......... .....X. ...\. .p.t.,. .........X. . .. .....t.. .0..... ...t. ....<.\. ..}.D. .1...X.. ......... ...a.D. ...l.`. ... .... .....X. .....,. ...... .....@. ...... ...t... .....`. ... .... .....X. ...... ...\. ...X.X. ..X. .....D. ........ .t. .8...... ...X.... ........ .t. ..... ..}.D. .l.1.X.. .\. .....x. ....\. ..... ..}. .}...(...:. ...x.......8. .H..8.,. .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-nb-NO.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2743), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):84476
                                                                                                                                                                                                                                                  Entropy (8bit):3.446843354798183
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:fvk22xFWKEjm1iM70NJnqNiGAsX0MRKQ/s+p6jdIuRMPNGZJq7ALa/jcuqqRp5QV:fvk22xFWKEjm1iM70NJnqNiGAsX0MRKL
                                                                                                                                                                                                                                                  MD5:0FC2D0F93151C10CE5332B318B34749B
                                                                                                                                                                                                                                                  SHA1:0CE5DA03AC3F9833A04C528510AA7E93308E9832
                                                                                                                                                                                                                                                  SHA-256:84BA9DE6406BE526CA526BAF01EC1A4704AD65333AA15873418455CAC7DB77D7
                                                                                                                                                                                                                                                  SHA-512:88F023C2A1DE1647BB64D48EDD5E57C245A183701B750BF6868EA844F1B26EB93877F66A07F798049D3A67C02B5223ABD6C2B853980F58542E744C7D4C910D80
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..L.i.s.e.n.s.a.v.t.a.l.e. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.k.k. .f.o.r. .a.t. .d.u. .b.r.u.k.e.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.s. .p.r.o.g.r.a.m.v.a.r.e. .o.g. .t.j.e.n.e.s.t.e.r. .(.".p.r.o.g.r.a.m.m.e.t.).,. .l.e.v.e.r.t. .a.v. .M.c.A.f.e.e.,. .e.t. .h.e.l.e.i.d. .d.a.t.t.e.r.s.e.l.s.k.a.p. .a.v. .I.n.t.e.r. .C.o.r.p.o.r.a.t.i.o.n... .D.e.t.t.e. .e.r. .e.n. .j.u.r.i.d.i.s.k. .a.v.t.a.l.e. .m.e.l.l.o.m. .o.s.s. .. .i.n.s.t.a.l.l.a.s.j.o.n. .e.l.l.e.r. .b.r.u.k. .a.v. .v...r. .p.r.o.g.r.a.m.v.a.r.e. .b.e.t.y.r. .a.t. .d.u. .g.o.d.t.a.r. .d.i.s.s.e. .v.i.l.k...r.e.n.e.,. .s... .l.e.s. .d.e.m. .n...y.e... .........D.e.n.n.e. .l.i.s.e.n.s.a.v.t.a.l.e.n. .f.o.r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".a.v.t.a.l.e.n.".). .d.e.k.k.e.r. .d.i.n. .r.e.t.t. .t.i.l. ... .b.e.n.y.t.t.e. .p.r.o.g.r.a.m.v.a.r.e.n.,. .b.e.g.r.e.n.s.n.i.n.g.e.r. .p... .d.e.n.n.e. .b.r.u.k.e.n.,. .v...r. .r.e.t.t. .t.i.l. .a.u.t.o.m.a.t.i.s.k. .f.o.r.n.y.e.l.s.e. .o.g. .t.a. .b.e.t.a.l.t. .f.o.r. .b.e.t.a.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-nl-NL.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2801), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):100578
                                                                                                                                                                                                                                                  Entropy (8bit):3.442006366072733
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:OQ/9KbnOOfNlk/R5OVUR5Oh/RKe/HEUnOZVOsf6jzytJpjIzGeQRV22n3sT58jQM:B
                                                                                                                                                                                                                                                  MD5:8F101B5AF8CB0A1F5783173B125DCD47
                                                                                                                                                                                                                                                  SHA1:6CD517E2565B326CCBD900C67D668EA2D2D899A4
                                                                                                                                                                                                                                                  SHA-256:CB5A555248A9C01D9C9967790CDD7F616D147E1C1E7B737F13641F5E2842AE1B
                                                                                                                                                                                                                                                  SHA-512:D08432ACB958D5CC878819C00DEFF27E02EEE3A48F544DC7A097AD98D64C11DB3AB2C79831D546900EF9BAF4B121722330D1AA31AE8A2D9887B399BCE0425CBD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..L.i.c.e.n.t.i.e.o.v.e.r.e.e.n.k.o.m.s.t. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........D.a.n.k. .u. .v.o.o.r. .h.e.t. .g.e.b.r.u.i.k. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y.-.s.o.f.t.w.a.r.e. .e.n. .-.d.i.e.n.s.t.e.n. .(.'.S.o.f.t.w.a.r.e.'.).,. .a.a.n.g.e.b.o.d.e.n. .d.o.o.r. .M.c.A.f.e.e.,. .e.e.n. .v.o.l.l.e.d.i.g.e. .d.o.c.h.t.e.r.o.n.d.e.r.n.e.m.i.n.g. .v.a.n. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .D.i.t. .i.s. .e.e.n. .j.u.r.i.d.i.s.c.h.e. .o.v.e.r.e.e.n.k.o.m.s.t. .t.u.s.s.e.n. .o.n.s... .D.o.o.r. .o.n.z.e. .S.o.f.t.w.a.r.e. .t.e. .i.n.s.t.a.l.l.e.r.e.n. .e.n. .t.e. .o.p.e.n.e.n.,. .g.e.e.f.t. .u. .a.a.n. .d.a.t. .u. .a.k.k.o.o.r.d. .g.a.a.t. .m.e.t. .d.e.z.e. .v.o.o.r.w.a.a.r.d.e.n... .L.e.e.s. .z.e. .d.u.s. .z.o.r.g.v.u.l.d.i.g... .........D.e.z.e. .L.i.c.e.n.t.i.e.o.v.e.r.e.e.n.k.o.m.s.t. .v.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.'.O.v.e.r.e.e.n.k.o.m.s.t.'.). .b.e.s.c.h.r.i.j.f.t. .u.w. .r.e.c.h.t.e.n. .o.m. .d.e. .S.o.f.t.w.a.r.e. .t.e. .g.e.b.r.u.i.k.e.n.,. .d.e. .b.e.p.e.r.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-pl-PL.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2967), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):101850
                                                                                                                                                                                                                                                  Entropy (8bit):3.7337427670871493
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:dnEmLzXswPaPfzO8liJQIKQ42HzLMH7scwS3/80GIrKQ+Qp:ayXeV
                                                                                                                                                                                                                                                  MD5:DD278C4F855195B67D66D697BDB8F909
                                                                                                                                                                                                                                                  SHA1:F00413B9D2D51C36524011D43AFC93B4813AB4F5
                                                                                                                                                                                                                                                  SHA-256:07420FBC165BB9E0D85C9B4634185DB361A6AEA7A2921A204A453F9446A24ACF
                                                                                                                                                                                                                                                  SHA-512:01959DB09243CD80FA821E9808BE2386B63FA09DE7E8416CD4B2C8558CD3511309E1CAF7AC3D9ECD6550A66E5BC5DE9BFA990B12055F2E9885095C2F8F0743B8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..U.m.o.w.a. .l.i.c.e.n.c.y.j.n.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........D.z.i...k.u.j.e.m.y. .z.a. .k.o.r.z.y.s.t.a.n.i.e. .z. .o.p.r.o.g.r.a.m.o.w.a.n.i.a. .i. .u.s.B.u.g. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.z.w.a.n.y.c.h. .d.a.l.e.j. .. O.p.r.o.g.r.a.m.o.w.a.n.i.e.m.. ). .o.f.e.r.o.w.a.n.y.c.h. .p.r.z.e.z. .M.c.A.f.e.e.,. .s.p...B.k... .z.a.l.e.|.n...,. .k.t...r.e.j. .w.y.B...c.z.n.y.m. .w.B.a.[.c.i.c.i.e.l.e.m. .j.e.s.t. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .N.i.n.i.e.j.s.z.y. .d.o.k.u.m.e.n.t. .s.t.a.n.o.w.i. .u.m.o.w... .p.r.a.w.n... .m.i...d.z.y. .n.a.m.i. .a. .U.|.y.t.k.o.w.n.i.k.i.e.m. .. .z.a.i.n.s.t.a.l.o.w.a.n.i.e. .n.a.s.z.e.g.o. .O.p.r.o.g.r.a.m.o.w.a.n.i.a. .l.u.b. .u.z.y.s.k.a.n.i.e. .d.o. .n.i.e.g.o. .d.o.s.t...p.u. .j.e.s.t. .r...w.n.o.z.n.a.c.z.n.e. .z. .z.a.a.k.c.e.p.t.o.w.a.n.i.e.m. .n.i.n.i.e.j.s.z.y.c.h. .w.a.r.u.n.k...w.,. .w. .z.w.i...z.k.u. .z. .c.z.y.m. .p.r.o.s.i.m.y. .o. .u.w.a.|.n.e. .z.a.p.o.z.n.a.n.i.e. .s.i... .z. .t.r.e.[.c.i... .d.o.k.u.m.e.n.t.u... ...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-pt-BR.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2603), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):91306
                                                                                                                                                                                                                                                  Entropy (8bit):3.4652957363909573
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:f8Wc1lp2b6cXQJ6rHcTCGXPF3zzhTOJpy0WlLyd5S+tKIbTw3ZurbNlar+wHmCY8:f7HceS+3bTrb/R6mdyZ
                                                                                                                                                                                                                                                  MD5:53E6AB1DBC04F90855A804EB0FDE8BD6
                                                                                                                                                                                                                                                  SHA1:670903185FE8323A590E521B37CF053FB493DD2D
                                                                                                                                                                                                                                                  SHA-256:DF12D8D8C608B9C97637F8B40D34AAE67B828A6647DC96D866921EA2A8FEE557
                                                                                                                                                                                                                                                  SHA-512:3917E69341F37DA4F56772CC0CB1B9B0A5507B3A147036081CD474887442DEFE25AB2972C1E21142F16EADFB29D0F9F72053EF532CC54410ED6552F1E4DA5F7C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........A.g.r.a.d.e.c.e.m.o.s. .p.o.r. .u.t.i.l.i.z.a.r. .o. .s.o.f.t.w.a.r.e. .e. .o.s. .s.e.r.v.i...o.s. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".S.o.f.t.w.a.r.e.".).,. .f.o.r.n.e.c.i.d.o. .p.e.l.a. .M.c.A.f.e.e.,. .u.m.a. .s.u.b.s.i.d.i...r.i.a. .i.n.t.e.g.r.a.l. .d.a. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. ... .u.m. .c.o.n.t.r.a.t.o. .l.e.g.a.l. .e.n.t.r.e. .n...s.:. .a.o. .i.n.s.t.a.l.a.r. .o.u. .a.c.e.s.s.a.r. .n.o.s.s.o. .S.o.f.t.w.a.r.e.,. .s.i.g.n.i.f.i.c.a. .a. .s.u.a. .c.o.n.c.o.r.d...n.c.i.a. .c.o.m. .e.s.t.e.s. .t.e.r.m.o.s.,. .d.e. .f.o.r.m.a. .q.u.e. .v.o.c... .d.e.v.e. .l...-.l.o.s. .c.o.m. .a. .m...x.i.m.a. .a.t.e.n.....o... .........E.s.t.e. .C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.".C.o.n.t.r.a.t.o.".). .c.o.b.r.e. .s.e.u.s. .d.i.r.e.i.t.o.s. .d.e. .u.t.i.l.i.z.a.....o. .d.o. .S.o.f.t.w.a.r.e.,. .r.e.s.t.r.i.....e.s. .a. .e.s.s.e. .u.s.o.,. .o. .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-pt-PT.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2536), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):96486
                                                                                                                                                                                                                                                  Entropy (8bit):3.474385310343869
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:GfDawY1TqufUqhbQGb0jiATGoeQmiBKTVIsFdf:2DetR
                                                                                                                                                                                                                                                  MD5:95C81C2F7BE9EC7FB3AFBFDFF70D14B3
                                                                                                                                                                                                                                                  SHA1:A50B146F43C5E0F716B0E40D5F21BBDCD70C4E27
                                                                                                                                                                                                                                                  SHA-256:9E74B00324D9A91001B43D72EC2BD8C8D3310200B201A8155FABF20CA91BCF7C
                                                                                                                                                                                                                                                  SHA-512:42E9DC893BEB007184B0BAC34108AD7D8EA04CE155093195CB56FF6CF52FE9364109ABBD2A9FF820CCE673FE73F86B577499C89B798AC889CD4CE76B1FB45A2E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........O.b.r.i.g.a.d.o. .p.o.r. .u.t.i.l.i.z.a.r. .o. .s.o.f.t.w.a.r.e. .e. .o.s. .s.e.r.v.i...o.s. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.w.a.r.e.. ). .f.o.r.n.e.c.i.d.o.s. .p.e.l.a. .M.c.A.f.e.e.,. .u.m.a. .s.u.b.s.i.d.i...r.i.a. .t.o.t.a.l.m.e.n.t.e. .d.e.t.i.d.a. .p.e.l.a. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .E.s.t.e. .d.o.c.u.m.e.n.t.o. .c.o.n.s.i.s.t.e. .n.u.m. .c.o.n.t.r.a.t.o. .l.e.g.a.l. .e.n.t.r.e. .a.m.b.a.s. .a.s. .p.a.r.t.e.s.. a.o. .i.n.s.t.a.l.a.r. .o.u. .a.o. .a.c.e.d.e.r. .a.o. .n.o.s.s.o. .S.o.f.t.w.a.r.e. .e.s.t... .a. .c.o.n.c.o.r.d.a.r. .c.o.m. .o.s. .p.r.e.s.e.n.t.e.s. .t.e.r.m.o.s.,. .p.o.r. .i.s.s.o.,. .l.e.i.a.-.o.s. .a.t.e.n.t.a.m.e.n.t.e... .........O. .p.r.e.s.e.n.t.e. .C.o.n.t.r.a.t.o. .d.e. .L.i.c.e.n...a. .d.o. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. C.o.n.t.r.a.t.o.. ). .i.n.c.l.u.i. .o.s. .s.e.u.s. .d.i.r.e.i.t.o.s. .d.e. .u.t.i.l.i.z.a.....o. .d.o. .S.o.f.t.w.a.r.e.,. .r.e.s.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-ru-RU.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2934), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):105274
                                                                                                                                                                                                                                                  Entropy (8bit):3.9253511414203475
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:Zrlkl/OV57V/gTNKukdeCNCaM2sJCX7Zh7Ft7yvFsknxFFNZ6AJTaFkke2bnMBqV:JfRpOEZhc8LSQ0PnmEw
                                                                                                                                                                                                                                                  MD5:6C84B834B887139049C5504670366472
                                                                                                                                                                                                                                                  SHA1:25BBF94DFD8C58DB8B5BF7B4FECDB71C9FBC5FDF
                                                                                                                                                                                                                                                  SHA-256:AA6A72816341C265F4A0EA77349E16AB8BDCADCD94DEAFA2D3DE6B36EB0B7CD9
                                                                                                                                                                                                                                                  SHA-512:224CD295FCA574AFAA21233BE5488F35C8F509D608E0A3F87B9A8E1B62F740CDCC248855102D1F04E51136E1C6A227466DA2DC7064CFF7C0DD8065F639F24C53
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:....8.F.5.=.7.8.>.=.=.>.5. .A.>.3.;.0.H.5.=.8.5. .4.;.O. .?.@.>.3.@.0.<.<.=.>.3.>. .>.1.5.A.?.5.G.5.=.8.O. .I.n.t.e.l. .S.e.c.u.r.i.t.y...........;.0.3.>.4.0.@.8.<. ...0.A. .7.0. .8.A.?.>.;.L.7.>.2.0.=.8.5. .?.@.>.3.@.0.<.<.=.>.3.>. .>.1.5.A.?.5.G.5.=.8.O. .8. .A.;.C.6.1. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(."...@.>.3.@.0.<.<.=.>.5. .>.1.5.A.?.5.G.5.=.8.5.".).,. .?.@.5.4.>.A.B.0.2.;.O.5.<.K.E. .:.>.<.?.0.=.8.5.9. .M.c.A.f.e.e. .. .4.>.G.5.@.=.5.9. .:.>.<.?.0.=.8.5.9.,. .=.0.E.>.4.O.I.5.9.A.O. .2. .?.>.;.=.>.9. .A.>.1.A.B.2.5.=.=.>.A.B.8. .:.>.@.?.>.@.0.F.8.8. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... ...0.=.=.K.9. .4.>.:.C.<.5.=.B. .?.@.5.4.A.B.0.2.;.O.5.B. .N.@.8.4.8.G.5.A.:.>.5. .A.>.3.;.0.H.5.=.8.5. .<.5.6.4.C. .=.0.<.8... .#.A.B.0.=.>.2.:.0. .8.;.8. .4.>.A.B.C.?. .:. .=.0.H.5.<.C. ...@.>.3.@.0.<.<.=.>.<.C. .>.1.5.A.?.5.G.5.=.8.N. .>.1.>.7.=.0.G.0.N.B. ...0.H.5. .A.>.3.;.0.A.8.5. .A. .C.A.;.>.2.8.O.<.8. .M.B.>.3.>. .A.>.3.;.0.H.5.=.8.O.,. .?.>.M.B.>.<.C. .2.=.8.<.0.B.5.;.L.=.>. .>.7.=.0.:.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-sk-SK.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2701), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):89572
                                                                                                                                                                                                                                                  Entropy (8bit):3.733984219681676
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:plH9miYwq9hpeKK283X97rpcvXctx1qDQDupSMeylm5Wq0FGQueLS9FpSzvFgxS6:pPfqU7AcD1/DmDqOrS9FpkXvaGOtdx
                                                                                                                                                                                                                                                  MD5:D70C08567DD28293CF26FC845C86A8DE
                                                                                                                                                                                                                                                  SHA1:D30264B5DAE3D20F09E13BFEE306BBF10699A9FA
                                                                                                                                                                                                                                                  SHA-256:B1594471911399202D2F1993F38ADC97C6E4F2B4645DAC1AE12E7574A56F4CD7
                                                                                                                                                                                                                                                  SHA-512:E7665ADFEB32A03F83736A5E49DA876C898F8B8E5A023FA36141E105E49D0D23F7319EAACD6D53367FFCA023BF5D32215A50D954799CF8B9350BA0AB64EBB054
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..L.i.c.e.n...n... .z.m.l.u.v.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y...........a.k.u.j.e.m.e. .v...m. .z.a. .p.o.u.~...v.a.n.i.e. .s.o.f.t.v...r.u. .a. .s.l.u.~.i.e.b. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.v...r.. ).,. .p.o.s.k.y.t.o.v.a.n...c.h. .s.p.o.l.o...n.o.s.e.o.u. .M.c.A.f.e.e.,. .k.t.o.r... .j.e. .d.c...r.s.k.o.u. .s.p.o.l.o...n.o.s.e.o.u. ...p.l.n.e. .v.l.a.s.t.n.e.n.o.u. .s.p.o.l.o...n.o.s.e.o.u. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .T.o.t.o. .j.e. .p.r...v.n.a. .z.m.l.u.v.a. .m.e.d.z.i. .n.a.m.i. .. .i.n.a.t.a.l...c.i.o.u. .a.l.e.b.o. .p.r...s.t.u.p.o.v.a.n...m. .k. .n...a.m.u. .S.o.f.t.v...r.u. .s...h.l.a.s...t.e. .s. .t...m.i.t.o. .p.o.d.m.i.e.n.k.a.m.i.,. .t.a.k.~.e. .s.i. .i.c.h.,. .p.r.o.s...m.,. .p.o.z.o.r.n.e. .p.r.e.....t.a.j.t.e... .........T...t.o. .L.i.c.e.n...n... .z.m.l.u.v.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(...a.l.e.j. .l.e.n. .. Z.m.l.u.v.a.. ). .s.a. .v.z.e.a.h.u.j.e. .n.a. .v.a.a.e. .p.r...v.a. .n.a. .p.o.u.~...v.a.n.i.e. .S.o.f.t.v...r.u.,. .o.b.m.e.d.z.e.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-sr-Latn-CS.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2634), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):88356
                                                                                                                                                                                                                                                  Entropy (8bit):3.578074617368606
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:1PXzqxuAlAEnb93roW/JxeTYZ9/sn7/87/FXoQEHVX/Z0S/ja:dWVkTmR1b
                                                                                                                                                                                                                                                  MD5:59FC5F3BD9A87AE9413F2FE477EC3FDE
                                                                                                                                                                                                                                                  SHA1:BFC3646E09C23F6DA7A28FDE78B76931BB1A97BA
                                                                                                                                                                                                                                                  SHA-256:A9CC5B406D73552009F63842964E73E3A614F0A777B8403BA0D55BE85A8129C3
                                                                                                                                                                                                                                                  SHA-512:E1494204F3D87892886422919F3CEAAA708981649E69910082353601BCD9CB58D3367DB8CA291D27486B6C467EA71B36E98BE468A43005DAFD5DC7F34EF917FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..U.g.o.v.o.r. .o. .l.i.c.e.n.c.i.r.a.n.j.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........H.v.a.l.a. .v.a.m. .a.t.o. .k.o.r.i.s.t.i.t.e. .s.o.f.t.v.e.r. .i. .u.s.l.u.g.e. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. S.o.f.t.v.e.r.. ).,. .k.o.j.i. .o.b.e.z.b.e...u.j.e. .k.o.m.p.a.n.i.j.a. .M.c.A.f.e.e.,. .p.o.d.r.u.~.n.i.c.a. .u. .p.o.t.p.u.n.o.m. .v.l.a.s.n.i.a.t.v.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .O.v.o. .j.e. .p.r.a.v.n.i. .u.g.o.v.o.r. .i.z.m.e...u. .n.a.s. .. .i.n.s.t.a.l.i.r.a.n.j.e. .n.a.a.e.g. .S.o.f.t.v.e.r.a. .i.l.i. .p.r.i.s.t.u.p.a.n.j.e. .n.j.e.m.u. .z.n.a...i. .d.a. .p.r.i.h.v.a.t.a.t.e. .o.v.e. .u.s.l.o.v.e.,. .p.a. .i.h. .s.t.o.g.a. .p.a.~.l.j.i.v.o. .p.r.o...i.t.a.j.t.e... .........O.v.a.j. .U.g.o.v.o.r. .o. .l.i.c.e.n.c.i.r.a.n.j.u. .k.o.m.p.a.n.i.j.e. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. U.g.o.v.o.r.. ). .p.o.k.r.i.v.a. .v.a.a.a. .p.r.a.v.a. .d.a. .k.o.r.i.s.t.i.t.e. .S.o.f.t.v.e.r.,. .o.g.r.a.n.i...e.n.j.a. .t.o.g. .k.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-sv-SE.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2632), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):89704
                                                                                                                                                                                                                                                  Entropy (8bit):3.503772885574125
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:dcFeHhjwanoMWVOjxKI+psB/YgpnuIbVGml:WFCwKWsQgp1
                                                                                                                                                                                                                                                  MD5:A94B5016A1C36889003DCB74084BE0E8
                                                                                                                                                                                                                                                  SHA1:E0E6FA59216BE5F45EB1633D566A1BA10C2AD340
                                                                                                                                                                                                                                                  SHA-256:5E51ADC76C5CBAAC85C47732B15FA9D15435F6EC8A865E1B84D670149D752F58
                                                                                                                                                                                                                                                  SHA-512:0897F2C7F7719D3A71552B8F1303DB8A00FD45A32CDC5E26AED1CEDDD5F18F302B8D09F781F8D5C45E9F170CEB4B060CFE11636FB3F513121BED02CCE76AD41A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..L.i.c.e.n.s.a.v.t.a.l. .f...r. .I.n.t.e.l. .S.e.c.u.r.i.t.y.........T.a.c.k. .f...r. .a.t.t. .d.u. .a.n.v...n.d.e.r. .p.r.o.g.r.a.m.v.a.r.a.n. .o.c.h. .t.j...n.s.t.e.r.n.a. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. P.r.o.g.r.a.m.v.a.r.a.n.. ). .f.r...n. .M.c.A.f.e.e.,. .e.t.t. .h.e.l...g.t. .d.o.t.t.e.r.b.o.l.a.g. .t.i.l.l. .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n... .N...r. .d.u. .i.n.s.t.a.l.l.e.r.a.r. .e.l.l.e.r. .a.n.v...n.d.e.r. .P.r.o.g.r.a.m.v.a.r.a.n. .g.o.d.k...n.n.e.r. .d.u. .a.u.t.o.m.a.t.i.s.k.t. .v.i.l.l.k.o.r.e.n.,. .s... .l...s. .n.o.g.a. .i.g.e.n.o.m. .d.e.m. .f...r.s.t... .D.e.t.t.a. ...r. .e.t.t. .b.i.n.d.a.n.d.e. .j.u.r.i.d.i.s.k.t. .a.v.t.a.l. .o.s.s. .e.m.e.l.l.a.n... .........D.e.t.t.a. .L.i.c.e.n.s.a.v.t.a.l. .f...r. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .(.. A.v.t.a.l.e.t.. ). .r.e.g.l.e.r.a.r. .d.i.n.a. .r...t.t.i.g.h.e.t.e.r. .i. .s.a.m.b.a.n.d. .m.e.d. .a.n.v...n.d.n.i.n.g. .a.v. .P.r.o.g.r.a.m.v.a.r.a.n.,. .e.v.e.n.t.u.e.l.l.a. .b.e.g.r...n.s.n.i.n.g.a.r. .i. .a.n.v...n.d.n.i.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-tr-TR.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (2527), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):89572
                                                                                                                                                                                                                                                  Entropy (8bit):3.761887651307163
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:U4WLetFwU8STnnWH0I9fkl7+JaRtbJHGdnC2vJfPI9n9AkllkhZBYziG/xJd8oSc:UjLetFwbSTnnWH0IdkN+JaRt0dnC2xI1
                                                                                                                                                                                                                                                  MD5:91C06A443F143BAE210CF6BA678B2813
                                                                                                                                                                                                                                                  SHA1:829A9B675F5D12E6C9BCB9751A8B2167A701B610
                                                                                                                                                                                                                                                  SHA-256:D454E9D22FA1413F35EF41BEE944300FE3776EE55CD8A41BFE588FC1A86A36F6
                                                                                                                                                                                                                                                  SHA-512:7C014F1AC0AA7BC2EC7124BF5C5DC13168EEE98EBE2C3A387C67E318798EB58A09817753956E8F6206505AFEB0C63AD759AD31E6F977874B97F237D72F433454
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.s.a.n.s. .S...z.l.e._.m.e.s.i.........I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n.. 1.n. .y...z.d.e. .y...z. .i._.t.i.r.a.k.i. .o.l.a.n. .M.c.A.f.e.e. .t.a.r.a.f.1.n.d.a.n. .s.a...l.a.n.a.n. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .y.a.z.1.l.1.m.1. .v.e. .h.i.z.m.e.t.l.e.r.i.n.i. .(.. Y.a.z.1.l.1.m.. ). .k.u.l.l.a.n.d.1...1.n.1.z. .i...i.n. .t.e._.e.k.k...r. .e.d.e.r.i.z... .Y.a.z.1.l.1.m.1.m.1.z.1.n. .k.u.r.m.a.n.1.z. .v.e.y.a. .Y.a.z.1.l.1.m.1.m.1.z.a. .e.r.i._.i.m. .s.a...l.a.m.a.n.1.z. .a.r.a.m.1.z.d.a.k.i. .b.u. .y.a.s.a.l. .s...z.l.e._.m.e.n.i.n. .i.l.g.i.l.i. .h...k...m.l.e.r.i.n.i. .k.a.b.u.l. .e.t.t.i...i.n.i.z. .a.n.l.a.m.1.n.a. .g.e.l.e.c.e...i.n.d.e.n.,. .l...t.f.e.n. .b.u.n.l.a.r.1. .d.i.k.k.a.t.l.i.c.e. .o.k.u.y.u.n... .........0._.b.u. .I.n.t.e.l. .S.e.c.u.r.i.t.y. .L.i.s.a.n.s. .S...z.l.e._.m.e.s.i. .(.. S...z.l.e._.m.e.. ). .Y.a.z.1.l.1.m.1.n. .k.u.l.l.a.n.1.l.m.a.s.1.n.a. .i.l.i._.k.i.n. .h.a.k.l.a.r.1.n.1.z.1.,. .s...z. .k.o.n.u.s.u. .k.u.l.l.a.n.1.m.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-zh-CN.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (873), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):27048
                                                                                                                                                                                                                                                  Entropy (8bit):6.7933720259471135
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:dGlhiqpYn3S6kZ5pZsM1SDo9P0VSpjzjW+EpgLDR5CCaGdYQ:dWDuIVZsM19DjzjW+EpgLN5qvQ
                                                                                                                                                                                                                                                  MD5:E40ED8A73802CBA2C7E94C103AF9B29E
                                                                                                                                                                                                                                                  SHA1:CD42A5567397259E1F59D2739C7E7F65CCA2B13B
                                                                                                                                                                                                                                                  SHA-256:6C6A08446A815E7595100C3A6BAC95DE406057CFCD32856378EEC0828F60D4D3
                                                                                                                                                                                                                                                  SHA-512:B24F225F71F0641CD0E71508144821C6E4BA8F7DE6D5CE8990953B74236EA22F53CCCA5BC52A5B9CB40DEC07158222982993D07467AF459EC279C08CB73C853D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ....SOS...........a"..`.O(u1u .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. ..vhQD.P[lQ.S .M.c.A.f.e.e. ..c.O.v .I.n.t.e.l. .S.e.c.u.r.i.t.y. .o..N.T.g.R... o..N. ...0 ../f.`.N.b.NKN...v.l._OS.....[..b....b.N.v. o..N. ..sSh.:y.`.T.a..Nag>k...Vdk...N.~.....0 .........,g .I.n.t.e.l. .S.e.c.u.r.i.t.y. ....SOS..... OS... ...m.v.`.O(u. o..N. .vCg)R.0.O(uP.6R.0.b.N.R.~..v^1\. o..N. .v.N9.Hr,g.b.R...T.`6e9..vCg)R...N.S.`.T.a....N...Q.b.NKN...S...N.u.v.NUO.N...0 .,gOS...S+T.b.N.v...y.X.fI{D..Rag>k.v...c .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.c.h.i.n.e.s.e.-.s.i.m.p.l.i.f.i.e.d./.i.n.d.e.x...h.t.m.).....Nag>k._.....v^qQ.T.g.b..(u.N.`.v,g.l._OS...0 ..V.[/.0W:Syr.[.vag>kMO.NOS...v.g.T.Nag.0 ..........Y.g.`*g.n .1.8. ..\...l.g.`.v6r.k.b.v.b.N...N.N._{.HQ.c.S,gOS..v^.Nh..`.{.t. o..N. ...v.T.a...`.N._.O(u. o..N. .b.T.b.N.c.O.`.v*N.N.Oo`.0 .........1......c.S,gOS...T.O9e .. .US.Q. .c.S. .c...b.[.. o..N. ..sSh.:y.`.eag.N.T.a.S,g

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\eula-zh-TW.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (904), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):27300
                                                                                                                                                                                                                                                  Entropy (8bit):6.852328782163936
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:RLcNdFNy9pQbexWBTeP5s8FmxoFfEgQSPsxFHMOKQZgTmLL/ytmq/V:Rcf6w3BKx/hagQSPsxtKjTmY
                                                                                                                                                                                                                                                  MD5:992019F123EDA3E9D332E2B974ED1809
                                                                                                                                                                                                                                                  SHA1:5A307D4BCB62D6EE451B29B31C8A4B6BBCF8606C
                                                                                                                                                                                                                                                  SHA-256:52D00E90DFA554AE761BC820D5CC119A56963CFF95266194C80E4BBE0FC2CC18
                                                                                                                                                                                                                                                  SHA-512:5198EDD5ADB84D60CC39D26BE1169B6F21115CD5791FA98909EC5FFEA5AC0D54E8CDC2D67D6F04F8FF14471188F0E2459E946DD7A2CDA069BCD6A7EBDAF42ABF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..I.n.t.e.l. .S.e.c.u.r.i.t.y. ..c.k.T.}.........a...`.O(u1u .I.n.t.e.l. .C.o.r.p.o.r.a.t.i.o.n. .hs.P[lQ.S .M.c.A.f.e.e. ..c.O.v .I.n.t.e.l. .S.e.c.u.r.i.t.y. ......g.R...0...0...0 .../f.`...b.PKN...v.l._.T.} .. ..[..bX[.S.b.P.v.0...0..sSh.:y.`.T.a...N.h>k...Vdk..N0}.....0 .........,g .I.n.t.e.l. .S.e.c.u.r.i.t.y. ..c.k.T.}...0.T.}.0...m..`.O(u.0...0.v.k)R.0.O(uP.6R.0.b.P..R.~..&N1\.0...0.v.N..Hr,g.b.R...T.`6e...v.k)R...N.S.`.T.a..N..N...zl.b.PKN...S.."u.u.v.NUO-rp..0 ..b.P.].S.b.b.P.v...y.kr..fI{D..R.h>k.v#.P} .(.h.t.t.p.s.:././.w.w.w...m.c.a.f.e.e...c.o.m./.c.o.m.m.o.n./.p.r.i.v.a.c.y./.c.h.i.n.e.s.e.-.t.r.a.d.i.t.i.o.n.a.l./.i.n.d.e.x...h.t.m.)......N.h>k._.....&NqQ.T.i.bi.(u.e.`.v,g.l._.T.}.0 ..W.[/.0W@Syr.[.v.h>kMO.e.T.}.v.g._.N.h.0 ..........Y.g.`*g.n .1.8. .rk...l.g.`.v6r.k.b.vw..N...N.P._..HQ.c.S,g.T.}&N.Nh..`.{.t.0...0...v.T.a...`.N..AQ1..O(u.0...0.b.T.b.P.c.O.`.v.P.N....0 .........1......c.S,g.T.}.T.O9e .. ..c.N.0.c.S.0.c...b.[..0...0..sSh.:y.`!q.h

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3039
                                                                                                                                                                                                                                                  Entropy (8bit):5.584549435681096
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3HNBDTH2dKcmPEG445Y1I8knQ5l6GGAlpfkPlC0XnslNE0wJZGl31KzEImtumzcc:3tuKJsG4450I8ksl6IlpfUlC0XslNE7I
                                                                                                                                                                                                                                                  MD5:F3A5029C7AF82837AC07608AF5AB874E
                                                                                                                                                                                                                                                  SHA1:5D2DCA52BB24BAF4BA244CF0774A39B5D32F45DF
                                                                                                                                                                                                                                                  SHA-256:E38D92D43EC339994C92CA684C687600BFDB3DF89A6892C11883E7B56FB9C5E7
                                                                                                                                                                                                                                                  SHA-512:F157BD3C10A7C6F9AAEE73998670DF683A795451799C498EB4B3D179EA048A35422AE716DD2D0E737051111097A4B0D02129683524ABE047C15BE4B2C94F42AE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licen.n. smlouva",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "P.e.etl(a) jsem si licen.n. smlouvu a souhlas.m s n..",.. //{0} - Company name.. THANK_YOU: "D.kujeme, .e jste si vybrali {0}",.. INSTALL: "Instalovat",.. CANCEL: "Zru.it",.. RETRY: "Zkusit znovu",.. DONE: "Hotovo",.. //{0} - Product name.. PROGRESS_TITLE: "Produkt {0} je v.. osobn. bezpe.nostn. poradce p.i proch.zen. internetu.",.. PROGRESS_SUBTITLE: "Instalace...",.. COMPLETE_TITLE: "V.born.! Dokon.ili jsme instalaci osobn.ho online poradce.",.. COMPLETE_SUBTITLE: "V.e p.ipraveno",.. COMPLETE_LAUNCH: "Otev..t prohl..e.",.. ERROR_OS_REQUIREMENTS: "V instalaci nen. mo.n. pokra.ovat, proto.e v.. opera.n. syst.m nespl.uje minim.ln. syst.mov. po.adavky. Prove.te aktualizaci a zkuste to znovu.",.. ERROR_BROWSER_REQUIREMENTS: "V instalaci nen. mo.n. pokra.ovat, proto.e v.. prohl..e. nespl

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2750
                                                                                                                                                                                                                                                  Entropy (8bit):5.30356527863537
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3blK55gOog4oCwdO1nE4Zx7eOIcvKV+VvKVHQfHbd+LnoEnE/jshVcKV+v2hQOsX:3blSgwhsx6OI6Pzfp+dErsM2kL/zMVsb
                                                                                                                                                                                                                                                  MD5:470EDE85B44EBF458DDBE6F9F7BB2B5B
                                                                                                                                                                                                                                                  SHA1:4B0064A1E3D3A4ECB724D76005A2FAC29CA98BEC
                                                                                                                                                                                                                                                  SHA-256:BE64067C90C5F001065ED8BB8EFFF5ADCD4E1F51FB68D836C7B006CFD2EE1231
                                                                                                                                                                                                                                                  SHA-512:66278668B6420352FF1BAB40C10F8B11C427B52B90C39039CE3F621C1D20EFAB85FC7945021A2D6C1885EA469377323310573E90832DDAED66C95A2BC2C4A8BB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "licensaftale",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jeg har l.st og accepterer licensaftalen",.. //{0} - Company name.. THANK_YOU: "Tak, fordi du valgte {0}",.. INSTALL: "Installer",.. CANCEL: "Annuller",.. RETRY: "Pr.v igen",.. DONE: "F.rdig",.. //{0} - Product name.. PROGRESS_TITLE: "{0} er din personlige sikkerhedsr.dgiver, uanset hvad du foretager dig online.",.. PROGRESS_SUBTITLE: "installerer ...",.. COMPLETE_TITLE: "Super! Din personlige onliner.dgiver er blevet installeret.",.. COMPLETE_SUBTITLE: "Klar til brug",.. COMPLETE_LAUNCH: ".bn browser",.. ERROR_OS_REQUIREMENTS: "Installationen kan ikke forts.tte, fordi dit operativsystem ikke opfylder minimumskravene. Opdater det, og pr.v igen.",.. ERROR_BROWSER_REQUIREMENTS: "Installationen kan ikke forts.tte, fordi din browser ikke opfylder minimumskravene. Opdater din browser, og pr.v igen.",.. ERROR_VERSION: "Der er allerede e

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3119
                                                                                                                                                                                                                                                  Entropy (8bit):5.263823184445253
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:36u+Npa+LIkjy9uRfJZHgf3hz0i2kTCyuyt0pWUOt:36Dpam3e6J9gvhz0i2PygOt
                                                                                                                                                                                                                                                  MD5:CF761E54EEB153F8D82C500A4769E2AC
                                                                                                                                                                                                                                                  SHA1:E7F4B6ED0EC302F5D7307F374CDC1963169AD847
                                                                                                                                                                                                                                                  SHA-256:91E289DF7673C8055F98A1097CC2EB4B7AB243095FFB0D6D775C80718B449EA7
                                                                                                                                                                                                                                                  SHA-512:E08535F7729CEAC31D940B8FCB7DADFE1B522596D0DA1295586290F916CDB377B945D85120CE9110F700E918C9878E664C95F33AA9427B6DDA9FA636B9F8EBF6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lizenzvertrag",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ich habe den Lizenzvertrag gelesen und stimme ihm zu.",.. //{0} - Company name.. THANK_YOU: "Vielen Dank, dass Sie sich f.r {0} entschieden haben.",.. INSTALL: "Installieren",.. CANCEL: "Abbrechen",.. RETRY: "Erneut versuchen",.. DONE: "Fertig",.. //{0} - Product name.. PROGRESS_TITLE: "{0} ist Ihr pers.nlicher Berater f.r Online-Sicherheit.. zu Hause und unterwegs.",.. PROGRESS_SUBTITLE: "Installation l.uft...",.. COMPLETE_TITLE: "Wunderbar! Ihr pers.nlicher Berater f.r Online-Sicherheit ist installiert.",.. COMPLETE_SUBTITLE: "Fertig",.. COMPLETE_LAUNCH: "Meinen Browser .ffnen",.. ERROR_OS_REQUIREMENTS: "Ihre Installation kann nicht fortgesetzt werden, da Ihr Betriebssystem nicht die Mindestsystemanforderungen erf.llt. Bitte aktualisieren Sie es, und versuchen Sie es erneut.",.. ERROR_BROWSER_REQUIREMENTS: "Ihre Installation kann

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4568
                                                                                                                                                                                                                                                  Entropy (8bit):4.938030579645634
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:3CL8S9mqS51CrYI1avgbfflo3uSAmQiRdjzkrMBGrmyyeyZUf:3Q9u51CrYmavg7flMdjzkry2my7yZQ
                                                                                                                                                                                                                                                  MD5:790E186D6F2DEF3CA6EA55392DF0655E
                                                                                                                                                                                                                                                  SHA1:42ACA36E1416CDAE2463DC0E47714592F57A7697
                                                                                                                                                                                                                                                  SHA-256:AC37E16D3FCE1598D6321143CBF733EC472B2D0663031C6BB51150D4735E9630
                                                                                                                                                                                                                                                  SHA-512:D3E641D4484F430B3E5C1421A7F093EE1CF2558E264CC7A9EBC5FE1EAEDFB29B42B70828F4579682218DDF756A263E56FFE8A4F07416A3B6A6666A4A5571EC4B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "........ ...... ......",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "... ........ ... .......... .. ........ ...... ......",.. //{0} - Company name.. THANK_YOU: "... ............ ... ......... {0}",.. INSTALL: "...........",.. CANCEL: ".......",.. RETRY: "......... ....",.. DONE: ".....",.. //{0} - Product name.. PROGRESS_TITLE: ".. {0} ..... . .......... ... ......... ......... .... .. .. ......... ... ..........",.. PROGRESS_SUBTITLE: ".......... ..............",.. COMPLETE_TITLE: "......! ...... ............ ... ......... ... ........... .........",.. COMPLETE_SUBTITLE: "......",.. COMPLETE_LAUNCH: "....... ... ...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2642
                                                                                                                                                                                                                                                  Entropy (8bit):5.26126673440905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3TmE5KCrHEAvhhIDX6uSBf15aN+conkQt52fEZhozWZIMJJZ1G1gPWJjm7VJ5ZNz:33NIAphIzqfE+c6bZhozqxJZXtbNz
                                                                                                                                                                                                                                                  MD5:2ECA66E2E06EB81CB19B754D062422EE
                                                                                                                                                                                                                                                  SHA1:247B9A7EEB7B53DF79DC2EEB1D436F4A7FA3C21D
                                                                                                                                                                                                                                                  SHA-256:AC9A2B4DFC0C1D8BF9804B677383281586D590B47B92BB114E2DCF70FEF418D6
                                                                                                                                                                                                                                                  SHA-512:D36E793F7DEA8A6C1B29E1578604E0E56FD5CBC74A1E9BE312F5A45D5E02011DED191F38C4A74F5926008ABFB42A48ECB0CB477EAE2238F3E0B3C6EBCC1C3839
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "License Agreement",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "I have read and agree to the License Agreement",.. //{0} - Company name.. THANK_YOU: "Thank you for choosing {0}",.. INSTALL: "Install",.. CANCEL: "Cancel",.. RETRY: "Try Again",.. DONE: "Done",.. //{0} - Product name.. PROGRESS_TITLE: "{0} is your personal safety advisor wherever you go online.",.. PROGRESS_SUBTITLE: "Installing...",.. COMPLETE_TITLE: "Great! We've installed your personal online advisor.",.. COMPLETE_SUBTITLE: "Ready to go",.. COMPLETE_LAUNCH: "Open my browser",.. ERROR_OS_REQUIREMENTS: "Your installation cannot continue because your operating system does not meet the minimum system requirements. Please update it and try again.",.. ERROR_BROWSER_REQUIREMENTS: "Your installation cannot continue because your browser does not meet our minimum system requirements. Please update your browser and try again.",.. ERROR_VERSIO

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2710
                                                                                                                                                                                                                                                  Entropy (8bit):5.245237571526594
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3Vu7DIIaj1E01NIsNIwfQ6+YHPCEfgDy5zxIhJoPlZ8RyJF4WmHnw:3Vq8IR01NIszfQ6+ObfgDizxOJoPlmRk
                                                                                                                                                                                                                                                  MD5:89D30F4BD6DC4040FE6E7D2DAECF82C5
                                                                                                                                                                                                                                                  SHA1:EA2FFB4EE0F55D156C2C2061C8059FA294070C8F
                                                                                                                                                                                                                                                  SHA-256:9C1FB5137870E54808DCCE19310B012CC0FBEAD46E5529F3D7649030101126C3
                                                                                                                                                                                                                                                  SHA-512:381763224AEC521DD5F0DFB7D28E4CD208E5FE5777F666E07803D6E81B6BD0EE1D82E24E2A8010FB5DE4786F446F182DD73C79E623A4ADEF84D7BA11DAA02F7C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrato de Licencia",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "He le.do y acepto el Contrato de Licencia",.. //{0} - Company name.. THANK_YOU: "Gracias por elegir {0}.",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Reintentar",.. DONE: "Listo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} es tu asesor personal de seguridad vayas donde vayas en Internet.",.. PROGRESS_SUBTITLE: "Instalando... ",.. COMPLETE_TITLE: ".Genial! Hemos instalado tu asesor personal online.",.. COMPLETE_SUBTITLE: "Listo para empezar",.. COMPLETE_LAUNCH: "Abrir mi navegador",.. ERROR_OS_REQUIREMENTS: "Tu instalaci.n no puede continuar porque tu sistema operativo no cumple los requisitos m.nimos del sistema. Actual.zalo e int.ntalo de nuevo.",.. ERROR_BROWSER_REQUIREMENTS: "Tu instalaci.n no puede continuar porque tu navegador no cumple nuestros requisitos m.nimos del sistema. Actualiza tu navegador e int.n

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2723
                                                                                                                                                                                                                                                  Entropy (8bit):5.254671238185329
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3Vu7DI4aj1EpJJNIsNIwfQQ2jlHPHEq7gDJLzxIhJoPlZ8RyJF4WmfliAHHg:3Vq84RnJNIszfQQ2B8q7gDJLzxOJoPll
                                                                                                                                                                                                                                                  MD5:8E00965B8F656729F6BB69F9DB20BA30
                                                                                                                                                                                                                                                  SHA1:DE6C861649D8D1A272293D12F8355F8801DFF903
                                                                                                                                                                                                                                                  SHA-256:957389B3314E56E86C0F0187AB6380EE5D7658992875754EEB9374D5C3A0868E
                                                                                                                                                                                                                                                  SHA-512:CB7A70DB64A456CBD1D8BDA77E562C2704309A5D469D22729858F66EA6B1C5D995975155C047559FF2E1D3B4826B0C95B7980A2E2A3E76621B3A10A7319C3402
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrato de Licencia",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "He le.do y acepto el Contrato de Licencia",.. //{0} - Company name.. THANK_YOU: "Gracias por elegir {0}.",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Intentarlo de nuevo",.. DONE: "Listo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} es tu asesor personal de seguridad vayas donde vayas en Internet.",.. PROGRESS_SUBTITLE: "Instalando...",.. COMPLETE_TITLE: ".Excelente! Hemos instalado tu asesor personal en l.nea.",.. COMPLETE_SUBTITLE: "Listo para empezar",.. COMPLETE_LAUNCH: "Abrir mi navegador",.. ERROR_OS_REQUIREMENTS: "Tu instalaci.n no puede continuar porque tu sistema operativo no cumple los requisitos m.nimos del sistema. Actual.zalo e int.ntalo de nuevo.",.. ERROR_BROWSER_REQUIREMENTS: "Tu instalaci.n no puede continuar porque tu navegador no cumple nuestros requisitos m.nimos del sistema. Actualiza tu nave

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2740
                                                                                                                                                                                                                                                  Entropy (8bit):5.308093679067159
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3O056PfLCRVyEaXqPs9IYxDT8iwKxp8iElfoKMV7xXTDbtDM57LzTsB1DUozuTI/:3oWvTkqP4IYxHXxZIfXIjC5vUbzzuTCX
                                                                                                                                                                                                                                                  MD5:1C5D948F5088E01097CB94B6BE3989D4
                                                                                                                                                                                                                                                  SHA1:34714E6BBDF90CA78F4B2130FEBA690223ED2A4A
                                                                                                                                                                                                                                                  SHA-256:EE036B98E8935B09A98A4971CC1EA00EB379273F8B75611FBCD403A18D2DB0DE
                                                                                                                                                                                                                                                  SHA-512:C373659C5DEC792EFD62A9C1F10A0F409F0D48E2D62A398154F1B7F3EF4B06816AA10D6DFB5581181AB2C8097DCE5333BC81AAAE4C36E7CC678A122285C5A176
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "lisenssisopimuksen",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Olen lukenut lisenssisopimuksen ja hyv.ksyn sen",.. //{0} - Company name.. THANK_YOU: "Kiitos, ett. valintasi oli {0}",.. INSTALL: "Asenna",.. CANCEL: "Peruuta",.. RETRY: "Yrit. uudelleen",.. DONE: "Valmis",.. //{0} - Product name.. PROGRESS_TITLE: "{0} on henkil.kohtainen turvallisuusneuvojasi aina, kun olet verkossa.",.. PROGRESS_SUBTITLE: "Asennetaan.",.. COMPLETE_TITLE: "Loistavaa! Olemme asentaneet henkil.kohtaisen verkkoneuvojasi.",.. COMPLETE_SUBTITLE: "Valmis",.. COMPLETE_LAUNCH: "Avaa selain",.. ERROR_OS_REQUIREMENTS: "Asennusta ei voi jatkaa, koska k.ytt.j.rjestelm.si ei t.yt. j.rjestelm.n v.himm.isvaatimuksia. P.ivit. se ja yrit. uudelleen.",.. ERROR_BROWSER_REQUIREMENTS: "Asennusta ei voi jatkaa, koska selaimesi ei t.yt. j.rjestelm.n v.himm.isvaatimuksia. P.ivit. selain ja yrit. uudelleen.",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2957
                                                                                                                                                                                                                                                  Entropy (8bit):5.29084273603639
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3TtTOo+8f2FWuEqdv5G8I5ybT1IG82ybSTIG8Cfjvz75B8zq5DVMk7LrqbkbGErr:3TCCyWfSv5G8I5WTK2WScCfjvz1mzkKy
                                                                                                                                                                                                                                                  MD5:A36FADC66327107E12C725A415539CBF
                                                                                                                                                                                                                                                  SHA1:3C3381D7EAC7D6EC38793044D1ACCBA8C9094BC8
                                                                                                                                                                                                                                                  SHA-256:5705F5857F4E8BF384F270A56BF32A1F8ECCD99630D2289504797270530973CD
                                                                                                                                                                                                                                                  SHA-512:97974E495E6C6990112FBA80C11900B6B782DFA48C8112759FC1D7469D7EB525F114047B100C666757E690901E3ACD7E35C23E38113144154E99D9DF40E49B88
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "contrat de licence",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "J'ai lu et j'accepte le contrat de licence",.. //{0} - Company name.. THANK_YOU: "Merci d'avoir choisi {0}",.. INSTALL: "Installer",.. CANCEL: "Annuler",.. RETRY: "R.essayer",.. DONE: "Termin.",.. //{0} - Product name.. PROGRESS_TITLE: "{0} est votre conseiller personnel en mati.re de s.curit., o. que vous alliez en ligne.",.. PROGRESS_SUBTITLE: "Installation...",.. COMPLETE_TITLE: "Parfait! Nous avons install. votre conseiller personnel en ligne.",.. COMPLETE_SUBTITLE: "Pr.t . d.marrer",.. COMPLETE_LAUNCH: "Ouvrir mon navigateur",.. ERROR_OS_REQUIREMENTS: "Votre installation ne peut pas se poursuivre, car votre syst.me d'exploitation ne r.pond pas . la configuration minimale requise. Veuillez le mettre . jour et r.essayer.",.. ERROR_BROWSER_REQUIREMENTS: "Votre installation ne peut pas se poursuivre, car votre navigateur

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2953
                                                                                                                                                                                                                                                  Entropy (8bit):5.295545771935365
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3TtTOo+8f2FWuEqLv5G8I5ybT1IG82ybSTIG8Cfjvz75B8zq5DVMk7OxqbkbGErD:3TCCyWfYv5G8I5WTK2WScCfjvz1mzkK7
                                                                                                                                                                                                                                                  MD5:8B60FCE0D6FD3962E148686F21AB4E9A
                                                                                                                                                                                                                                                  SHA1:FFE7DAEFF6A7420BA6E5CAC2D6B2539182799948
                                                                                                                                                                                                                                                  SHA-256:2FAE4BB5432E67F6B47BF2C3E2C5B44CFA56104468602047DE2A19C96923D7DF
                                                                                                                                                                                                                                                  SHA-512:95330E44C94A221CB9B1A25932810259D1DBEA535FE5D5ABAF43BFC8BF65C0625FEF730F78EE9BDCF5F5E1E2C7084C5A54DB5A381A5598D98DB8CD85FA11D89D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "contrat de licence",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "J'ai lu et j'accepte le contrat de licence",.. //{0} - Company name.. THANK_YOU: "Merci d'avoir choisi {0}",.. INSTALL: "Installer",.. CANCEL: "Annuler",.. RETRY: "R.essayer",.. DONE: "Termin.",.. //{0} - Product name.. PROGRESS_TITLE: "{0} est votre conseiller personnel en mati.re de s.curit., o. que vous alliez en ligne.",.. PROGRESS_SUBTITLE: "Installation...",.. COMPLETE_TITLE: "Parfait.! Nous avons install. votre conseiller personnel en ligne.",.. COMPLETE_SUBTITLE: "Pr.t . d.marrer",.. COMPLETE_LAUNCH: "Ouvrir mon navigateur",.. ERROR_OS_REQUIREMENTS: "Votre installation ne peut pas se poursuivre, car votre syst.me d'exploitation ne r.pond pas . la configuration minimale requise. Veuillez le mettre . jour et r.essayer.",.. ERROR_BROWSER_REQUIREMENTS: "Votre installation ne peut pas se poursuivre, car votre navigateu

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2827
                                                                                                                                                                                                                                                  Entropy (8bit):5.347421387804527
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3vFCs47Qs1rDlEjihC7nRIoYwPabwfefNMcLRMGbm6+IN6I1GeRJ2lz1aIIJC5iH:3v8Nd1OjQgRIoYAaMfaNMcLreINJ3fwG
                                                                                                                                                                                                                                                  MD5:C22CF0B54F76C868382282AE594FA364
                                                                                                                                                                                                                                                  SHA1:45E2EC3E57496EB2FC4E1136423DA44BAA044461
                                                                                                                                                                                                                                                  SHA-256:8EB9809593BA4B5248D1FBF0DB7DC5E22F040AC469D882B78EB4CE4A5668725A
                                                                                                                                                                                                                                                  SHA-512:7754AF022340B47763205FAAF3395DA6EA93D0E69B67696EDA8197677977D8D46493A27639E4D2EF2AA06AFB846510ECFD0A070C9C326340A1EDB78970FFBB33
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licencni ugovor",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pro.itao/la sam Licencni ugovor i saglasan/na sam s njim",.. //{0} - Company name.. THANK_YOU: "Zahvaljujemo .to ste odabrali {0}.",.. INSTALL: "Instaliraj",.. CANCEL: "Odustani",.. RETRY: "Poku.aj ponovo",.. DONE: "Gotovo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} je va. osobni savjetnik za sigurnost na svakom mjestu na mre.i.",.. PROGRESS_SUBTITLE: "Instaliranje...",.. COMPLETE_TITLE: "Sjajno! Instalirali smo va.eg osobnog savjetnika na mre.i.",.. COMPLETE_SUBTITLE: "Spremno za pokretanje",.. COMPLETE_LAUNCH: "Otvori moj preglednik",.. ERROR_OS_REQUIREMENTS: "Va.a instalacija se ne mo.e nastaviti jer va. operativni sustav ne zadovoljava minimalne zahtjeve sustava. A.urirajte ga i poku.ajte ponovno.",.. ERROR_BROWSER_REQUIREMENTS: "Va.a instalacija se ne mo.e nastaviti jer va. preglednik ne zadovoljava minimalne zahtjev

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3020
                                                                                                                                                                                                                                                  Entropy (8bit):5.501193888773686
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3tTcztb3AE5sBQIkQfa4xR9X+MK+ReCoPMre6Q/sIzqjIaLej1uh9JQh/aS:3otzN5sBQIkQfa4xR1+MKPkreb/tzeBY
                                                                                                                                                                                                                                                  MD5:86A072B9B0E5BDB616874C39BD0F0264
                                                                                                                                                                                                                                                  SHA1:D3524BD363AFFEACA8079B2C9C24BE445BDFDC98
                                                                                                                                                                                                                                                  SHA-256:DCC631D88F305B8E71691C6852E3E8425244E38C90905FB78B47EF23102E6FCA
                                                                                                                                                                                                                                                  SHA-512:F50CAC2DA38082AEBB97C8DD2D1D69F62A4152616EF3710247C5C00E691475C52DDC52FD0A4CEC22AB9B7DB920CD3FD4DF2F10F6F8259CE4F6C0613D4920BFE4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licencmeg.llapod.s",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Elolvastam .s elfogadom a Licencmeg.llapod.st",.. //{0} - Company name.. THANK_YOU: "K.sz.nj.k, hogy a {0} term.k.t v.lasztotta",.. INSTALL: "Telep.t.s",.. CANCEL: "M.gse",.. RETRY: "Pr.b.lkozzon .jra",.. DONE: "K.sz",.. //{0} - Product name.. PROGRESS_TITLE: "A {0} az .n szem.lyes biztons.gi tan.csad.ja, amely mindenhova .nnel tart online.",.. PROGRESS_SUBTITLE: "Telep.t.s...",.. COMPLETE_TITLE: "Rendben! Telep.tett.k a szem.lyes biztons.gi tan.csad.j.t.",.. COMPLETE_SUBTITLE: "K.szen .ll",.. COMPLETE_LAUNCH: "B.ng.sz. megnyit.sa",.. ERROR_OS_REQUIREMENTS: "A telep.t.s nem folytathat., mert az oper.ci.s rendszer nem tesz eleget a minim.lis rendszerk.vetelm.nyeknek. Friss.tse, majd pr.b.lkozzon .jra.",.. ERROR_BROWSER_REQUIREMENTS: "A telep.t.s nem folytathat., mert a b.ng.sz. nem

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2654
                                                                                                                                                                                                                                                  Entropy (8bit):5.273633144698911
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:30WhiWDdQoG5DJItZEqRU0TMNIbpJ5WpGKf/w+roo5Ng5wZpEY854U6hgz9+IR17:39q51529MNI75JKf7rDm5f6hgzIG1u0R
                                                                                                                                                                                                                                                  MD5:6ADAA4FF9AFC5B3A70191C7778893813
                                                                                                                                                                                                                                                  SHA1:5F639C9E8E626D160A9832674AF8BEBCC4C324DE
                                                                                                                                                                                                                                                  SHA-256:8AA0EB04D5149925AD51ADC06D3F6468A4F2062F9A64BB80F85CAFCDA8BEA353
                                                                                                                                                                                                                                                  SHA-512:BA1433C4EF8EB91C90A5578FF81A276507E9A94D624C6D0BEDF6069F5F7A41D00F49DC2C4B23F5D481400245270E3B56236193198B1A98DAE2576E7BD9CB69B7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contratto di Licenza",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ho letto e accetto il Contratto di Licenza",.. //{0} - Company name.. THANK_YOU: "Grazie per aver scelto {0}",.. INSTALL: "Installa",.. CANCEL: "Annulla",.. RETRY: "Riprova",.. DONE: "Fine",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . il tuo consulente personale per la sicurezza ovunque tu vada online.",.. PROGRESS_SUBTITLE: "Installazione in corso...",.. COMPLETE_TITLE: "Ottimo. Abbiamo installato il tuo consulente online personale.",.. COMPLETE_SUBTITLE: "Pronti a partire",.. COMPLETE_LAUNCH: "Apri il browser",.. ERROR_OS_REQUIREMENTS: "L'installazione non pu. continuare. Il sistema operativo non soddisfa i requisiti minimi del sistema. Aggiornalo e riprova.",.. ERROR_BROWSER_REQUIREMENTS: "L'installazione non pu. continuare. Il browser non soddisfa i requisiti minimi del sistema. Aggiorna il browser e riprova.",.. ERROR_VE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3621
                                                                                                                                                                                                                                                  Entropy (8bit):5.5881432753526985
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:3wpT6KUHA0ZV0Ikw0nofKxypVqml/MiXzYGDpvvSDruthk:3w8Hg0sUKgpYZiXzYGDpXaKthk
                                                                                                                                                                                                                                                  MD5:B3B9671F29B88CF708C23FAA154F3AF2
                                                                                                                                                                                                                                                  SHA1:B0C26292029AE7A19A635761FAE1B137C75E6BCB
                                                                                                                                                                                                                                                  SHA-256:9AC130DCF86390701CC3A6C3551DD925360173CD59AC5ACE698BDEAB98309A67
                                                                                                                                                                                                                                                  SHA-512:1A46ABD016A1A7F3061E293FF0DED137509F6036C4363430D17107D9E26F8914D84DBA4634B3B0CB4A112D5E23594FB8670C2E8E0D0CFF4BA002AEEA32748FB6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "......",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "................",.. //{0} - Company name.. THANK_YOU: "{0}....................",.. INSTALL: "......",.. CANCEL: ".....",.. RETRY: "...",.. DONE: "..",.. //{0} - Product name.. PROGRESS_TITLE: "{0}......................... .........",.. PROGRESS_SUBTITLE: "..........",.. COMPLETE_TITLE: "................ ..... ..................",.. COMPLETE_SUBTITLE: ".......",.. COMPLETE_LAUNCH: "........",.. ERROR_OS_REQUIREMENTS: "........ .....................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2982
                                                                                                                                                                                                                                                  Entropy (8bit):5.847345330966997
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:34HjWMme4EaOYIc1TK1adfNDmI6DugabURx8B9HU5KzpJI6iUs/JAgPiX5NKt:346M3FadIc1+1cfRyDFfRqBRU5KzpJpy
                                                                                                                                                                                                                                                  MD5:39F3D2B27B66D5E6956963328124B8D3
                                                                                                                                                                                                                                                  SHA1:D85D5BFB9BF91E7AF751803F092E8F416D921EA9
                                                                                                                                                                                                                                                  SHA-256:7C4AFC7091B859A02BAE6084CC2A3D1D2EFAB4CE39A544E0417136082EAB0203
                                                                                                                                                                                                                                                  SHA-512:BB5550C76BBD499B7B9073EF2BA066D71F65E1B8BD834C57B7F431A4ADF5C4E723625DA1246598A37BF106CB4CE043FC2EBB819B0A941917366397D55A7627D0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: ".... ..",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: ".... ... .. .....",.. //{0} - Company name.. THANK_YOU: "{0}.(.) ... ... .....",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: ".. ..",.. DONE: "..",.. //{0} - Product name.. PROGRESS_TITLE: "{0}.(.) .. .... .. .. .. ... .......",.. PROGRESS_SUBTITLE: ".. ....",.. COMPLETE_TITLE: "....! .. ... .... .......",.. COMPLETE_SUBTITLE: ".. ..",.. COMPLETE_LAUNCH: ". .... ..",.. ERROR_OS_REQUIREMENTS: ".. ... .. ... .. ... .... .. ... ... . ..... ...... .. ......",.. ERROR_BROWSER_REQUIREMENTS: "..... .. ... .. ... .... .. ... .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2722
                                                                                                                                                                                                                                                  Entropy (8bit):5.303037907360488
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3795wot+OdOcWOEYoIOtl9IcBVF/qFSfE88QIwUueoIJhGduaT+G9hykWYYrzr9g:37Z+OZSFJNIaVFCFSfE2IwS885ZrzrKX
                                                                                                                                                                                                                                                  MD5:325FDF0453BC217006C5EBD8E937EF2E
                                                                                                                                                                                                                                                  SHA1:690B0339939946FC8A66E7BC3888B47132012E2D
                                                                                                                                                                                                                                                  SHA-256:AE6C759B42D34C6900489EA3B5FCD57692737B522F7126BE814B576FB55B37CD
                                                                                                                                                                                                                                                  SHA-512:12A146E232D234843A59404C287D78E1F9CCDFBC6A6BDA982E705EA9AAEAAC847A9C8CBA6FBC6ACA13AF16EC643F14D3A9E852B1AA25E6ED95879D3110B64703
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lisensavtale",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jeg har lest og godtar lisensavtalen",.. //{0} - Company name.. THANK_YOU: "Takk for at du valgte {0}.",.. INSTALL: "Installer",.. CANCEL: "Avbryt",.. RETRY: "Pr.v p. nytt",.. DONE: "Ferdig",.. //{0} - Product name.. PROGRESS_TITLE: "{0} er din personlige sikkerhetsr.dgiver uansett hvor du g.r p. nettet.",.. PROGRESS_SUBTITLE: "Installerer ...",.. COMPLETE_TITLE: "Flott! Vi har installert din personlige nettr.dgiver",.. COMPLETE_SUBTITLE: "Du er klar",.. COMPLETE_LAUNCH: ".pne nettleseren min",.. ERROR_OS_REQUIREMENTS: "Installasjonen kan ikke fortsette fordi operativsystemet ikke oppfyller minimum systemkrav. Oppdater det, og pr.v p. nytt.",.. ERROR_BROWSER_REQUIREMENTS: "Installasjonen kan ikke fortsette fordi nettleseren ikke oppfyller minimum systemkrav. Oppdater nettleseren, og pr.v p. nytt.",.. ERROR_VERSION: "Du har allere

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2834
                                                                                                                                                                                                                                                  Entropy (8bit):5.221829835796673
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:34+VvRiGOx7kopCe4I2RjEY5n40w7TI3k7+WxXDk7+xIXrf24+5N7XR7lnw2IuXU:3nVSw7tRAOjiI3WrxXDWmIXrfw5VhnBk
                                                                                                                                                                                                                                                  MD5:D406EAF5B9CBBB2546618F3D626A2970
                                                                                                                                                                                                                                                  SHA1:D149C8916B9820AF6256E57FA6521DA63A063418
                                                                                                                                                                                                                                                  SHA-256:AB6A945EDDBD05644903E5465FAC344C675DCFF1BF749FD02D4D134C2FDD643E
                                                                                                                                                                                                                                                  SHA-512:E8C6A03DD0A2C6DCCF28C34EC9E6D6C66F06524F6FC554600C99C68AA75E70A06C0CBB650A88B6DA2ED753B7F7F05FE63A4AA69C2D6A3DE94ACDE8E2B422ED5F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "licentieovereenkomst",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Ik heb de licentieovereenkomst gelezen en ga ermee akkoord.",.. //{0} - Company name.. THANK_YOU: "Bedankt dat u hebt gekozen voor {0}",.. INSTALL: "Installeren",.. CANCEL: "Annuleren",.. RETRY: "Opnieuw proberen",.. DONE: "Klaar",.. //{0} - Product name.. PROGRESS_TITLE: "{0} is uw persoonlijke veiligheidsadviseur, waar u ook online bent.",.. PROGRESS_SUBTITLE: "Installeren...",.. COMPLETE_TITLE: "Fantastisch! Wij hebben uw persoonlijke online adviseur ge.nstalleerd.",.. COMPLETE_SUBTITLE: "Klaar om aan de slag te gaan",.. COMPLETE_LAUNCH: "Open mijn browser",.. ERROR_OS_REQUIREMENTS: "Uw installatie kan niet doorgaan omdat uw besturingssysteem niet voldoet aan de minimale systeemvereisten. Werk het bij en probeer het opnieuw.",.. ERROR_BROWSER_REQUIREMENTS: "Uw installatie kan niet doorgaan omdat uw browser niet voldoet aan onze min

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2823
                                                                                                                                                                                                                                                  Entropy (8bit):5.563972162117738
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3dGFMW2pQHsBEbkZoNIGzxS5zXwWfeZOrma+1FKHZZ8ziDwThXiQLN3VzlzI77R5:3dGc+HbwZQIySBwWfeGmV8HZchyUNFzu
                                                                                                                                                                                                                                                  MD5:609E78D49DA067E287FC7252C23C27A7
                                                                                                                                                                                                                                                  SHA1:721E3387F38D84C1438FF57D2EC7C9BAC7A317B4
                                                                                                                                                                                                                                                  SHA-256:FE7EB51C80968E5C1F92336EF132EC12AB27FECCD3BF0DC4AB87E80268334A97
                                                                                                                                                                                                                                                  SHA-512:EB856F23E0152D43A411CC45A1CD4B56E84D5D8016C1EB549FC90D43C1668C005A191C7710ACF61DB2A32B2D341A4629BD3663A0538361281049D2228079D6FC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Umow. licencyjn.",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Znam i akceptuj. Umow. licencyjn.",.. //{0} - Company name.. THANK_YOU: "Dzi.kujemy za wybranie produktu {0}",.. INSTALL: "Zainstaluj",.. CANCEL: "Anuluj",.. RETRY: "Spr.buj ponownie",.. DONE: "Gotowe",.. //{0} - Product name.. PROGRESS_TITLE: "{0} to Tw.j osobisty doradca ds. bezpiecze.stwa w Internecie.",.. PROGRESS_SUBTITLE: "Instalowanie...",.. COMPLETE_TITLE: ".wietnie! Zainstalowali.my Twojego osobistego doradc. w Internecie.",.. COMPLETE_SUBTITLE: "Gotowe",.. COMPLETE_LAUNCH: "Otw.rz przegl.dark.",.. ERROR_OS_REQUIREMENTS: "Nie mo.na kontynuowa. instalacji, bo system operacyjny nie spe.nia minimalnych wymaga. systemowych. Uaktualnij go i spr.buj ponownie.",.. ERROR_BROWSER_REQUIREMENTS: "Nie mo.na kontynuowa. instalacji, bo przegl.darka nie spe.nia minimalnych wymaga. systemowych. Uaktualnij j. i spr.buj p

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2789
                                                                                                                                                                                                                                                  Entropy (8bit):5.3016062340489984
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3wJinI7w56E8GjaIrKc2NfOe6zLZIlS+LuV5eEHHW6zFVI1rJqPTZ6XJfaoMym4D:3y7a1jaIrOfJgLzPHHHW6z3aJqPd6ZS6
                                                                                                                                                                                                                                                  MD5:775D02E62D343C8AF21F50328C759CC7
                                                                                                                                                                                                                                                  SHA1:1F976C75FB8425AB61CF1D66527C34E41019CB71
                                                                                                                                                                                                                                                  SHA-256:072785166431B8CFD6744F1583A8D0ECF275854EC4EBDE6B851DD8AAF19371CE
                                                                                                                                                                                                                                                  SHA-512:AFF7467FF93B4DF13519DEA1E2363D84B90C427F1DED6F6D43AA4C6123B33C88CAAB8999AA6A6709DCBC7B7550BAB368D3B190E425B6DAEC0FA5647CFFE9BD41
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Contrato de licen.a",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Eu li e concordo com o Contrato de licen.a",.. //{0} - Company name.. THANK_YOU: "Agradecemos por escolher o {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Tentar novamente",.. DONE: "Conclu.do",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . seu assessor pessoal de seguran.a sempre que estiver online.",.. PROGRESS_SUBTITLE: "Instalando...",.. COMPLETE_TITLE: "Excelente! Seu assessor pessoal online est. instalado.",.. COMPLETE_SUBTITLE: "Pronto para come.ar",.. COMPLETE_LAUNCH: "Abrir meu navegador",.. ERROR_OS_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o sistema operacional n.o atende aos requisitos m.nimos de sistema. Atualize-o e tente novamente.",.. ERROR_BROWSER_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o navegador n.o atende aos nossos requisitos m.nimos de sis

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2834
                                                                                                                                                                                                                                                  Entropy (8bit):5.285322036631864
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3T1cnI7wb1EbiIvQdKVvNfwSe6GfIeTnL+LdbeEsa5cztlI1rJqPFqWruD6NnqBL:3TZ7IubiIvQdUlfKFiHsa5czPaJqPFqf
                                                                                                                                                                                                                                                  MD5:C7052BCD40A05D0A3C7F0EE4B23D4420
                                                                                                                                                                                                                                                  SHA1:109A90360C15D73BFC1F1830419EBCBFA070E8D4
                                                                                                                                                                                                                                                  SHA-256:DEDE2191F3B5936FC69D10FDF61C0D71B22486055BC68E5B4F7655025B19BFAA
                                                                                                                                                                                                                                                  SHA-512:E9D0A62C150920F2BDFD7E1E7D18875D9E85A90D24CC01FA961EDAA57893450A67A5F866D5626F8F5FE9767A59E0FA48E22D8FBB482CB94C57FC0B9DE7E79146
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "contrato de licen.a",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Li e aceito o contrato de licen.a",.. //{0} - Company name.. THANK_YOU: "Agradecemos por escolher a {0}",.. INSTALL: "Instalar",.. CANCEL: "Cancelar",.. RETRY: "Tentar novamente",.. DONE: "Conclu.do",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . o seu consultor de seguran.a pessoal onde quer que navegue online.",.. PROGRESS_SUBTITLE: "A instalar...",.. COMPLETE_TITLE: ".timo! Instal.mos o seu consultor pessoal online.",.. COMPLETE_SUBTITLE: "Pronto para come.ar",.. COMPLETE_LAUNCH: "Abrir o meu browser",.. ERROR_OS_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o seu sistema operativo n.o cumpre os requisitos m.nimos do sistema. Atualize-o e tente novamente.",.. ERROR_BROWSER_REQUIREMENTS: "N.o . poss.vel continuar a instala..o porque o seu browser n.o cumpre os nossos requisitos m.nimos do sistema.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4105
                                                                                                                                                                                                                                                  Entropy (8bit):4.975608303898123
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:30u/iNM+4IOq/knqwkXf2EAaKOTLvl8szDmSXyD+X2h:30u/2MNjLnUP2Zb2GszDmSXyCXg
                                                                                                                                                                                                                                                  MD5:4DD96DA7415A652A5E484DC6239782CF
                                                                                                                                                                                                                                                  SHA1:6208329EDEEC28D151D9E5800115A3F81BA816A2
                                                                                                                                                                                                                                                  SHA-256:66A056646393A313C24FB488886376E7B361407CD348C2E7B1EE8254CF2576BB
                                                                                                                                                                                                                                                  SHA-512:685EDA453DBD36C9A6120B80AF39D0B7EBDDA81A9BCBABDEE52AD6650F830AA6E235FE31ED4A61FD8B20E9BE25BBDB90AC39766C608EB3ADADEEE679664FAD6C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "............ ..........",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: ". ........(.) . ........ ............ ..........",.. //{0} - Company name.. THANK_YOU: ".......... .. ..... {0}",.. INSTALL: "..........",.. CANCEL: "......",.. RETRY: "......... .......",.. DONE: "......",.. //{0} - Product name.. PROGRESS_TITLE: "{0} . ... ... ...... ........ .. ............ . ..........",.. PROGRESS_SUBTITLE: "............",.. COMPLETE_TITLE: ".......! .. .......... ...... ........ .. .............",.. COMPLETE_SUBTITLE: "... ......",.. COMPLETE_LAUNCH: "....... .......",.. ERROR_OS_REQUIREMENTS: "......... .. ..... .... .........., ... ... .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2909
                                                                                                                                                                                                                                                  Entropy (8bit):5.626133730858778
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3KUWqz7ZZceEHrdNIzNUAuvAKf+EGAzo+93L08AwF7ERm4502zLzIPJicLhqaX4U:3K/AZeH3IzNUAuvAKf+EGAs+JL08AIwO
                                                                                                                                                                                                                                                  MD5:9F16073EC6F27264D8157CA0C6BAC3FF
                                                                                                                                                                                                                                                  SHA1:02A8694638AA2DDA4E30848821E175479C4E7588
                                                                                                                                                                                                                                                  SHA-256:4AEDFE6AF187A36A25F824C5C3819D6FED03AF76C4B722AF4772F90BACF1FF86
                                                                                                                                                                                                                                                  SHA-512:E852A1F712DA32FB30CC79FE0D33CE57430B4CA59936824D55A2F2FE1167959774FDC9634EE7BEC7C84965F68495CCE24DCAA1BB6D85D2B90406782D1285CA7C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Licen.n. zmluva",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pre..tal(-a) som si dokument Licen.n. zmluva a.s.hlas.m.s n.m",.. //{0} - Company name.. THANK_YOU: ".akujeme, .e ste si vybrali {0}.",.. INSTALL: "In.talova.",.. CANCEL: "Zru.i.",.. RETRY: "Sk.si. znova",.. DONE: "Hotovo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} je va..m osobn.m poradcom v oblasti bezpe.nosti, kdeko.vek sa pripoj.te na web.",.. PROGRESS_SUBTITLE: "In.taluje sa...",.. COMPLETE_TITLE: "V.borne! Nain.talovali sme v..ho osobn.ho online poradcu.",.. COMPLETE_SUBTITLE: "M..ete za.a.",.. COMPLETE_LAUNCH: "Otvori. m.j prehliada.",.. ERROR_OS_REQUIREMENTS: "Va.a in.tal.cia nem..e pokra.ova., lebo v.. opera.n. syst.m nesp..a minim.lne syst.mov. po.iadavky. Aktualizujte ho a sk.ste to znova.",.. ERROR_BROWSER_REQUIREMENTS: "Va.a in.tal.cia nem..e pokra.ova., lebo v

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2792
                                                                                                                                                                                                                                                  Entropy (8bit):5.357366308263878
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:31hpQU1rGGEji4oL8BI7J2wEfD/f6zRlce+ISDO4MERSeXlzd5iLIXQ5T7H5OWQj:35b1WjBACI7ItfD/fojmIKYENVzd566v
                                                                                                                                                                                                                                                  MD5:D7BCA954858CFDD077B87175B015B529
                                                                                                                                                                                                                                                  SHA1:C2209D10757A7646B21951981A4DD1ADE40CBE7B
                                                                                                                                                                                                                                                  SHA-256:21CA8FC0D87338E407A5BF3966F0385979993BBE4F42390201BC1366E6E07EA9
                                                                                                                                                                                                                                                  SHA-512:B02BE531DD0D55261969C95EDDEB2FB431E1C5D302A8BEB692DBB36933904383F48EE08FA0CAE66AB521ADEEC541777327865D67FFA2DA7C76E4056E0462DCA6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Ugovor o licenciranju",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Pro.itao sam i saglsan sam s Ugovorom o licenciranju",.. //{0} - Company name.. THANK_YOU: "Hvala .to ste izabrali {0}",.. INSTALL: "Instaliraj",.. CANCEL: "Otka.i",.. RETRY: "Poku.aj ponovo",.. DONE: "Gotovo",.. //{0} - Product name.. PROGRESS_TITLE: "{0} je va. li.ni savetnik za bezbednost gde god da ste na mre.i.",.. PROGRESS_SUBTITLE: "Instaliranje...",.. COMPLETE_TITLE: "Odli.no! Instaliran je va. li.ni savetnik za bezbednost",.. COMPLETE_SUBTITLE: "Spreman je",.. COMPLETE_LAUNCH: "Otvori pregleda.",.. ERROR_OS_REQUIREMENTS: "Instalacija se ne mo.e nastaviti jer operativni sistem ne ispunjava na.e minimalne sistemske zahteve. A.urirajte ga i poku.ajte ponovo.",.. ERROR_BROWSER_REQUIREMENTS: "Instalacija se ne mo.e nastaviti jer operativni sistem ne ispunjava na.e minimalne sistemske zahteve. A.urirajte pregled

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2700
                                                                                                                                                                                                                                                  Entropy (8bit):5.360820792263823
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3pdCODtNYC/mqEYcQdE9IcaF8kFFafEoGyIucFI4Xc3+NqYk7svff0ozg2IfGETU:3JROLieInFhFafEojIvn3fvzrCRZNsrJ
                                                                                                                                                                                                                                                  MD5:B553D7133C80C6AB93BF33A7DB0E65CA
                                                                                                                                                                                                                                                  SHA1:0670C14B53E7D362EF19F35C18095D43258E23E2
                                                                                                                                                                                                                                                  SHA-256:4D9CD0727E42F367AC9720FF1BEA9EA32062D09294C973B54B57050C05E4FFD5
                                                                                                                                                                                                                                                  SHA-512:D06743CEDD5CDB6E98F1768DBC425550110D858A904828231591AB71EA9A2C6728EE75239CC7E2C411F2E993337F5C69B1FA33D82D5395DC24753915702E3622
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "licensavtalet",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Jag har l.st och godk.nner licensavtalet",.. //{0} - Company name.. THANK_YOU: "Tack f.r att du v.ljer {0}",.. INSTALL: "Installera",.. CANCEL: "Avbryt",.. RETRY: "F.rs.k igen",.. DONE: "Klart",.. //{0} - Product name.. PROGRESS_TITLE: "{0} .r din personliga s.kerhetsr.dgivare var du .n kopplar upp dig.",.. PROGRESS_SUBTITLE: "Installerar ...",.. COMPLETE_TITLE: "Toppen! Vi har installerat din personliga internetr.dgivare.",.. COMPLETE_SUBTITLE: "Allt .r redo",.. COMPLETE_LAUNCH: ".ppna i webbl.saren",.. ERROR_OS_REQUIREMENTS: "Installationen kan inte forts.tta eftersom operativsystemet inte uppfyller systemkraven. Uppdatera det och f.rs.k igen.",.. ERROR_BROWSER_REQUIREMENTS: "Installationen kan inte forts.tta eftersom webbl.saren inte uppfyller systemkraven. Uppdatera webbl.saren och f.rs.k igen.",.. ERROR_VERSION:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2936
                                                                                                                                                                                                                                                  Entropy (8bit):5.4922221769296184
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3DdrZpFTox8fYCPZEpdhp0IW+AVJBn+AWuzfNLFnsZFfB9mpFA8lLgMs/U4oXMoN:3JZToKnKpdheIWtr+uzfvsTfTGacLXz5
                                                                                                                                                                                                                                                  MD5:18A69E3CA3CA0156A63A1DFBE77D4F29
                                                                                                                                                                                                                                                  SHA1:ECA17161D2AD2642AC9103107009275945113340
                                                                                                                                                                                                                                                  SHA-256:A931E05C2614D3739472F9DD6F252A860BD8EFF5C65476427D3FFB388BCFBB7C
                                                                                                                                                                                                                                                  SHA-512:175C2C45C6E178C034D8419DA14BD77F4878ACD0B242F74BB5AA8B4FAF3D8A25B854E7E1C6ACF8D71573D23FBBB8899B13FED05B2A47C7598E51DEC6340B4FE3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "Lisans S.zle.mesi",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: "Lisans S.zle.mesini okudum ve kabul ediyorum",.. //{0} - Company name.. THANK_YOU: "{0} .r.n.n. tercih etti.iniz i.in te.ekk.r ederiz",.. INSTALL: "Y.kle",.. CANCEL: ".ptal",.. RETRY: "Tekrar Deneyin",.. DONE: "Bitti",.. //{0} - Product name.. PROGRESS_TITLE: "{0}, .evrimi.i oldu.unuz her yerde ki.isel g.venlik dan..man.n.zd.r.",.. PROGRESS_SUBTITLE: "Y.kleniyor...",.. COMPLETE_TITLE: "M.kemmel! Ki.isel .evrimi.i dan..man.n.z. y.kledik.",.. COMPLETE_SUBTITLE: "Haz.r",.. COMPLETE_LAUNCH: "Taray.c.m. a.",.. ERROR_OS_REQUIREMENTS: "..letim sisteminiz minimum sistem gereksinimlerini kar..lamad... i.in kurulumunuz devam edemiyor. L.tfen g.ncelleyin ve tekrar deneyin.",.. ERROR_BROWSER_REQUIREMENTS: "Taray.c.n.z minimum sistem gereksinimlerimizi kar..lamad... i.in kurulumunuz devam edem

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2349
                                                                                                                                                                                                                                                  Entropy (8bit):6.290274114517677
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3oWfvFbBReTE4anI7mO8VDfA9lwVooJy17QGYDV5zzIG+b7jyW1XoUW:3oWHrR34anI7mO8VDfA9lMTocGu7zzzN
                                                                                                                                                                                                                                                  MD5:2CCA1854019AAD327B3FABE1000E9BEF
                                                                                                                                                                                                                                                  SHA1:59A26CCDD6327DDDC4C02650171177A27E771452
                                                                                                                                                                                                                                                  SHA-256:4E07338BAAA7C846DA5FECB9680BFF445E7701B143BD2025A55A04F58EA0379F
                                                                                                                                                                                                                                                  SHA-512:731086276C68E129023B444192F151855158B84E0542F112849082F911D58F6E632C32E147507D25C60E003D5564EFA2E3EBA1FFD18DEF475F64BDCBDAF8F2B5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "....",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: ".............",.. //{0} - Company name.. THANK_YOU: ".....{0}",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: "..",.. DONE: "..",.. //{0} - Product name.. PROGRESS_TITLE: "{0}............",.. PROGRESS_SUBTITLE: ".....",.. COMPLETE_TITLE: "....................",.. COMPLETE_SUBTITLE: "....",.. COMPLETE_LAUNCH: ".......",.. ERROR_OS_REQUIREMENTS: "................................",.. ERROR_BROWSER_REQUIREMENTS: "................................",.. ERROR_VERSION: "..................",.. ERROR_FAIL: ".............

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-install-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2522
                                                                                                                                                                                                                                                  Entropy (8bit):6.318470816194378
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3wPuvnWuIBAezE3esIo5M++fI/lYjfGFsjL7F9f9tz3JIeqWaGUnfAr5hTD:3wUwAv3FIL++fI/l0f7F9f7z5jqWofA3
                                                                                                                                                                                                                                                  MD5:306CB62C14A658C9E25B72926B0585D7
                                                                                                                                                                                                                                                  SHA1:B97A542503E581BA545574FA0C0A5B1CE658F9D8
                                                                                                                                                                                                                                                  SHA-256:42E2F61873BD8A7F6A03B76C68955A3D0D701313AD773B32AF802240968872BF
                                                                                                                                                                                                                                                  SHA-512:EFD763788B1D991A7ECEC1B77353C1455EB9376A0D961D4069968C6D5471612329FF88E052806FEB42DD09A01BF7CD82701E010EFABAA53149DC0BDB1957A55A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrInstall_ = {.. EULA_TITLE: "....",.. EULA_CONTENT: "",.. EULA_TERMS_AGREE: ".............",.. //{0} - Company name.. THANK_YOU: "..... {0}",.. INSTALL: "..",.. CANCEL: "..",.. RETRY: "....",.. DONE: "..",.. //{0} - Product name.. PROGRESS_TITLE: "{0} .....................",.. PROGRESS_SUBTITLE: ".....",.. COMPLETE_TITLE: "..................",.. COMPLETE_SUBTITLE: "....",.. COMPLETE_LAUNCH: ".....",.. ERROR_OS_REQUIREMENTS: "................................",.. ERROR_BROWSER_REQUIREMENTS: "...............................",.. ERROR_VERSION: "................",.. ERROR_FAIL: ".........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):716
                                                                                                                                                                                                                                                  Entropy (8bit):5.6123995105579825
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfx6v9LuO4biqra6fMocbkLwT5zxjAHo8+9wuRToEwCWHmlva:7e9SlNLiaf4v9KO4zG6fMocWIOHo8+9G
                                                                                                                                                                                                                                                  MD5:00F4E38B48072F3869B60E0D95C2A9B6
                                                                                                                                                                                                                                                  SHA1:C8CE5CA8F175008CCBEC78275E757F62FE9C635A
                                                                                                                                                                                                                                                  SHA-256:C2D22278512E32727CB434EA10F23C86AE9C08CAF0AE4DAB02F02FCB1041BB99
                                                                                                                                                                                                                                                  SHA-512:64429F44AD0594E529C1C4CE9FFB87981790E67BAAF4CA3E704FE13C2BAE720E602E9ED2D74F3E9664A91EC6B3C1524070137732798EB8B4E830996379C3C16D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verze",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//7915940C39986F4880E6A2FBC9737543635F5A1D110ED6E3AFFDAFAB149C5AFF1703FFC9466951316626F1FBB58178AEBD100D0078DABFC21D0714D0CEEA119F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):728
                                                                                                                                                                                                                                                  Entropy (8bit):5.552900854514872
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biUvzbkLwT5zxjAHo8wN9wuRTo6NHMxracRckCdXt:7e9SlNLiafLYFv9KO4Z7WIOHo8wN9ZR/
                                                                                                                                                                                                                                                  MD5:B2C903C076A41A1737DB816018633A98
                                                                                                                                                                                                                                                  SHA1:FAD0008D1C2D4713239C3D9058685919F656B7AD
                                                                                                                                                                                                                                                  SHA-256:F525F6EAF3880731B179D85B090C0632DA0D913FC84E5E3F98071AF276259F55
                                                                                                                                                                                                                                                  SHA-512:95283B3B641A234A122386A6E7D1D8358FD5AC67F1F72262E53B028A5927B12EAF501A2D4E4B45A14014D96CAE69C0E514540CEA80686F1696901E609E14E805
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "F.rdig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//514C43E98B794D2AC98CC2A39D1794688A93B8FE872BF50CB063364579F1BEA8C13AEB945A186AC919AC0B33B114C4CDF8877E143AD3B5EDF237023A807AE010++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):695
                                                                                                                                                                                                                                                  Entropy (8bit):5.549081746702864
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+p3ibkLwT5zxjAHo8+N9wuRToEKQw/Fht:7e9SlNLiafLYFv9KO4pSWIOHo8+N9ZRQ
                                                                                                                                                                                                                                                  MD5:D758E0A6DA482AE0EEB46E0B8A65C9CD
                                                                                                                                                                                                                                                  SHA1:7945EA60F5AFC84819283037B2FF493CB8224C5E
                                                                                                                                                                                                                                                  SHA-256:14F8DB188A0130B264D3A34D0ADD757FD1BE3C5A5E02E581BC0A9D578F736B87
                                                                                                                                                                                                                                                  SHA-512:E93EB661D24C40DD2375B521B256EE9F3CAE01868E261B2F4ECA39CF8BE37C7C0120097DAA365B8F5503D0388FA70E8E26E1F795E27E0BA903BC5444FEF2E55E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Fertig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9F9083EA4FDED455F3A23B016952128F280E9BB91D2498BDFC250400DD82FD928136390AEA869B7A1C014FE3C0760121E9800361A5837B39456C1EDC9746BEF2++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):750
                                                                                                                                                                                                                                                  Entropy (8bit):5.77117399690753
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kft6v9LuO4bi7XKfRWkGmbkLwT5zxjAHo8JP9wuRTol6VFB:7e9SlNLiafEv9KO4mXCWkHWIOHo8JP9t
                                                                                                                                                                                                                                                  MD5:1C8FFEDEC34AB60D998C996AC7D55462
                                                                                                                                                                                                                                                  SHA1:58B78A462590B78A421024E70D4CF89434AA7BC1
                                                                                                                                                                                                                                                  SHA-256:CBCB9411E7947D6483DF5E05D967C9531AAAA0CA3F233E86994247818540CA5E
                                                                                                                                                                                                                                                  SHA-512:83A500DDD5064EC74808E28A1544862D47FA42188E0AD57B22E0241529147261DA4AF60017EFF000ADBF88E307A6FA56C78963D73AC9A6B2536E2FD2B9D81D56
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "...... ............ .... .........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: ".....",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D7F2DA34F1B7920CDF501DA892A6EF4E0F0482D5B374A1842AA59B4D81D84459C21E6F05926E192B86431EBB5037EB33BDA11B0E22308710E9627D7E7BBDD102++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):688
                                                                                                                                                                                                                                                  Entropy (8bit):5.487912643529434
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biqkCbkLwT5zxjmT9wuRTo/upmkI2uDiSRgC:7e9SlNLiafLYFv9KO4zkCWIoT9ZRRIk8
                                                                                                                                                                                                                                                  MD5:CC46B4069EB88FCA4183A1802345E488
                                                                                                                                                                                                                                                  SHA1:06D6CABDCD0E67EBE402C81E12963AA00E04E799
                                                                                                                                                                                                                                                  SHA-256:ADF2EC9276CD96BAA46E217DCE9586664C7DFFA22986B26596AC985D3E0C3903
                                                                                                                                                                                                                                                  SHA-512:1DD44483C0ACF7442FE1DAADF0FD3256C1099EBF63265984CEC610F8811CEAE867A1081D8BB8B9B801E08BDE0E8D7E265BA4A36536B0E47FC000E262F23B8848
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Done",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//93ECAFC6B6FA905461032E6E8DB4729D2263C0306E689F6F2ED8EBDE9DEEB34B003A93CD10F9DA8B1526F7017FC0F77DFDA6CAA0F0FEE67BE1F16FE012A4EE93++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                                                                  Entropy (8bit):5.5223212774827966
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmuXnbkLwT5zxjcglP9wuRTo2XZwfIuN1gC:7e9SlNLiafrFv9KO40AnWIqgV9ZRFQf
                                                                                                                                                                                                                                                  MD5:54A4EB2032797DD5698E222029700740
                                                                                                                                                                                                                                                  SHA1:2F7E07CEB0295F3239CE8F12E8A9D40277CDD301
                                                                                                                                                                                                                                                  SHA-256:30055D95C0B902C93AA58EDB2743B19D928212C2F7549148E79EFAA99E263BF9
                                                                                                                                                                                                                                                  SHA-512:C05E874A388172D7CD8921F4C1F9D61AC8F03D0EB53EC4CDB0ECB530461264A948560B949FE6416BEA2077440AA44F0B60F0BB0C19A986F042433E2C141CE8C6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D637B12E35A4ABAF510C98358FC89098EE8C5F537636E86A2E74A59998CBCCEADD062E0D121A282C7F190C2006C9FEF1A0F154606AF95776592B825C8C802D02++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                                                                  Entropy (8bit):5.537604554770778
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmuXnbkLwT5zxjcglP9wuRTo6mVa4V9ncmIv:7e9SlNLiafrFv9KO40AnWIqgV9ZR1QfA
                                                                                                                                                                                                                                                  MD5:AB2324AA7C6A311DC97B36ADA22046CF
                                                                                                                                                                                                                                                  SHA1:5932FD81A2126A13F7C03910E68744C7F41DE394
                                                                                                                                                                                                                                                  SHA-256:A7D4654BAE3D149D345A887A7892962793D061C9E755F251A7D19C2F564B939B
                                                                                                                                                                                                                                                  SHA-512:E538DACA1AED4E6B3273DD1388B7A0FA576CD3ABDF156DCF6C3D816F14B7516711724C77E1C98E2B672981E32558CB7DFE4E4850A634F6C021BFE84BEF1EC267
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1496EF941B55F4BF4FF8C580A2561563C6BC322E226844D8B8F8BACF0FBFDA7F6BA401BFB844DE187768CB4BE50BA3807F79D92D3D499CA70EB86A09479E101D++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):694
                                                                                                                                                                                                                                                  Entropy (8bit):5.5173328903737
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfft6v9LuO4biO6EGbkLwT5zxjAHo88WN9wuRTo8M9DEXW+A29dC:7e9SlNLiafsv9KO43GWIOHo8Z9ZRnS+Q
                                                                                                                                                                                                                                                  MD5:2EFAA2FE73F61AAA9575F06A7EE25AAA
                                                                                                                                                                                                                                                  SHA1:28DB2864BC91CFEC0F615800C7C48D0954F8DE61
                                                                                                                                                                                                                                                  SHA-256:3D65ACAD9615F07267279B3C6EF547C033D37B1F55E9F393BA5F07149BF158ED
                                                                                                                                                                                                                                                  SHA-512:57D8821F7C5EFA9B630E3CB0A9CFB51E0A1BC81D8FBCECB0595FA2373B3B8AC488717516EDBE4DF07E83D372E73341BD04A3907745D7AB5C08100FE9141B5E67
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versio",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "tietosuojaselosteen",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Valmis",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//592438C477D7D5A0FCDE0A4ABEEC1E61160F3ADB96ED593D2336CB7F85A5D7ED20530ED0297802AE44966CA63AEC0B0D86E87CCF49CB09DA32283990C5157737++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):710
                                                                                                                                                                                                                                                  Entropy (8bit):5.571075904252609
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieQdbkLwT5zxjAHo8g9wuRToHcONXKvL+u9vFJ:7e9SlNLiafLYFv9KO4wdWIOHo8g9ZR2Y
                                                                                                                                                                                                                                                  MD5:B1FEF06E6DB7C7840355CFDC9E66DFA9
                                                                                                                                                                                                                                                  SHA1:1A72F5525215F467F2687052C1C107143BFBC497
                                                                                                                                                                                                                                                  SHA-256:CA51CECD55303BF09C0F9E0E8285419EED57BB2E457E906FDC06763F1AABE64A
                                                                                                                                                                                                                                                  SHA-512:0D3A8FC6D51795EBD7116CF30FE7371A01ABAC64D898045EA8BF1E22C975E2E805B9ABF2B51BCD9B12A10CC56941320869E63A818DBAEAA72764010251757171
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "d.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E31462AD7B349988780C04B0BC7C8C4421A8A65C2B0267E5BA72FC3F8BB7278C1889AB97283D655440681525FC18608C9BF44C79B9E6B01A384AB197AD90FD4C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):710
                                                                                                                                                                                                                                                  Entropy (8bit):5.544187033409281
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieQdbkLwT5zxjAHo8g9wuRTompOE6pzxcgRg:7e9SlNLiafLYFv9KO4wdWIOHo8g9ZRHN
                                                                                                                                                                                                                                                  MD5:81FF80E529C769AECE9D98592D14A500
                                                                                                                                                                                                                                                  SHA1:88D9EC34A3852BB8577FDC4ED89AD71A79862F5C
                                                                                                                                                                                                                                                  SHA-256:98DDF02B185AC2036F8EBBB6ADF9C7B4FA14FC8CA9FBD19B7FFBFEA3770977F4
                                                                                                                                                                                                                                                  SHA-512:24C932AD5D51E1B014E8BBB5371104884EC3A20530F8D6653F28D6F52F2571A2ACDF70D803EF12FA7D974DD3907632676F0BEBA0CB679D46E46D3AB7B9B3CCE7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "d.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//6272E90B87E22993E4A9C7AFBD1EA5F6E826D3D603124F3F6DA42CB6FD6A7CA04857CE3220935E918503D17C26ED9CE2AD48B2A2C83030EBCF9BE923DD91B71E++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):703
                                                                                                                                                                                                                                                  Entropy (8bit):5.5270598050887205
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biaBzcbkLwT5zxjHT9wuRTo4jRF4zOAkE4XG0:7e9SlNLiaflv9KO43BoWIVT9ZR774zhK
                                                                                                                                                                                                                                                  MD5:7AAE3B6206C930CD459C11C26F120447
                                                                                                                                                                                                                                                  SHA1:9B5AE66FBDE3B0E7AD58C1D69A7DAF40AACEDC67
                                                                                                                                                                                                                                                  SHA-256:8DCD9C2FB5873BB4F522C9E8209A0CD93242C1B1B47EC53166E2E03355668E1D
                                                                                                                                                                                                                                                  SHA-512:47977AC2A48626E4500E7E8A84E9843FF2C7CF5CC403AC58629B13D0DFA288BE320A48436332D0AC2FEF97D7959F14BE2DDFBB50FA35516C03070E56A694DDA3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//C5921FB8FE54F0C9BADA85486599B32A165D30DEEA2DDBC8609E4045DAA88AD032F6AB1D073C3AEC92DB86343CB0733C39A62CA3F84D756E6E086481CE8F7AAF++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):699
                                                                                                                                                                                                                                                  Entropy (8bit):5.578115457562142
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfQdU6v9LuO4bihIHmdcbkLwT5zxjAHo8Kwv9wuRToXaaMM:7e9SlNLiafQd7v9KO4k6ocWIOHo8Kwvw
                                                                                                                                                                                                                                                  MD5:BEB5960C719B090AA684968F630B674F
                                                                                                                                                                                                                                                  SHA1:30F3214BFE12A27A84BDC14446F4F57AF96E46B9
                                                                                                                                                                                                                                                  SHA-256:3851B97C8DBCFE1A9E85AB1B712E3F4B8388BFD7EC665211C83D66A59C5A8772
                                                                                                                                                                                                                                                  SHA-512:33E3874AF7AD6186532F1B5EC90156287C3D73837183EE4934D7919AA8A43145DFC6413840782E759E8B65211673AE3A8794DA424EC9B565875CEA709D6AD17F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzi.",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "K.sz",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0D63EE19641986D9D825A8C5134A9CE24F11402D1E1B0E33B2454ACB50E4A62EF5E0C8E59D2ABEA7BF41C597CE801D9CE9A00D9E4A4FFA823C7789863F9BE63C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):697
                                                                                                                                                                                                                                                  Entropy (8bit):5.505876168763784
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfy6v9LuO4biNp7mbkLwT5zxjm79wuRToSj0hWSWzpp+8:7e9SlNLiafVv9KO4apKWIo79ZRXPzpg8
                                                                                                                                                                                                                                                  MD5:A14208DB73B39365C4D6C838776981D9
                                                                                                                                                                                                                                                  SHA1:FEB20B19EF9C58C6CC10914A9E139ECC617D91A1
                                                                                                                                                                                                                                                  SHA-256:E13248A02CC9BF468A097DBAFF0BEED57176284BD10E431E4005C525B91C8618
                                                                                                                                                                                                                                                  SHA-512:53A3E81DB1AD91A64D281AE089C8AB4526873D7A1EBBA27C93146320CB132160EF7441DDECFC715C2F28F5901E74E9B1EC02116C247C287458AE4F7DD5899373
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versione",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Notifica sulla Privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fine",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9D53CF31538C018BAE126DDA881FFD6C157AD09EBFB4BDBA389AED758E33FCE052A61F8F331AEC363DAE8E19DA957FBD41B0D08A44EBDA2D4CDEC8D669091087++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):808
                                                                                                                                                                                                                                                  Entropy (8bit):5.7409373263357235
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7e9fLdo5ijdfA6Dlv9o4A2AWIOHo8UHv9ZR6Ued3:K9fLdICdfA49XLAWIOfUHFKdd3
                                                                                                                                                                                                                                                  MD5:28B7739A421835EB9CD88B6013D4E689
                                                                                                                                                                                                                                                  SHA1:DCF2CCD130415AC7F2C45E4495AAFC5EC976B058
                                                                                                                                                                                                                                                  SHA-256:0C69D07D25EADA8203C4207A619F31992E1EC223D9550E645E2780C4BF3C29FA
                                                                                                                                                                                                                                                  SHA-512:501684FDD4B4569C5BFB7A4F7E4C32B7FD8272E2B4961958F64B03E6B74D5767E19E17133F43A3CE5ED4DD932DE509C96C2D57F53B8C60318F03AE764A86EE0E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "..... .........",.. PRODUCT_NAME_LIVE: "..... ......... ...",.. PRODUCT_NAME_TRADEMARKED: "...... .........",.. VERSION: ".....",.. WEBADVISOR: ".........",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//26438DF7DDD1B7091ED260C5751D4A077CA382594D057744E7A18123A105135A5502DE2EC8D32B83E5301B99F1BF5EEC74B00DEF5B1B21DBF4CDBD9CC6109029++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):742
                                                                                                                                                                                                                                                  Entropy (8bit):5.82878368970307
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSd6ds63i7R6ikfV/i6v9kc4biyGbkLwT5zxjsGiFW9wuRToa+g/N0u+Ho:7e9Ed13isnfVtv9kc4sWIViQ9ZR2gl4I
                                                                                                                                                                                                                                                  MD5:53F240755A3E1938272249CCF8BD05D7
                                                                                                                                                                                                                                                  SHA1:770F628BB772CC9461CF3D234E061EA4D810B119
                                                                                                                                                                                                                                                  SHA-256:51DCD424DE086E10A9591AB85F830A8F466108F9DBBAA4B47A6DBAFB04BF2986
                                                                                                                                                                                                                                                  SHA-512:54E1024EFC0B118C78C2406FB7D92E9794A241CBDE0D122957CC2C0C9628B443EE3EB7BEB916C83AD6BA7E8A706BFC8B7A78513119902A867A3728938EDE2A50
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee ......",.. PRODUCT_NAME_LIVE: "McAfee ...... ...",.. PRODUCT_NAME_TRADEMARKED: "McAfee. ......",.. VERSION: "..",.. WEBADVISOR: "......",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//277BE604E32720DCF4BFF19AAA4CE10DDD8BABD440063659C78111528AE8B9281D266930182575EBEEBD256C8A040C4507A85B56B99FD882D9F3380D6FDEEA77++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):696
                                                                                                                                                                                                                                                  Entropy (8bit):5.566757432761514
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kf3Hi6v9LuO4biqyNLMBHbkLwT5zxjmf9wuRToQMLVXQQgAe:7e9SlNLiaf3Fv9KO4zyNsHWIof9ZRtMA
                                                                                                                                                                                                                                                  MD5:13FAE2BC4589EEB043806433697F4963
                                                                                                                                                                                                                                                  SHA1:3D8CFA01762AEE740AA79236BADF9377275C8056
                                                                                                                                                                                                                                                  SHA-256:F566A0C874B6497D4062F50ED554E5B997E4802E3B38AE70F59ED5787E39ACE9
                                                                                                                                                                                                                                                  SHA-512:0A9DA7FA70D04D7AB53E4B7965EE8B6985BA1B2F6B2BACDFBEA92958ADAED25DC469BF6CA81B17BB75F53D3F5E39EFC3828984CC2346D1AFA6E6DAD14F364025
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versjon",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fullf.rt",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E6C0634EF860473E5E1AC5DB56979665B177B654AF315AE120E64100E5693F76AC7D9890274062266625FE1B3B2BE60A8D8495F7A38F8C8C5EC99648483D6C21++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):746
                                                                                                                                                                                                                                                  Entropy (8bit):5.619956078029764
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfP6v9LuO4biKGCEnbkLAWB2CT5zxjAHo8CW9AWB2CuRToJI5rcn4:7e9SlNLiafyv9KO4TGCEnWtB26OHo8Cb
                                                                                                                                                                                                                                                  MD5:92F19DA62297C36C9E535BC5BF8B2F61
                                                                                                                                                                                                                                                  SHA1:4BACE2C47E227ED1FEA94EF2712745FCC7F17E2D
                                                                                                                                                                                                                                                  SHA-256:55CA92573C4E375DD2036798B34060BB822CB3B30396806A414539B5BF247474
                                                                                                                                                                                                                                                  SHA-512:7B8F12E39550B6ED65D50606D4CA8D8D52252D0527FE62538F1653339E3FCD36E16F096391D63A1A0A2FCCA1C210F16D0E79EDC0F66008D3BB0F8F12E20A69A1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versie",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Gereed",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//85B81632B31DF611B6DB04A1F9D62E994290E36CF52C98D4DBD8811EE052DF144CC11541848F2D1C2C3DB510126DF77205BF71332EE9E5CB31D881E9C857B245++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):709
                                                                                                                                                                                                                                                  Entropy (8bit):5.575958834672549
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kf6v66v9LuO4bipidGGnbkLwT5zxjmO9wuRTo/xumdtLwnVC7dTN3:7e9SlNLiaf6vtv9KO4oMGGnWIoO9ZRi/
                                                                                                                                                                                                                                                  MD5:0303083C987D0942CFF17CE9D0027E93
                                                                                                                                                                                                                                                  SHA1:FF1E0146514A442652002DD534A41046937B5914
                                                                                                                                                                                                                                                  SHA-256:56188A2ED3326B0860D9CF76D6961CB643FC1A2F93E2FFB4DA2ABC0FF8640116
                                                                                                                                                                                                                                                  SHA-512:ECC7AB3D3F27CB2383AA8C49F86F6C6BFA1027148997D4F92825D9B730641D214C95C0BE924B71575B1395A61267F34CBA6CF27D13E2F8D9EFDF753E6749C76C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Wersja",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Gotowe",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//2B110267F6341264500B29DC41AFD0C0D54141C5440DF4870008641509E32199642C5F03BF1696B79BA1C750119560BDEC726C2E3E852CCC3A6285FD7890EE61++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                                                                  Entropy (8bit):5.549994684984163
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmHbkLwT5zxjAHo8kf9wuRTo12WFze9jTXEPvOun:7e9SlNLiafBv9KO40HWIOHo8K9ZR2Mt6
                                                                                                                                                                                                                                                  MD5:801B89861183733EA35C952F78618985
                                                                                                                                                                                                                                                  SHA1:E32C18AC6CA2B460C09759604CFC012AA030C03C
                                                                                                                                                                                                                                                  SHA-256:95115CF18EE1E1A4896B08DBA7F24D012FB1B019215F86EC0FCE99141DEA9EFB
                                                                                                                                                                                                                                                  SHA-512:3E0654E78080E2B6C5FF461F9DC4F85AD29D19754DD46880E80A4208E134CE2D5B6E449F9AC65592DC2BBDC2B7E44234998F0F7700CFA1E0218851FD5EEF5531
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//38319A37158F74349C56AE780D2FE1EA74369BCF9BF2139B6E7E1F6356EE6BF27E0781B2EC874623B3ACBC61CBD4F20A336E5563F143AC8483FE50230576700A++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                                                                  Entropy (8bit):5.5619311609747175
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4biHfHbkLwT5zxjmkf9wuRToePiIUngpgph8kWhuGCs:7e9SlNLiafBv9KO4ofHWIoK9ZR1BUkvt
                                                                                                                                                                                                                                                  MD5:0826E1B34CD2718A14E67DB7471FEFF8
                                                                                                                                                                                                                                                  SHA1:466CF995CD7E7673DF269E4DA917833DECFDEAEF
                                                                                                                                                                                                                                                  SHA-256:E84BDF8D70A4D9032B2ECD3B2920DFA245E4420A1A05D2681A661D358D6804BB
                                                                                                                                                                                                                                                  SHA-512:041E3F2164BA3C67A4F306855B59AF7BC516AFCEADD315FFE8E28A573CF2FE2DFD1B8F62A2C509ED85D9D24D95D56EEEB7D22D10A5CA007BF13A24F069089031
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//62715013ADB65289BD1425F49A9D44B5CF85BB826081DA7BECE9C3AE4217243A475EC1084D7F31910504181A52A7F7B35DA37012AB7F3002AE77CF8DF6F40CC2++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):751
                                                                                                                                                                                                                                                  Entropy (8bit):5.755930371819692
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kf96v9LuO4bi4epiXbkLwT5zxjhKgE9wuRTowy3NvVknWaZpFkWc:7e9SlNLiafUv9KO4sWWISt9ZRmvVknP6
                                                                                                                                                                                                                                                  MD5:CB17FD8DACE0C83B800F99F280D52A63
                                                                                                                                                                                                                                                  SHA1:337B214690529E33BA2294A73E957F6D608788B0
                                                                                                                                                                                                                                                  SHA-256:04271C792B07D7C0AA35385B55D51D3CD95398588C2F45D934775E669BB183AA
                                                                                                                                                                                                                                                  SHA-512:6C47919977A192326E14B13C58CBF056901B12CC03B4C22B15D299E0D7538F49C21873E0A744E77924492468EA4F7F42FC42DBA610B24872DDEA397AE4539CD8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........... . ..................",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "......",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//88620717E9EE799EB8AA7F2E1760C2014F35B651171979FE060EC65AA5F267F05ADEDAC3569FF2A423984079CA92354D45A0F0554C8443802E3B39E48FEC628D++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):719
                                                                                                                                                                                                                                                  Entropy (8bit):5.6102161711105865
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfa6v9LuO4biIAbkLwT5zxjAHo8+9wuRToS+Y4nU:7e9SlNLiafNv9KO4uWIOHo8+9ZR8Y4nU
                                                                                                                                                                                                                                                  MD5:54082BF3A6B20F715D94808EF1951E71
                                                                                                                                                                                                                                                  SHA1:B338216AA1F573D6F3EE14D26A514C5B9741C3EF
                                                                                                                                                                                                                                                  SHA-256:C291BC36DF5BED83B96AC1A20B18B1B26A50035BF78B392A87A8205AC3EF169E
                                                                                                                                                                                                                                                  SHA-512:126630161BD3266CAF11661A20AF0662EAE3263CA0D489CDF1B03796F2C732BABD865A37AE7B143ABD8EFA6AE1CFDD928710F33008058D22E8C153EFD8AF39E6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzia",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Vyhl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//5624C53BCE8EA93E7C318B6470C5FD2BEA3CDF9448B5D8D70C5A88356E4684C1840F2A24BACB9BB5EC460482E3A6AD71B85856879DC16C66C82BC35A4E3EF13B++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):706
                                                                                                                                                                                                                                                  Entropy (8bit):5.554327092493012
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biagkcbkLwT5zxjHT9wuRToojRkm5e4eRgiX20qdSh:7e9SlNLiaflv9KO4cjWIVT9ZRnfeBg0X
                                                                                                                                                                                                                                                  MD5:0C9AFEA80408DB59A843AAFA6C0BC23C
                                                                                                                                                                                                                                                  SHA1:D9BECCE27AC0CC8ABD9DABB30EE7B23618CA7E7F
                                                                                                                                                                                                                                                  SHA-256:F3ED198C41D3CDA9E9C973CE8C69650A2D66F8A496822AAC76FBBD4B23B779F9
                                                                                                                                                                                                                                                  SHA-512:34C1977CEABEDA559AAD30E9162D3C4DEBCDD852EB3B79EF137739430479CDD0B6054D56973EECAA13B184596C42CB987DA26ED37D34DF34B7E7C8AF4F35D7CB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1A84BCFAB89E78FD65597DBB6DEDC6ECA87B05E1F9B47ABDC62D1AD910BA86893B1F3895942A45176464D7D9FEC7BACF6A8B07D4191E028305DAD41F83806930++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):690
                                                                                                                                                                                                                                                  Entropy (8bit):5.513710902007872
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieGbkLwT5zxjmf9wuRTofn0mzpNlBFjhoepkhn:7e9SlNLiafLYFv9KO4JGWIof9ZRcn0c+
                                                                                                                                                                                                                                                  MD5:F70671A24786782017CD814AC6AC72C1
                                                                                                                                                                                                                                                  SHA1:26F9AC77B1764AD13371B720A92F3A15158BEE40
                                                                                                                                                                                                                                                  SHA-256:CD852B915D12B12640D3E5197CEB2D464A1B495CB78A3B6680C3F09EAD0ED91E
                                                                                                                                                                                                                                                  SHA-512:AB57130DC2E669B486BE710A98AC90F37D0C27970EF2CE12D6F1ED2A544103AAD0FD166373A8D76F2E62B8A506233A4FCB5DBFBCCFFE3B4B85D7259E470C4E9F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Klart",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//F9E40AAC3AB58D47F27C4E63326E01B8315CDD4E1995A9F361D05DD7B20E79F8EBE2F210A12CF91EBE35A4C492EF923C7A37BEBD67F790E5AA02D49BB75EF0EA++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):696
                                                                                                                                                                                                                                                  Entropy (8bit):5.545555209314935
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfT6v9LuO4bij2VbkLwT5zxjAWoN9wuRToq8TMJ81S1oQtZvrgn:7e9SlNLiafGv9KO48QWIuv9ZR3qr
                                                                                                                                                                                                                                                  MD5:6968161BAA9545B01DDA30AF5FB7A36F
                                                                                                                                                                                                                                                  SHA1:7E78CE16FE43653B060C217ED37A1CD65C38CD04
                                                                                                                                                                                                                                                  SHA-256:148E55B8F85C7837B17520E2100AA5C2A8F956FBEACB18E84876F7C12A98C654
                                                                                                                                                                                                                                                  SHA-512:2B47FD43A6BE7701B6EB24174EEB78251E194EE8764B04F0CF53CB33C063EE08DE6D535C1CD2033FCEBF36309E3797C76139014D4A2EE5773EF076DB6DFF77BD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "S.r.m",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Tamam",.. DONE: "Bitti",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//8776C33924D3DE44C8ADF4713EB85340482CAC0087E39DAE7CD3D05592F58E39FD4C4D7E36F383819137D5CFB5EEA1E8CE9717243D9763F93875A3834861584A++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):719
                                                                                                                                                                                                                                                  Entropy (8bit):5.935688545805366
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSuKxi7s6kfF6v9bgbi5ywbkLwT5zxjtDYv9wuRTopfLfT7XbP7:7e9uui7s/fsv9bg4ywWIv49ZRufLXbz
                                                                                                                                                                                                                                                  MD5:80C3F7CF329979756A2483C61FDC94E0
                                                                                                                                                                                                                                                  SHA1:4D789234D75ACF3E6876C742D7E4B2DB660E15A4
                                                                                                                                                                                                                                                  SHA-256:77888F083FA21B5CFD2EB5CBE5C6407A7421BB04D76F127F49DD5BD426D1C572
                                                                                                                                                                                                                                                  SHA-512:4C2C012A7D27C2C0DE54B1650D24AB7C909A871CEFF1410D1E2EB3BC9F8783F8928F812813D970AEA92D7989CF669771B7FFA18431A3132510D4CC459204D81A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: ".......",.. PRODUCT_NAME_LIVE: "..........",.. PRODUCT_NAME_TRADEMARKED: ".... ....",.. VERSION: "..",.. WEBADVISOR: "....",.. COMPANY_NAME: "...",.. PRIVACY_NOTICE: "......",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//F6E98D5300FA7FAC3CDBD26ECC83D725DB0761530427BCE04CAF85A01F83E6368A59F8EE59AAF5009800F25844EFB5700CEED010C18D0F0F99E2C31715A94B21++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\jslang\wa-res-shared-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):694
                                                                                                                                                                                                                                                  Entropy (8bit):5.6689804706681635
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfF6v9LuO4biP3emebkLwT5zxjgDYv9wuRToar0jJ5H91/f:7e9SlNLiafsv9KO4d1WIG49ZRhr0jP/f
                                                                                                                                                                                                                                                  MD5:5BC62AD32578785B4E38CC765AD01B86
                                                                                                                                                                                                                                                  SHA1:388C382BEDA295EDAA6ED522EFABF3F4F917976C
                                                                                                                                                                                                                                                  SHA-256:888CB78E02C9F494C4C43B93D35379125379F52DD5EFCB9EF93B985142A2A710
                                                                                                                                                                                                                                                  SHA-512:4DD4107512C06F65816C0926FA7E35BE8DEF88923C5EC14F3FEF175D579163BF1B8DFD73B3921E684F038B82B6D45D1BF43705F0BAAC266F3FF0EFAF33CAE0C5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "..",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//3BFEE6F1AAA6203888EACD212AA6EA71B5BEE9F5E25B2EBFBF7067F80AE1F91149DA1C89745A5D6C58244D823622DBDAD484EB12F3CCDC2A6A8C7775DA7229D1++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\l10n.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 259320 bytes, 513 files, at 0x44 +A "\l10n.manifest" +A "\jslang\new-tab-res-toast-cs-CZ.js", flags 0x4, number 1, extra bytes 20 in head, 39 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):270016
                                                                                                                                                                                                                                                  Entropy (8bit):7.936612208642757
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:54vC5RltAOux9/RAVX/xTAOSOTZ42dNIoaPTCepCSVhoGIsMfhRMj8vAlx2FL/ih:2vMRl/9xMOPbsVbCepzwfEf2xiLLZ
                                                                                                                                                                                                                                                  MD5:4C8E546D932FC567FA9A68C82F938E6E
                                                                                                                                                                                                                                                  SHA1:498A252C3B26A6F3FF91CABA13FFEBB31AEB0298
                                                                                                                                                                                                                                                  SHA-256:BC88EE7B453E250F66B4FBD42BFB76176AE98A30583742302D26477E3D422206
                                                                                                                                                                                                                                                  SHA-512:B94D33BD7E2D1601C2A707014454B15BE8105C95460F9C78BEE766A0415FA30B8FE63D2B179F906B5E5C9B0BD50E70E04EEDBFCDFD1D1CA35DD1A8207C9E6860
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF............D................................)...........i..'..............YOq .\l10n.manifest.#..........Y.p .\jslang\new-tab-res-toast-cs-CZ.js.#..........Y.p .\jslang\new-tab-res-toast-da-DK.js.#..........Y.p .\jslang\new-tab-res-toast-de-DE.js.#..........Y.p .\jslang\new-tab-res-toast-el-GR.js.#...!......Y.p .\jslang\new-tab-res-toast-en-US.js.#...D......Y.p .\jslang\new-tab-res-toast-es-ES.js.#...g......Y.p .\jslang\new-tab-res-toast-es-MX.js.#..........Y.p .\jslang\new-tab-res-toast-fi-FI.js.#..........Y.p .\jslang\new-tab-res-toast-fr-CA.js.#..........Y.p .\jslang\new-tab-res-toast-fr-FR.js.#....".....Y.p .\jslang\new-tab-res-toast-hr-HR.js.#....&.....Y.p .\jslang\new-tab-res-toast-hu-HU.js.#...9).....Y.p .\jslang\new-tab-res-toast-it-IT.js.#...\,.....Y.p .\jslang\new-tab-res-toast-ja-JP.js.#..../.....Y.p .\jslang\new-tab-res-toast-ko-KR.js.#....2.....Y.p .\jslang\new-tab-res-toast-nb-NO.js.#....5.....Y.p .\jslang\new-tab-res-toast-nl-NL.js.#....8.....Y.p .\jslang\new-tab-re

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\logicmodule.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 1590193 bytes, 2 files, at 0x44 +A "\logicmodule.dll" +A "\logicmodule.manifest", flags 0x4, number 1, extra bytes 20 in head, 139 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1600889
                                                                                                                                                                                                                                                  Entropy (8bit):7.99971035478572
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:KWXPgoXVPxkdAh2E2dwWj9Y+GA0cGtaPNxDqKchRBvLObiVPdsQI+Wn2ud:dIyPxk62dKA0cqQNfchvLvlsQI+E
                                                                                                                                                                                                                                                  MD5:5CABC7883BB21C8BFF60D53E0EA36BCC
                                                                                                                                                                                                                                                  SHA1:F70D4B8CBE253A7B9EC24F3763EC6FA3878EBD6F
                                                                                                                                                                                                                                                  SHA-256:FDACD53DDA248588C1C33BD9292727BB489C3607155CE27362CB814C13496E9B
                                                                                                                                                                                                                                                  SHA-512:009AEACAF6C57E533CCCF37BA62F8188BF183EFD6B57676A4731A001F1AA8AB657C731F0BB339D5A50EAD8D2194EF4048CD64A573BE03E230DA55BEA5098AA6F
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF.....C......D............................C...)...................LE........YLq .\logicmodule.dll......LE....YVq .\logicmodule.manifest....3(+..[...9 .....@T.5........K...u.Z.U1......4,.v..".X.C......N..h.n...6Z!.a......Y,.".D.4CeX...W.w.w...........V..R......7..rXv7...*../8vs.yc...$........qz;...*/.1Pw2.$.....u$Fo......"^.x.... ...*.H....@h...h.j......g.g.|.N..K..M .h..D}.5.+.b".p.?W..wZ....z..l...b{.,...Y.r[..0..T.{.G{.....W....W......w.._..t.j.+W.~..{j....~j..ZY.......Myzs...........o.B|..*.....x....&O.?q3..Gu....,s.H1^.[..........h..t{.$..J....X...........m....&...U.z..u6.......^.J....l.K.....j.:C.[...~.J...F.......C./.gYS.s..;.>..=k....z.l_...<{.c3w..........9.....S..;.K....c.:._..O.,.4G.W/..............V..?./....n..z....\.....7..e..&uw.N.......}.....S|...s..Z.......>.f.Hz.....g..i.Q.[5.2.-.ek...m}.'.....\On..n|}...}...........1....~......1..T[..38*...X..v.*..>;.r...5+^.|`.n......./...-..).6..*.j.K..=..pH....4. ......j..o..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\logicscripts.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 43684 bytes, 25 files, at 0x44 +A "\logicscripts.manifest" +A "\logic\aj_logic.luc", flags 0x4, number 1, extra bytes 20 in head, 6 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):54380
                                                                                                                                                                                                                                                  Entropy (8bit):7.967541093183867
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:+69/cpr6gUcdL2uYcTaCRy6JT52f7gVPC2hSDXeNXJmZWP6jKoOh2Psc2EPZ:+sgUcdLuCIKTk0ML7eIlK7c1Z
                                                                                                                                                                                                                                                  MD5:947535D9D40C5D9449ECD7D013DCAF9D
                                                                                                                                                                                                                                                  SHA1:B3334CE8B2A03A390E4A8ACE1050909D2AB720D2
                                                                                                                                                                                                                                                  SHA-256:F7B7CAE20366EBECEA2C85FDBC4414D68825351EA1863F60884CC0FB37301E87
                                                                                                                                                                                                                                                  SHA-512:CEE30131D4A15ECF63B305480FD989E0B07D3BB82D25AB42D5AB408574DEE1237247A506D813432C4DABBF27629A8EDBB6433B68CE841A657AD6ECC21B77494B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF............D................................).............................YWq .\logicscripts.manifest.M..........YWq .\logic\aj_logic.luc.....9......YWq .\logic\base_provider.luc.....E......YWq .\logic\edge_onboarding.luc.v..........YWq .\logic\ff_monitor.luc.@...w;.....YWq .\logic\logic_loader.luc......F.....YWq .\logic\miscutils.luc.W&..~[.....YWq .\logic\oem_business_logic.luc.}.........YWq .\logic\providers_selector.luc.....R......YWq .\logic\ss_logic.luc.....Y......YWq .\logic\tests_logic.luc.f...P......YWq .\logic\type_tag_utils.luc...... .....YWq .\logic\usage_calculation.luc......(.....YWq .\logic\oem_utils\affid_monitor.luc.0..../.....YWq .\logic\oem_utils\oem_util.luc......1.....YWq .\logic\oem_utils\oem_utils_wps.luc.Q...KG.....YWq .\logic\oem_utils\oem_utils_wss.luc......P.....YWq .\logic\oem_utils\oem_util_selector.luc.>...<S.....YWq .\logic\providers\bing.luc..F..zi.....YWq .\logic\providers\yahoo.luc.t...[......YWq .\logic\smart_toasting\smart_toast_config_manager.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\main_close_large.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 13 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):440
                                                                                                                                                                                                                                                  Entropy (8bit):7.185064395828422
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7Jmynud+EVDvBXmY5j9yEhcZxAalEbKWwz:vyGbVDvxJ5alnWwz
                                                                                                                                                                                                                                                  MD5:3F33BF7A71F1A94B30AD98121F2DC31F
                                                                                                                                                                                                                                                  SHA1:533B933BACBAE375164518AF202EB90086BEFC44
                                                                                                                                                                                                                                                  SHA-256:4D3581315F5AB93538BEE793BA9727FC9E8444E9B09773566C4BDF0C44618828
                                                                                                                                                                                                                                                  SHA-512:4E768ABACB878A5F9BE79B91E9BC77778F62AA4ACAEC4A246AB3359E86FF685250A1BA9E7765CE5174A42E5936CFAC27CB381B505F92F30EBF4B43806848899C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................sBIT....|.d.....pHYs...........~.....tEXtCreation Time.10/1/14........tEXtSoftware.Adobe Fireworks CS6......IDAT(...1K.a..........+ht...".96..\....M..f..9........ n....~.KK..o..~..g{8.:...I..D%...^..6V......w<K.......z.?..dk2..p.G.U.&...?..U.].m.O....L2.o.`<,.....k....|....L...Q._.<.....?(...[...lW...O.6....Z....r.q....Nr..p2.d._.w...1....F.....@..x....x.X..T./.H..w./.yrd.......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\mcafee_pc_install_icon.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 67 x 57, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2052
                                                                                                                                                                                                                                                  Entropy (8bit):7.890065571351557
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CHjblGYXQQEZZyIOrNK6rC4lWVkOjKpgOojQ9dCe2LfmC:PYgNZKJKSC4YF+WjyOZ
                                                                                                                                                                                                                                                  MD5:18344204EC04F1E95E086D3BC94FA0FD
                                                                                                                                                                                                                                                  SHA1:87CA3ED8948774091B451F7CB2F95139E56D351B
                                                                                                                                                                                                                                                  SHA-256:30ADF46FD9311E5C6DFEA8A2AB2176EBAF83E7019EE341896FC3AAA5F498D2BA
                                                                                                                                                                                                                                                  SHA-512:13757DC62505D01E44523823F38001D28A2FB9CBA5ACBF9CB7D9BDD8D0F19583D814E5A47B2DB255E18CCC05C34D43A02C387B60D05D1E802F9AF527D3633C5E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...C...9.....ms......gAMA......a.....IDATh...l.........|u...4q....T$....IHK.u.h...lS..{.....i.6..h....@PX[.&...AH.&.($E.(.R..).......M..:..}.g.M.8.c3.'........{....}.``....q.. 0..b.=B..?.:t......1..P_f5.......).7\..e..Y.gA.......XPL...Hss. .ks..... ..aPx;|VO..{{{).`"...VAb....u.|..>_..#......2>V......9.g ....<Bss.T....LFI[[..+%.Y.....N...~X.!......h.q.J.l...A.s...p8,.|.K2..'.{.j..c.<.|m..<.....'.K....zF...nu..<...\.a#U.Q.a#`..ZF%`...6..=j{ta...ax.....\.<.H....<>.'...x......./n..g..'G.z.E.|.....(H~)2...U..O.?w...u.X{..j.v.D.M...z.9.|.a.......\v..f..0....0..1Xs..p&5.C.?....XY.~...K...p.._.+.*...KEF......5V.f....l.u...N..../o....t....b.......z.).....v............f......L.:.n+..s>.r0l.i..&.u...1.J)..sk0l.j0j0l.l....C.......*3Q#..7.......f.[..&).r.z..0..^Xs...z.-`....3..........{N.e...g...O..~[A.F...."....E.d|..?.8S.........}.|;.......>u..B.....Y Z.w.....W..:...Z+.r....+...7..._..b..........~.a..w..o........0.J...[.d...W..>...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\mcafee_pc_install_icon2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7205
                                                                                                                                                                                                                                                  Entropy (8bit):7.9471260512499375
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:KS4Do1RyFyKSZ4pTSumpAO/Ap6CQU9Uw/JLO/xvifnL:F4E1RCFpWumX/Ap2UeMq/xGL
                                                                                                                                                                                                                                                  MD5:F2E3045621ADE164E9DA40F294BEB00C
                                                                                                                                                                                                                                                  SHA1:36E9D967C679FC898BED1FF6751A73BB863EAF79
                                                                                                                                                                                                                                                  SHA-256:D820CF499FC4A9453771A23209A6C63DDD2CE3439E8B651A98DDF0C36ED2BDA5
                                                                                                                                                                                                                                                  SHA-512:7E515A44BD63B33881EE86E0A911897138F2BA0A6E81925612EAF19E3EDAC5A9FDCEDE30E3AFF3E906A4BBA8AA4570E06308D75783057015C882C7E62A880928
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...`...`......w8....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs.................tIME......'..l.....IDATx..y.\U..?......./.@@....E&..P..GF.Q.F.....#..T..........D4.AC....b. +![w..NuU/.....q.z!.ToI@..SIW.s..}.y..s.U..?g.D?`..._T.(..}.n.I.w"+_..r0}y,.....`&....P......8.,....n.I..c@.4._....]@.J..UL.....A...[K........[.-...A.....g.'.N........#.l`.p'.d..o.@@T.P..tQ.A..........t..q`5.=...B.(Q.).."..`1j..&..n....}..e..].....-...x]..p%d.(,............g....o.C......p.j ..W~tW.3.]mq ...H.Q.P..-...Q2...v..O(..`...8....?.4...A..}#K...m......|-.....w.2.m..lwL....Ys..y.;..\.Q ..p..e....B'p..........^@m.c\..[..Z!v....*a5...T#R..B8YH|.....iw...8......,f.v......i`..:T.!F.\....t"5....0..._..K ...M.`.8d.5.9.x.c.v.A...Ug...Va.d.?..M]B.U..E.E.....: . .B5.B.1."......>...w7.-....@.P.;.d.LUp.D.0..R..TE......k..K[.>o...?.~....i..}bu...6......Pj.g.U..~'..+.|.F'......y..t.p..0.6 ........E.).n`...3\-D.......^~6..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\mcafeecerts.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with very long lines (2293), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):126293
                                                                                                                                                                                                                                                  Entropy (8bit):5.969613768259596
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:sY+8or+sWZ21Wzwtp31uRla7GTvfwjBobALAnr+sqDK7G3lq0lAE:dcPsjO31ui7GLjA8rPqDK7Gb
                                                                                                                                                                                                                                                  MD5:D0CD30BD9B02F33B222FF8A846821D4B
                                                                                                                                                                                                                                                  SHA1:DA85556707CB3FD59E08DF69017DF6BB82E52F62
                                                                                                                                                                                                                                                  SHA-256:1CC3969AEF3DC3DC2330DB0386C6C27C09A58D078689D8D97D900A2B9ABE31A0
                                                                                                                                                                                                                                                  SHA-512:6C1F9DE0897F02648638B26F20728C5F2E9822F8CAD232ED42ACC18F33AAE7E102C7A00E5D42B80C10E423DB937DC6AB783255342B12B0DB07B378508886C2ED
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" ?>..<Package Version="1">.. <Certificates>.. <Certificate Name="McAfee Trust:0">.. <Privilege>PRIVILEGE_IOCTL</Privilege>.. <Issuer>Microsoft Root Certificate Authority</Issuer>.. <Subject>Microsoft Code Signing PCA</Subject>.. <ValidFrom>20060125</ValidFrom>.. <ValidTo>20170125</ValidTo>.. <SerialNumber>6115082700000000000C</SerialNumber>.. <PublicKeyMD5>4A171B7E5701870357585DD1BAAD752C</PublicKeyMD5>.. <SHA1Thumbprint>FDD1314ED3268A95E198603BA8316FA63CBCD82D</SHA1Thumbprint>.. <Data>MIIGgTCCBGmgAwIBAgIKYRUIJwAAAAAADDANBgkqhkiG9w0BAQUFADBfMRMwEQYKCZImiZPyLGQBGRYDY29tMRkwFwYKCZImiZPyLGQBGRYJbWljcm9zb2Z0MS0wKwYDVQQDEyRNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYwMTI1MjMyMjMyWhcNMTcwMTI1MjMzMjMyWjB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQDExpNaWNyb3Nv

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\mfw-mwb.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 10171 bytes, 6 files, at 0x44 +A "\mfw-mwb.manifest" +A "\packages\mwb\mwbhandler.luc", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20867
                                                                                                                                                                                                                                                  Entropy (8bit):7.877341631586747
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:CwziFKbAJ7q4Zolsgy3SpfLbZMeV7E96ki29d1ikEpTSJIVE8E9VF0NyOOj:CVlJOnqtCpfRMu442PsnK2ET
                                                                                                                                                                                                                                                  MD5:1BF5917726859D01723B7C7D0C8E3401
                                                                                                                                                                                                                                                  SHA1:983057A862D666936D66C869ACFBD36BD834381F
                                                                                                                                                                                                                                                  SHA-256:FA356D5E1E483A5529B38A7AF7BA9D4E334A04154C2E4FA9DA77B1173CD238E5
                                                                                                                                                                                                                                                  SHA-512:E8D9F74BC23F2625BBCBEDCBFFF2E2C613EDD83670E8C59069F3C790DA1004EB24AEA9148ACBE3BFDDD881466CAF587634219287D2C8F4A60C6BBB41BD30D44D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF.....'......D............................'...)..........m.......W..........YSq .\mfw-mwb.manifest.....W......YSq .\packages\mwb\mwbhandler.luc.3..........Y"k .\packages\mwb\stop-video-alert-icon.png..&.." .....YSq .\packages\mwb\wa-controller-mwb-checklist.js.^...%F.....YSq .\packages\mwb\wa-mwb-checklist.html......O.....Y"k .\packages\mwb\wb-rocket-icon.png...d"F&6Q[.....`...A..#..O...T.C.2...z..(QW....Z.j..$..C.;........_..|G..|..D...f........'.........K..5@....ZO...E....$.w}m9..}............5....^..Ma#..F;..[VcK=. ....... ..4#.Ef....n.n%......v....@.h@./..!....qr..8..A..,?.J@"..&n..........Q..._a5.x..`ri..8.&..P%..0...D...4tj`&z.I...#.[...D.0pG|S.3..w..".A...x....$m.A.......W.J.0B......R....&..UU.a@.? ..4....\J..{^.....'..9.eu.]2.k^..1.u.j.-....39.Ky....X.G..l.W..J[~.~..v5d...r.L.7T....y...-&....(...<....{.Y....d..&l.`...b...)p....}.....h.....=m....s.0#!...*w....sp.../..V..d.../.O...e.W....c>G.......f?=p...T~..{.y.Ec+......*... j.d......ET,.2.........9.PP$...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\mfw-nps.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 12420 bytes, 6 files, at 0x44 +A "\mfw-nps.manifest" +A "\packages\nps\clipboard.png", flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):23116
                                                                                                                                                                                                                                                  Entropy (8bit):7.897449731737562
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:9VwGeUVwizXYr9+6UXn9BXBg5Tu5zTOXI6ki29d1ikA1I2SJIVE8E9VF0NyaA4LC:9IUVwiziO5i5TaS72PsP02Ef4W
                                                                                                                                                                                                                                                  MD5:E7D9075EE9B4A0DDD5E37997FED5BA32
                                                                                                                                                                                                                                                  SHA1:3AA715350F76B7751625121D80C5DF61625435EA
                                                                                                                                                                                                                                                  SHA-256:64AF2D604765B508C310E44477543954F797CD876813D1AEDFC1308980D651AD
                                                                                                                                                                                                                                                  SHA-512:586FD1EC9509206F970440B94C3EC6D7AC1A11937B6A1749D0475812473EED79ED283D3BD977073274BD02D30703A002CFE0D12D69D293F61F6EF24C82829E21
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF.....0......D............................0...)..........Z.......P..........YSq .\mfw-nps.manifest.k...P......Y"k .\packages\nps\clipboard.png.-..........Y"k .\packages\nps\info-16.png............YSq .\packages\nps\npshandler.luc..e..{/.....YSq .\packages\nps\wa-controller-nps-checklist.js............YSq .\packages\nps\wa-nps-checklist.html.....P*..[...............3.7.K... ^!.a...7...J. ^.....H.%..... !.........+.x/$....^%x.....J...My.s.[.F...'..{.p..A..................T...%.u......m.fomdl2sn..X[.....<.P....)...&.*.729......j...}..q...86.&.../B@...S.....zU...x.....jd.h.....C[;#.C/.l..g?.c.}1b!US3X.:av.?......<..>T..T..o..FA...'.7............w..|.!. .a..7-s..5...i....q....>.l..|..m.....4.;.r#Z>..#.../w.;.........7............nhW.j.}.k/.Oq...B;....4....~..9F7._~.*.Y..\.....8.._.l@.......;..?..g...E.~..3....;#...}.?.i2.m..2......._...B.....~x.]........>.N.N..7.(.7.;.......|..M.mh.h...K....../.~."...;.@;CM>L.@.|....). .@..=........... "...&?@..5.......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\mfw-webadvisor.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 778438 bytes, 176 files, at 0x44 +A "\mfw-webadvisor.manifest" +A "\packages\auxiliary\reset_handler.luc", flags 0x4, number 1, extra bytes 20 in head, 91 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):789134
                                                                                                                                                                                                                                                  Entropy (8bit):7.99497056267783
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:12288:qDvsTrmwn5S+tfRl6ZCFpbWIEQXUdMUcTZfmI4l+YonCgFRGyAytbg/QYcBeJbp+:q2pnBtfRk4FpbHGdMUo+6tFgbSb7BeJU
                                                                                                                                                                                                                                                  MD5:DDA2017CC752902D620249ED1A22B205
                                                                                                                                                                                                                                                  SHA1:327E24CF04B28C5EAF3DB9F2E05EB2AB9FBB8DD3
                                                                                                                                                                                                                                                  SHA-256:C0B41A04E5FA665C31FB12BE474DDAD97EE2F470C3CC5633C517ADAB50BF3CAE
                                                                                                                                                                                                                                                  SHA-512:CDC2226D7A12D536AFF17CEE663B11625A2C21997BC22E5270F1D996C284D6D94D7F7A2766672DBD7C60EB494ACC487EEFA5868CEE8B3E51782FC2BC89FAB865
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF............D................................)...........+..[..............YQq .\mfw-webadvisor.manifest."..........YRq .\packages\auxiliary\reset_handler.luc............Y"k .\packages\builtin\balloon-arrow-right.png............Y"k .\packages\builtin\balloon-arrow.png..5.........Y"k .\packages\builtin\card_bg_image.png.8....L.....Y"k .\packages\builtin\close_icon.png.T....N.....Y"k .\packages\builtin\dialog-balloon-logo.png.....aT.....Y"k .\packages\builtin\edge_close.png..I..ZU.....Y"k .\packages\builtin\enable_ext_guide_ss.png..R..E......Y"k .\packages\builtin\enable_ext_guide_wa.png.d4..!......Y"k .\packages\builtin\enable_sideloaded_ext_guide.png..8...&.....Y"k .\packages\builtin\keep_changes_guide.png.W...J_.....Y"k .\packages\builtin\logomark_white.png......`.....Y"k .\packages\builtin\mc-logo-tm-bottom.png......f.....Y"k .\packages\builtin\mcafee-logo-1.png......l.....Y"k .\packages\builtin\mcafee-logo-2024.png.EP..Xr.....Y"k .\packages\builtin\open_sideloaded_ext_alert_guid

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\mfw.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 299121 bytes, 53 files, at 0x44 +A "\mfw.manifest" +A "\core\class.luc", flags 0x4, number 1, extra bytes 20 in head, 33 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):309817
                                                                                                                                                                                                                                                  Entropy (8bit):7.9964591281715425
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:6144:4PsfJaOdO7MsIVUqqDNRv2I13E7ZySrD1bHcEBa6Xc3OuV/b8W/46+T:vxE70VUXpRvB1UNySN8EBa6XMOuVj8WA
                                                                                                                                                                                                                                                  MD5:E47EFBAA8572C26C8040AAE2738B246F
                                                                                                                                                                                                                                                  SHA1:4DDB1AF4A2019BB459C0E71CBF493A4263FE08CA
                                                                                                                                                                                                                                                  SHA-256:7FB7B0BE4FCC462DCC5FDE645B870694DE354CDA990EA4BD66B9EE8506701FA5
                                                                                                                                                                                                                                                  SHA-512:171A9DBFC69ED456ABF20074696CE684B3BAB40447F90E549729AF010A6AEF0A211232F2C68BCD08D8585D3F223B254514F72E71F16EBFC245056649EA8FE2EA
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF....q.......D...........5...............q....)..............!..............YQq .\mfw.manifest............YQq .\core\class.luc..'..H......YQq .\core\dkjson.luc.....B2.....YQq .\core\handlers.luc.....M;.....YQq .\core\init.luc.2...ND.....YQq .\core\json.luc......F.....YQq .\core\logger.luc.....;I.....YQq .\core\postinit.luc......M.....YQq .\core\priorityqueue.luc......R.....YQq .\core\triggeracceptor.luc......S.....YQq .\core\uiarbitratorhelper.luc......b.....YQq .\core\uihandler.luc.u...ng.....YQq .\core\uithreadexithandler.luc.Kw...k.....YQq .\core\win32helper.luc............YQq .\core\utils\browserutils.luc.r..........YQq .\core\utils\common_utils.luc.c...S......YQq .\core\utils\packageutils.luc............YQq .\core\utils\settingsdb.luc.}..........YQq .\core\utils\stringutils.luc.^...,......Y"k .\packages\builtin\green_check.png..>.........Y"k .\packages\builtin\icn_mshield.png.....mZ.....Y"k .\packages\builtin\installer_background.png..l..At.....YQq .\packages\builtin\jquery-1.9

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\poppins-light.ttf

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:TrueType Font data, 13 tables, 1st "GDEF", 19 names, Microsoft, language 0x409
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):159892
                                                                                                                                                                                                                                                  Entropy (8bit):6.727831490585094
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:Kbo6bpQgbkPJrVtnmOIwXhRsJZzTzhUUfm3ustnayEsrCjScsd6XClVMfY:ipV8rtnxZRiJ9WKm31taHsMXsqw
                                                                                                                                                                                                                                                  MD5:FCC40AE9A542D001971E53EAED948410
                                                                                                                                                                                                                                                  SHA1:E247A92158E112F8BF7B638C8D95381D66B00DBB
                                                                                                                                                                                                                                                  SHA-256:647F014D36822EF7E0413FFBB65598AE0CB57FB798E635C63912C93D94EB356A
                                                                                                                                                                                                                                                  SHA-512:01E6B5B1B4F86BB52F363D49F5A57250B1C9905D7B2FAA45DEF87EA7C2784B0288AA48D4E006B04E993B761D235632264A3DAA6C64D60D425DC5100140E74605
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:...........PGDEF.......X...@GPOS...[..#<....GSUB?....Y...&rOS/2.v........`cmap5.;.........glyf...........head..$Y... ...6hhea...L.......$hmtxG..K........loca.'.....l...Hmaxp...1....... name...+........post:.h...6..."......#.....y.............d...............d.........................!...........;_.<..................6............................................"."...y.z...}.}.........\._...g.l...s.s.....L.,.......X...K...X...^.2.G............................ITFO...........d.o.s ........"..... ......................................... .~.....#.1.7.H.[.e.~.........Y.....................(.0.3.9.E.I.M.P.^.e.o.p.r........ . . . . " & 0 : D . . . .!.!"!&!."."."."."."."."+"H"`"e%.%............ .!.......(.6.9.L.^.h.........Y.......................*.1.5.<.G.K.P.X.`.f.p.r........ . . . . & 0 9 D . . . .!.!"!&!."."."."."."."."+"H"`"d%.%............s.R.P.N.J.F.E.B.@.>...,.....l...................................9...........Q........................A...2............................8....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\poppins-regular.ttf

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:TrueType Font data, 13 tables, 1st "GDEF", 17 names, Microsoft, language 0x409
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):158240
                                                                                                                                                                                                                                                  Entropy (8bit):6.749916892166723
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:iBLCaPkPJr9Q0T+GNqUESJ/8w/lF703hmTWH6lrGcRAbf9EpthYp0wf0IDh1jlG4:6LCY8zQjGfJ/AaHjxlzOk7gb3Va4J
                                                                                                                                                                                                                                                  MD5:093EE89BE9EDE30383F39A899C485A82
                                                                                                                                                                                                                                                  SHA1:FDD3002E7D814EE47C1C1B8487C72C6BBB3A2D00
                                                                                                                                                                                                                                                  SHA-256:707FDC5C8BAB57A90061C6A8ED7B70D5FFB82FC810E994E79F90BACE890C255A
                                                                                                                                                                                                                                                  SHA-512:4BE480DF0B639750483EB09229B4EDCFDCD16141EB95D92A3F28A13BF737146D7CC5DB6AD03A5CDE258F71B589E5310B6D9BC1563AC7B1D40408EEA236D96F4B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:...........PGDEF.......X...@GPOS.G!...#(....GSUB.'....Y...&tOS/2..w........`cmap5.;.........glyfQ..........head..$a... ...6hhea.u. .......$hmtxf..1........loca.#.....T...Hmaxp...,....... name............post:.h...7..."......#.....v.............d...............d.....n..................."...........S_.<..................6........)..................................."."...y.z...}.}.........\._...g.l...s.s.....S.........X...K...X...^.2.H............................ITFO...........d.o.s ........$..... ......................................... .~.....#.1.7.H.[.e.~.........Y.....................(.0.3.9.E.I.M.P.^.e.o.p.r........ . . . . " & 0 : D . . . .!.!"!&!."."."."."."."."+"H"`"e%.%............ .!.......(.6.9.L.^.h.........Y.......................*.1.5.<.G.K.P.X.`.f.p.r........ . . . . & 0 9 D . . . .!.!"!&!."."."."."."."."+"H"`"d%.%............s.R.P.N.J.F.E.B.@.>...,.....l...................................9...........Q........................A...2............................8....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\poppins-semibold.ttf

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:TrueType Font data, 13 tables, 1st "GDEF", 19 names, Microsoft, language 0x409
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):155232
                                                                                                                                                                                                                                                  Entropy (8bit):6.739857306155488
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:0FyHGX8bZ0eysTnqHvobJixBp0TKf3H5z8MkKURj7i8w+fW+uQ:0kHGsysUnQ3tX
                                                                                                                                                                                                                                                  MD5:6F1520D107205975713BA09DF778F93F
                                                                                                                                                                                                                                                  SHA1:8A4ACE9392D06BCB7F8EA2F5169B07E4C383A90D
                                                                                                                                                                                                                                                  SHA-256:248C0244B350EC68880996AA6BE6D7796274B49992D5FCBBEFE251906AA4EA36
                                                                                                                                                                                                                                                  SHA-512:5E40D2EBE39605ED0C2D8BE022DD716E51B018E1BB0AE0101164E1E02BCF6B7CCA5EC0DA2EBCB533D959AE766AF8863B27D62EFBBA1755E9E8D45E7BCE51FA36
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:...........PGDEF.......X...@GPOS-.....#X....GSUB=....Y...&vOS/2.z........`cmap5.;.........glyf.q>S...@....head..$n... ...6hhea.0.........$hmtx.B.$........loca.qX........Hmaxp...%....... name.. .........post:.h...70.."......#.....t.............d...............d.....8..................."........n.?/_.<..................6........C..................................."."...y.z...}.}.........\._...g.l...s.s.....b.X.......X...K...X...^.2.L............................ITFO...........d.o.s ........*..... ......................................... .~.....#.1.7.H.[.e.~.........Y.....................(.0.3.9.E.I.M.P.^.e.o.p.r........ . . . . " & 0 : D . . . .!.!"!&!."."."."."."."."+"H"`"e%.%............ .!.......(.6.9.L.^.h.........Y.......................*.1.5.<.G.K.P.X.`.f.p.r........ . . . . & 0 9 D . . . .!.!"!&!."."."."."."."."+"H"`"d%.%............s.R.P.N.J.F.E.B.@.>...,.....l...................................9...........Q........................A...2............................8....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\progress_check.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 98 x 97, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9635
                                                                                                                                                                                                                                                  Entropy (8bit):7.971630978673207
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:eSkVYfbW3C2GLUk/EK0pL0Q+Izxgzakz5qYtUFrJopOiHicNsnXFNQO1:BkCTW3IwQEhpP+qyoYtXpOiCSeTQO1
                                                                                                                                                                                                                                                  MD5:B7B4680D9A3CD75069209C711DD78AE5
                                                                                                                                                                                                                                                  SHA1:8630ADF49BE5197C8BE7DE3064853B974EBCC40F
                                                                                                                                                                                                                                                  SHA-256:B5A5812DA8C7E672AF1430BAE440E86D3563068934E4BBA8CBB0EAD0F963F714
                                                                                                                                                                                                                                                  SHA-512:675FB67447459746699BFB35E39D6C5A48E059B1926E2DD25009B61F804E2F1404756AE73CCE5F6FC825E77FD004735F43E66A8258E85A40F980C2325A0B3DE7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...b...a.....-1t.....pHYs.................sRGB.........gAMA......a...%8IDATx..}....`dV........-.[-..3.E.!.f.............A...am..X........`cN..........l......U.ygT.._..M.*+3222#3"2..7.3..^Z..h.aA.#t:... M..z.H.Gk..BH.c......u..j.wfz.\..V8.....b.}....^..uv.@...y.\v.P....[.o.........t....C.....&8......<.....W....!|$.h........L....d[......0..G..N. ..\...Mw....l.s.....B...y_Y...N. ...S..=.f..$p..rJ.!...f.=...S.......7...._3b}=...#Fu..........O../3T..L..3.e.\....|`k.8@.$.9.7|..N!.2A.#.]..#M.R/M.7...q..o..?q.]...6e=..G.&......j.(.P+.09. .E..z....;.]... ...F.....O.@N. .*x.....[..z....o.9...~....W..r ....t....4.i".....q.3....\.>.... .Y.&.JuuR.1..'Z.z.1.U....S....Ko.S..c.o....1.jW..7y...P*5n..W.U=C.{....../;....0v6...Y.......'M..K...o....nu*.....>r_...#e."..... q..bv..?....u.cu+.....-.*..fL.E`...s..=.....G....'E.....r._u.9.|...6."T..||/...t.....q:.Zh....OBx,&..o......gv.t/......ap..y_k...........#|../.......g....kV..F.`...!.[..wH

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\progress_error.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 97 x 97, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9167
                                                                                                                                                                                                                                                  Entropy (8bit):7.966353314469126
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:LSgdj1ijBb2XcxmTaGGEWQtJO9gfSgdXl/pfywweHSZnda:+4j812XRcEBtJNtdvfg5nda
                                                                                                                                                                                                                                                  MD5:8B09AF802EEF156F9466C3FBE5524BD2
                                                                                                                                                                                                                                                  SHA1:B30DD8FCCC6ABE38C6215339319A61E8EE2DE6C8
                                                                                                                                                                                                                                                  SHA-256:79A84DE2346F891575C8BBF2AE394492424736F2C611B3921B5B2ADBDDE5C31A
                                                                                                                                                                                                                                                  SHA-512:7EB38602DE8748B3D8E722C437DB581003EF666CF32276A8D5BD7BA4C5E49C6D1861A590BAF7D4855C229F4918F147C03440FD8629DBEE068A26F494358D89B6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...a...a............pHYs.................sRGB.........gAMA......a...#dIDATx..}....p......( (.j..7p..*.dq.5`tT@0...cLt...q.d2..g..9.#*.%9....3.9.."KTD.,f|...(....w..[uou..oa.S....T..[.nu.....`......#@.Ax..c...-..`......G.....2.I...28@A.......x...{...!..`..V....}w.. .gW..|.W...uW...z...|...i.m...D......F..(a.....5k<^~....+...y...>h....U..n...n.L0f&.'?..j.(.....a....?f.>U...wP.w..%.._...Jm...W.S.W!I.@.n.....zm...7............M=`....G'adu..'...;`g.>vS.L.f..oB.Y...ol\...Sz...0}..p....7C......2n7n.I..t.*.R.....lh.....K.L.}.{]...!Mg@G\O.N..{.'.._.t.... [v.A^.[.(w]r..Q.....t.|...{.......2...~....V...g.^UB.._.M.......L....n.U.R].v5..].B!D....r.T.m.67.....O...{........A....a......^....s.Q?B..fC+.C.}.n..A........l.]u..D.Z..6.m.K+h..x..l....)G..~w.|...v)..."n...{...~..78..m6.....W....Q.6u.~<.`.#.h ...5.2.B..k......zP...~.......O....e.....=..H...q$t..<F.w..w...;v.T.;u2...>;v..;......@(.A'c:3.{.9..y...^.m..^X'v[..R..a...;wF..e

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\resource.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):27336
                                                                                                                                                                                                                                                  Entropy (8bit):5.57578184442293
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:UBhBT/W58RrB3M65lWHqXPDenaKb6ki29d1ikN42niSJIVE8E9VF0NyJlP:uBr3M65Kr22Psu/2ExP
                                                                                                                                                                                                                                                  MD5:5E8BFBB3A3DC1E55C7D024E6C1ED51C5
                                                                                                                                                                                                                                                  SHA1:5676951B6835B3426365F73A5FAF398BA705B611
                                                                                                                                                                                                                                                  SHA-256:C5C3A970925D4BA60CE859F90ED37A206BD658B88F852BAC3B182BED75A9C9ED
                                                                                                                                                                                                                                                  SHA-512:F14CDB2AF7B6FCAA7A3C675D512871AF019B83764E848B23EA765EB3B702BC36BF56B9D2D9B93898354F893F7819A706798B1EC3229559770159992C8E3F54FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q=.0S..0S..0S..O...0S..OQ..0S.Rich.0S.........PE..L....XWg...........!...$.....>...............................................`......._....@.......................................... ..\:...........@...*..............p............................................................................rdata..x...........................@..@.rsrc...\:... ...<..................@..@.............XWg........o................XWg.........................XWg........l................XWg............................................RSDS../.|.zH.?.iDv......C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\Resource.pdb......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..`....rsrc$01....`!.......rsrc$02....................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\resourcedll.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 27834 bytes, 3 files, at 0x44 +A "\resource.dll" +A "\resourcedll.manifest", flags 0x4, number 1, extra bytes 20 in head, 4 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):38530
                                                                                                                                                                                                                                                  Entropy (8bit):7.954027041122931
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:BPTPipu6nDeFnJ8mfpiAFlRPJy5nG9hqKwIvylo2PsY2E7H:B7KEYDeFJ8mfpv5PJr9cPo7Yd
                                                                                                                                                                                                                                                  MD5:B40FED403CC20AB93D2538D2CFDD1EB3
                                                                                                                                                                                                                                                  SHA1:804E6C796769F113716C66F84849289ECC77CF92
                                                                                                                                                                                                                                                  SHA-256:BA9DF47AD7A36C724204727E53DD3CBDACBBA3A581797345926762F99885D82D
                                                                                                                                                                                                                                                  SHA-512:4ADFA6CF722544F71938F06B6559209788D2EC3780855A342569DB927E765A1EC675C935500ACF196F154FE2DE2DC23B2454656F8A818AEF9B172D4DE5A93F4B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF.....l......D............................l...)...................j.........YLq .\resource.dll......j.....YOq .\resourcedll.manifest.4....p.....Y"k .\webadvisor.ico...t..8..[.... ..q..@..$Q.P...>...m..........F.Q.]N..D.,..*....Q(.RWBT.P.@..@Ff..............N...@,.T7...a`..].RK..wC.[de.{....z....g..F.].._..).QFeq. ...d............h...l{.}.....w.I6h.&a.!.h4.h....FF...Pc.k..... ...J0..#...S..B>.....+M"o:...6......1`.!..-....g..j.1K..w....trji*@'*.8:#.........3....r.....47.6.c..j.R.. .kg.4..A.....o.M\.-D......I.7,...G../}....x..{..=......].xB.~..."...]....\.M....>.DsK......)....J..E...y...m.-w...q]2..%.}..=.'..-........}...S=.&A......6...1.k.....S.s:.K.pe.Na.OX8...(..c..Z.P|........AB...~..]kt.......x.......k.P.8ptw.q..Q..<.W..O..1o-...p].o..Z..A....Ex..q)..'{..-.\... . ..=.Z...\.a.W-M....*.........i.S#...<..@.....f.P..=Hy..c.......>\y<.x.a......d..>.y..b.-.c.$..}.x......Z....8yQ.c...D..M.@l.....,iBH.x...!... .A$..M.A.Aha....D.{.B.A

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\servicehost.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 325651 bytes, 2 files, at 0x44 +A "\servicehost.exe" +A "\servicehost.manifest", flags 0x4, number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):336347
                                                                                                                                                                                                                                                  Entropy (8bit):7.998457346375142
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:6144:mbbCLH8RBLMUtQl5vbMTCcl3ahyMsCjR9ytMtO8tLjs8NYxkjS:k8cHMUSl5zROKhFytMtO8tk8NYxH
                                                                                                                                                                                                                                                  MD5:208D8F91316603869AD394B8688FCFF0
                                                                                                                                                                                                                                                  SHA1:649BB6533989CB329055C85D6AE5289911853311
                                                                                                                                                                                                                                                  SHA-256:C461B03530D9417E38CA660CFEBB72AC0BC04CF02A5394A7E006711AE26C0B12
                                                                                                                                                                                                                                                  SHA-512:19AE6EF1D5DB23BFED14A554D9166F55DDED95725A81EC73434D422962C09D303181658F0D33486F9646420121839248313484C6C619625D00646F929A7D3FDA
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF............D................................)...................!.........YBq .\servicehost.exe......!.....YLq .\servicehost.manifest.\......[.... .1....C.%"....)......^RY....A.JA.F..d(....h..&;..;.....&'... '?.~.=....6....M[..;.i.......^U. 3.........z?.^{.H.h...A..:'M..A.....TrWy...&.M.....A.Au|.F..v^...R@.J.2.D#.I.3.uH........... ..1...7...)............._..^.o6._.....<...?G.....W.....p.V....L...d\'.....^y....m...n......._H.].I.n....n![........j._.).........C...*.O...w......lR.=..W..v.|......v....^..*._V'.7..r.......p....m.8.WXE........m~...)....w?i.4.s....}{.....w..6....o....M._J...vw....S..l.v..\.x.x.........fk.._:........l.^......7.7......[....[2.....>^~.3.............V.|._OwW...t.S.$.-....i=...W....S...v+....xR.-......b.&.q....o.n..]....c......?>.w..$?...z-...{...Y...O.I...9....:.K.Mh..j....{..g.d.o.{..E..Z..>.i..M...5....3Nf.:.........E....f..;|...q...mc>.~..S?..M..7.)...I...o.>.<p._T.........g....../..6.mrn...x..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\settingmanager.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 792715 bytes, 2 files, at 0x44 +A "\settingmanager.dll" +A "\settingmanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 61 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803411
                                                                                                                                                                                                                                                  Entropy (8bit):7.99959252090515
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:12288:5m726vX8g2LmrswYCCNzEkzEtGMkkSKEZmqfzcVALFLc3nZDeg10emzCkc2w4G:5AqL1wo5EkcHE5c0qnReGmzCQw4G
                                                                                                                                                                                                                                                  MD5:2EB5A010C9B9ACC0AE15E0C5480DA20F
                                                                                                                                                                                                                                                  SHA1:1021994A4B7D59347A112A26F298DF0DBE694834
                                                                                                                                                                                                                                                  SHA-256:9F6674151FCD2E4842247436D90AAB310F85BE8D7F7F41886A2A73DA05E103C8
                                                                                                                                                                                                                                                  SHA-512:4BA98F9290D052172EEAE47DC469E91EDA2CBF92F5CFFE5ADDAB0A00A548AA706A88C095741FA5182378EAD7E32922FCE3370C7C4EAAF0886999F136EEABD8FF
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF............D................................)..............=....'.........YCq .\settingmanager.dll......'.....YNq .\settingmanager.manifest.?.......[.... x....GR.4".....~..sO...]RI..Z...d.9....WN...\j......fa.lQ..e@..f.=...5y7..;.Uxs...}...n...o.@<F..f.......{.{....w.....O.[.M..E.X8.5...X..M..8.0......q..+....sP. TZ@........#..}..P.. ..j......w..w7.....%.*f.... b..'7.]_...^...rM4........3..{[...SW..i..2........{.....}..:.7.\.O&:......?....l/_.x...|../.M.nk.>....g.o.[b.w..q....U..M...d....._O..mzm..!.N.w.v.e....t.u.n>....ry.N=.}o.e...qc...)...`.6o.......g....b....k..........>7....]$....T..?..m9..m.w..?...2....{6..{y'.hC3.....K|..'.z..o..6......>.}..,s..u..[2W.i$;...._.~....m.&...^r..m...~..........l.&.s6..ij..O{......}.......]/(...d..~w....6.....f.>.....o.W......p./.........6.........+..m.{.K......}.Q...mj.&v..<.bF.....x........N.n..w.o{<..n...%}...x|}......Y_... .w.M.7......<......~J....u...;....m...+.-w>.....=...........]...}..2....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\taskmanager.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 3084243 bytes, 3 files, at 0x44 +A "\microsoftedgewebview2setup.exe" +A "\taskmanager.dll", flags 0x4, number 1, extra bytes 20 in head, 185 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3094939
                                                                                                                                                                                                                                                  Entropy (8bit):7.999887057255646
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:49152:3y3xnx08sXqiQVLyAQ6l7xcha+PVhtnHQ02CnCaxEYC8DPPA6tjfqA5qFvNTH/:ipx08sXRzH6l7xktNQ0/nC8bDPbBfl0N
                                                                                                                                                                                                                                                  MD5:911ACE2C29FF8EFF71661A1D40899F5A
                                                                                                                                                                                                                                                  SHA1:45134612E4211FD9DDF096DC0FD1A23C6FD8DF7F
                                                                                                                                                                                                                                                  SHA-256:D382E4573197AB894D6D89F7807CF277B78910429D136DACE3DF13F4BC89361B
                                                                                                                                                                                                                                                  SHA-512:9BD6586A965673078F3B1F507E8A55638FD7C6A48F9A43A0DF3BB5BFF774DA9F40F4F4E7B0924493E84EA6211C1E998F4E135FA1D9E8F6E6CB977DDA042FBD51
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF....../.....D............................./..).................. ?.........Y.p .\microsoftedgewebview2setup.exe.8.@. ?.....YJq .\taskmanager.dll.....X.\....YNq .\taskmanager.manifest......I..[........."S`$..........XY.....$.$B9f.....0`..u$.*.V..w..g;`.......l.........d*<.*......@H..E..F..h....m.l.m...sy;3...r.....g....~.....ml..<hm.......@y.`7m66..-Vp...[Xm......b..`...Zq..7...f.....71K4..\......#.TD.U.E.{{..f..]...BeD0 d"...t@@..A....pr....B0"`Qy.rS..>a.5..@..u...*n...D....7..W+=.W.h.~.[?..SQ}o..I4....*.....vQo..w.K.O.Uj./......Q.?....T.^...l..'P........>.1....-....../...~....y=.~e....c...nVX./..U....4.o....T..O.....;..R..!..`.{l.....Cr.?.7:.Q.....+5.....>Z...,j.|.....-..L..+0.<L}..Ecc...V9s.kq..u.8.KUb...7.w..l..d?..`....K..+Kc.h.=F...~...\...\F.....j3.<.g..r.4.\zO..v.-..;..:.\..wdH&....AU...z.....0W\ X.'5W.J`>...z.......}..dr.."...*V....H.EI..[.A`.$[.fS ...z...^.Ez.....9..h..'.....6../.ut..(.c....0.b*.....'.dz0.!.`.....F~Z.....y...&.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\uihost.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 320923 bytes, 2 files, at 0x44 +A "\uihost.exe" +A "\uihost.manifest", flags 0x4, number 1, extra bytes 20 in head, 28 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):331619
                                                                                                                                                                                                                                                  Entropy (8bit):7.998741872658551
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:6144:ZCErdbWdAgQYM+E7K1G8bi+KgrK5BkgmjP6cz2r37a+Winmk4FlDJ1BakHeW:guCdeYdTdYB5u87aimkqtJ18K
                                                                                                                                                                                                                                                  MD5:4981CD63B9694AE01D847DD6062B4710
                                                                                                                                                                                                                                                  SHA1:4D7DB8426680D83F00A947117F6AEA2F93F51B68
                                                                                                                                                                                                                                                  SHA-256:ED3AA972B8CA5CB4D8BFBD5A64899B0E94A6774A8EAF7A07F33C042542B5B5B5
                                                                                                                                                                                                                                                  SHA-512:43E8F81E26B665BC25B6DCEF5BE72D942273A51B4B246180A29A65FA536432150507BEEEB8B9BBCC1F7AF010D430B2F4C976A139AACC4181A5BAD95207060FE1
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF............D................................)..................(..........YLq .\uihost.exe.-...(......YPq .\uihost.manifest..K.<....[.... ......C.%"....i.+./-.....2..AF9....<.E...L.BG.s2L8H..1mt. .s.w....w..........M..H."}.Mv.&.2.B..........y?....]w{........2..o"T...d.u.nZwo7yW/.-....a.....Q.....^&..0$...A...O........A...5.EdPF.........A..iI.[...7.....6^_.W].Wx..6......[.4....~a6..G.'..$.....].M7.%.H..<.Q.A......2..R.%n.^....Y/.3....i..nys..6.!n.....#...a....e'.r.{.:.&.y/h......M8..c.....e.9.7.q..C.\....y7N......m.../.v.M^..k}...&..............G'.o.S5......m3..>..\2..........a.r.T...GL'...~..U......).:...zz?....t...b~J..%.$2..=.........~|CH.Yt...omd56.......w<;O......+..............&y.;.......1..S....E.q.h..%"u.!y...OI.?.oKo..&.K>.....x>}.ru............^}.m....>.=]....Y.4..xj....&.g$...s./.._.<...}pi-l..Z.....q&lc...=....:.......U...{../...~...}..6...;O..3....G.\t.U>.e>.|...9i.....C.?.=.........y..{k..o*..........q.v.*......wo

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\uimanager.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 1903517 bytes, 2 files, at 0x44 +A "\uimanager.dll" +A "\uimanager.manifest", flags 0x4, number 1, extra bytes 20 in head, 179 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1914213
                                                                                                                                                                                                                                                  Entropy (8bit):7.999667338831825
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:49152:yKMiSSfA6FHbmpr7uesuCOsMtjXelk0ctCzF/B:9MiSSPHq+elnsMtj8VcczF/B
                                                                                                                                                                                                                                                  MD5:ADF2753456668E23BF3E9742A3BB2005
                                                                                                                                                                                                                                                  SHA1:588A8DCF581EFE21F9BB85103B7E64D5C2126E26
                                                                                                                                                                                                                                                  SHA-256:18127EED598C2244A0A8BAB993047E1226A6C3AD83D2F50D1D69522F99B14BD2
                                                                                                                                                                                                                                                  SHA-512:4D5CDFB9762586A725BAC4300D8616CEA846641AE73F39B7EA9216C175F819E0DA8866EACDF4BC73D22DC43B67723A93E44F50C0B7EF4C67635209C643A3BEA6
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF............D................................)..................X7Y........YLq .\uimanager.dll.)...X7Y....YPq .\uimanager.manifest.....;..[...W h`...@D.0.....[..Ve.........h.bh......Qb..1Z.^.....z........a.....E..........Df..j......=..............#..Xn..]......."g.ZEN..>...s.$.cn...,O"n\.,..N9O.#c.m...I...I.7...b..5k.....-.T...,.@...AU.@..U......".""(..".9}..W....`556/..j..Dh[....D.....h.@.X.T..n.Q..n....0.M.~.;..=`..N>.4S..."....}o\./....;...tv...x....O....t....t{..n6+..vT..*g.s.....%.r1.4..fL.E.7nV&O...Sf....u....u..Jj..K.9.,.{^.[..........^?.w.L9..W..{.....T.].....w/B...&........vf.+...^...=f.j...\..}.....J...6..^|O._......-.>z..Z.@.k,.L.m......../..07..,o;.a.z...{..G.....hE.`..G.7.....F..g......ZY.)......7...W.?.~1...9....vK..M...oFs...P.A..b...?..........%.......r........E..........=....m.j.l,..v....?L..-.}t=....a.;{.......r.o...?I._.......? .v9.,.w...@.J.]j.$.......<....r1...=e....S"ZM..f=.W.~.U2;..Y.i..4n..... Ktk....muOa..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\uninstaller.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 1060402 bytes, 5 files, at 0x44 +A "\uninstaller.exe" +A "\uninstaller.manifest", flags 0x4, number 1, extra bytes 20 in head, 93 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1071098
                                                                                                                                                                                                                                                  Entropy (8bit):7.999586558542834
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:t3FJD195W15hAfcyKEB2rxIoS8VvGwX8wWqIhVi15fUmB:t3Fp0BA0y9ySgOwX2hQ1Fz
                                                                                                                                                                                                                                                  MD5:E50E13A73D3DBCF71FB24D60551EACE5
                                                                                                                                                                                                                                                  SHA1:5C182CFBFEF403A6D6D9A08B204E981B0B7C9C7A
                                                                                                                                                                                                                                                  SHA-256:73C1C4DF12FE3B41CF6C93B7386C7ABEA7A6B4B2DCA8B38F677FB0AD5638D82E
                                                                                                                                                                                                                                                  SHA-512:6ED8B0F3E276E2B7055081062F65B30EC8EAB038462FD876B453B87756BDDC17D44DBBE07F6E8E614F9F3779C6EEA0F9E29A9D5F1719FD4DC46122F8E9C8666C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF....2.......D...........................2....)..............]...0.-........YLq .\uninstaller.exe.u...0.-....YSq .\uninstaller.manifest..&....-....YSq .\wa-ui-uninstall.js.....].-....YSq .\wa-uninstall.css.....C......YSq .\wa-uninstall.html...K..)..[...! .S...@..%.....[_.l=k.m.lS.k.(rc..r{_.:._...\h.:E....Bs.+.v.Q....u..n..w.R;....D 3CuF.g`....s.{.n.g.G...W.@..uE"A..$y..u..$..M....[d...EH.....\.yy.4..;q..B.$D...iX.....t7y.Dy.+.......U..@U../(.........2+...o.s}.T.4...U..;..h..S. ....;........EU%U.K.QG.;...7.u.3.!W*.j............r...^.....r^......]s....M......B.W_l.<..g..]...Gjf.>..G..{.:b...=:....t..].S@v~.fs.<...K...5..%..&.........u..]L__C.9/.c.umR.[.*d.\.z)U.U..ZJ...Z)........Y%g.BHDCU.j..V..5<.._........P.Q.Y..+.............:../5.l..<.sew..~K.7..;..6...j...o.......v.M..`..6]..w..J_m...G..5.bV[t....-.....*.}....ySP....U...B..x.......s.4~...rb,...............tV=.u.M.a.R..;.....w..-..s.....i.7zk.]...wT....n......o_.up:*.>\.?.u...%.'..L

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\updater.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 975981 bytes, 2 files, at 0x44 +A "\updater.exe" +A "\updater.manifest", flags 0x4, number 1, extra bytes 20 in head, 85 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):986677
                                                                                                                                                                                                                                                  Entropy (8bit):7.99956639708756
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:RBd9puI1ziTB2EmlSFYf0wqb+mrB35oxdRpE:R3uIFETmf1aadE
                                                                                                                                                                                                                                                  MD5:78C722BE85852E553B64D8712469F279
                                                                                                                                                                                                                                                  SHA1:B1E77B8C1D0CF642B97DEB769479B5B1204B7D39
                                                                                                                                                                                                                                                  SHA-256:01FA1D5C7E9C064C8128CFD753C391D617C9781095A9A5E97B36E765ABA5DF5A
                                                                                                                                                                                                                                                  SHA-512:0FF015BC2A44D4BC9B6EEBC6C666ABFF176F84F268E095DE03614CD672C3A6416E9904375D82763ECA5A697383FFB34796CD96B8E9DF81E39B88D25AA0732730
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF....m.......D...........................m....)..............U.....)........YLq .\updater.exe.......)....YSq .\updater.manifest.9....)..[.... .....@..4.......}.Z......(.....6(...b..hi...N..h...W'.v.KM....F...Fl~.R2g..ff.f......w...W....-..I..(....E....M....j.$....W|.m.$.Yg............J.. h4.....8&....".L.(2.,..~. .I0.......H....3*.3y.........Jk5.Z.v$.8......2.6...J.......J.wII5X....M..])...r.<...5...v^.duX..k...9.\o..v_.d...%..W2m..........?i.H?z...5..._u,.Wi.0......'..L..?.S.C..m....gl...?..H[........._W;..I....0y.i9g{UT)...y..MZV..*.?..>...k........Z.F/....#V......S.l..~.aG..P...+M.p..{...s.JQ.\J.x..|..$.+.g.0.g..o...`...~.m.....^.....2h....g;O...c..l ...o.o.m....?.d...K.s.vz...{\b..y......dKl._.]u..]....x......N......l+.=.`.|W.s[.s....n..M.:UN..)..]X.l]].....N..om.n........37..Z.......))..Q`y..E...+%....z...^6..E..`>......C2.....]...a......hx.....4....._.1na.....y<;N....:.....O.Y..vT{}...q...+.....T.1.......~..zP.v..*..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa-common.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):34082
                                                                                                                                                                                                                                                  Entropy (8bit):6.048810099348607
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:E9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZW:E9DDI6thXjez1jtn9
                                                                                                                                                                                                                                                  MD5:BED2FF23927C34F86C480203AA7F87A0
                                                                                                                                                                                                                                                  SHA1:90B1B32D7A9CEECCD555D674582CB8AEE64E8909
                                                                                                                                                                                                                                                  SHA-256:9D7AC9A5AE897E993C0B6BAD468F56BF3B6CEFCFEAAD6FD2307CF8370945A2C2
                                                                                                                                                                                                                                                  SHA-512:6538FEDBC2DCE5EAF944CBD18F93783CDBFDC2920726A3509D0686BD062793B422AE6C6F67DFB0C344AC3E084F8B1F10425FA4636D1BA0FBD9E2ACE86EA6AE83
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa-core.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26093
                                                                                                                                                                                                                                                  Entropy (8bit):4.7761022291638975
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:J+6T4vNmgN8k0+yycVCI6z0jG7RXDX43UMRmvm/A:aDIpI
                                                                                                                                                                                                                                                  MD5:F43DEE507EB2DF869CB73160D95D37C0
                                                                                                                                                                                                                                                  SHA1:F58C1E59B243C7A26899DAE98F5EE4A2D9BDEA0D
                                                                                                                                                                                                                                                  SHA-256:BCFED78D2CF2398723A9692B56C975E69B8688878444EFA90C8189F442275BBF
                                                                                                                                                                                                                                                  SHA-512:7CEFD72CC1D4867C6EADB101C0D96BB0E4F2E0B911FE91723C25BD61352F165D8ECD1440549BA08B490A97EDB59360A8F681B8341F779680DA036C4D8D189444
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Core */..(function (wa) {.. var core = wa.Core = wa.Core || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... //Component.. core.Component = function (name, status, key) {.. this.name = name;.. this.status = status;.. this.key = key;.... this.isIgnored = function (key) {.. var isIgnored = false;.. var startIgnore = this.settings.get("startIgnoreDate" + (key || this.key));.. var ignoreDuration = parseInt(this.settings.get("ignoreDuration"));.... if (startIgnore && ignoreDuration) {.. var today = this.settings.getToday();.. var startIgnoreDate = startIgnore.parseBasicDate();.. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);.. }.... return isIgnored;.. };.... this.isInFixGracePeriod = function (key) {.. var inGracePeriod = false;..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa-install.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65472), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):636601
                                                                                                                                                                                                                                                  Entropy (8bit):5.63060729988193
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:XKNvSkRBq880BAA0967ktah2IdSv5543cKNLNNVN56wOr7MdRhPEceKr1GPHte7t:628L4LItv7
                                                                                                                                                                                                                                                  MD5:32190953AE1D851EBA731EB250147E34
                                                                                                                                                                                                                                                  SHA1:E1D0DEB689A194648C7B88C08968F50A6581C369
                                                                                                                                                                                                                                                  SHA-256:7FD09C7D1237844150EEF67CB08DBAC2E7348E45C21E815E581FDCE10F73DD73
                                                                                                                                                                                                                                                  SHA-512:3F520F1D597C4875E76530EA694816245A0CB2BA48C80B8F5E439640E4BE99C24A48B464ECD335A3E2CF77163AB81C985CE874C055F1A39FC0592890776A644E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Poppins Light */..@font-face {.. font-family: 'Poppins';.. src: url(data:application/font-truetype;charset=utf-8;base64,AAEAAAANAIAAAwBQR0RFRgkWCRkAAAFYAAAAQEdQT1PuAPdbAAAjPAAAE7pHU1VCP5XTjAAAWZAAACZyT1MvMtmIduQAAAGYAAAAYGNtYXA1CTsUAAAB+AAAAtJnbHlmpQ0L6QAAgAQAAfCQaGVhZBrmJFkAAAEgAAAANmhoZWEMkgZMAAAA/AAAACRobXR4R+vvSwAAErQAABCIbG9jYYQn/AsAAApsAAAISG1heHAEpQExAAAA3AAAACBuYW1lvgkdKwAABMwAAAWecG9zdDq/aJsAADb4AAAilQABAAAEIwCXAAwAeQAGAAEAAgAeAAYAAABkAAAAAwACAAEAAAQa/qIAZAoD/fL5hQofAAEAAAAAAAAAAAAAAAAAAAQhAAEAAAAEAQYZH5g7Xw889QADA+gAAAAA2KSpuwAAAADbFjbL/fL9zAofBB0AAAAHAAIAAAAAAAAAAQAAAAwAAAAAAAAAAgAIABgAHwADACIAIgADAHkAegADAH0AfQADAJIAkgADAlwCXwADAmcCbAADAnMCcwADAAQDTAEsAAUAAAKKAlgAAABLAooCWAAAAV4AMgFHAAAAAAQAAAAAAAAAAACABwAAAAAAAAAAAAAAAElURk8AwAAA+wIEGv6iAGQEbwJzIAAAkwAAAAACIgK8AAAAIAAEAAAAAgAAAAMAAAAUAAMAAQAAABQABAK+AAAAmgCAAAYAGgAAAA0AIAB+AQcBGwEjATEBNwFIAVsBZQF+AY8BkgH9AhsCWQK8AscCyQLdA8AJAwkLCQ0JEQkUCSgJMAkzCTkJRQlJCU0JUAleCWUJbwlwCXIehR69HvMe+SANIBQgGiAeICIgJiAwIDogRCCoIKwguiC

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa-install.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1223
                                                                                                                                                                                                                                                  Entropy (8bit):5.186885559675722
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:csYz7A2NVMz71Mz7FMzrVMzPVMz6LVMCo7jOWwV601:3O7A2meCeiCoHOrL
                                                                                                                                                                                                                                                  MD5:A48CD7866D67064133CA40332E1AEBA2
                                                                                                                                                                                                                                                  SHA1:690E6F818F41E2F0C5850453471920656652120B
                                                                                                                                                                                                                                                  SHA-256:FCB36430BE30A6B2CFEDBAA99D2FFBA2A294AE0EC1357D182529E3704A2BC293
                                                                                                                                                                                                                                                  SHA-512:6D610D0973DE74F313489078DB0E1D407F7656ECA275EC8A8FB312791F639411D80A8C91B2F1C74F42AC987AA94253804736DEF657B13D652F73D208FFE3F4B3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-install.css" />.. <script type="text/javascript" src="wacore:jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-install-#loc#.js" charset="utf-8"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js" charset="utf-8"></script>.. <script type="text/javascript" src="wacore:wa-utils.js"></script>.. <script type="text/javascript" src="wacore:wa-core.js"></script>.. <script type="text/javascript" src="wacore:wa-ui-install.js"></script>..</head>..<body onselectstart="return false">.. <div id="wa-installer">.. <div class="header">.. </div>.. <div class="content">..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa-ui-install.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19374
                                                                                                                                                                                                                                                  Entropy (8bit):3.839664034038164
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:GVtiD5/K2joI8nXfzdM5cwwrbIVWw5ujfIGNELDoXpNxx:GVYjoICvGCnvP
                                                                                                                                                                                                                                                  MD5:1A7B7910DA9584DA8D5B303DAE809BEC
                                                                                                                                                                                                                                                  SHA1:9D624FB44988CF08F1641DFC69B4365ACD0FEE2C
                                                                                                                                                                                                                                                  SHA-256:1DFE0D8D41907999AF6B9C0757FA924B46BE1FE175DA58D68EA3B3AE364B29D5
                                                                                                                                                                                                                                                  SHA-512:516CD3BC185F746DF52D9D64E81E8CC57DF1F90382934557A1B5B785919CB2E3117C19AB42D10C27B88E42B3761DB4892CB126BF3B85D41037178E7FBF8B4C80
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Installer UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.INSTALL).get,.. _window = wa.Core.Window,.. _external = window.external;.... ui.Installer = function () {.. var buttonId = "wa-installer-button",.. _this = this,.. RC_INSTALL_ERROR = -1,.. RC_INSTALL_DOWNGRADE = -2,.... open = function () {.. _window.ready(function () {.. //check preconditions.. var productName = wa.Core.WebAdvisor.getProductName();.. if (!_external.CheckDoWeMeetOSRequirements()) {.. _external.SetInstallResult(RC_INSTALL_ERROR);.. _external.ShowMessageBox(_l("ERROR_TITLE_CANT_CONTINUE"),.. _l("ERROR_OS_REQUIREMENTS"));.. _instrument.log("Installer",

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa-utils.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16591
                                                                                                                                                                                                                                                  Entropy (8bit):4.419418555736827
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:BZwBjFVz+j5csy4h11lidEaCaNz4UcEm7damvbat2RSFZC9On/7W:WBQj5csy4DIE3oUUmMmvbaHC
                                                                                                                                                                                                                                                  MD5:FD128D0E27CD53B6F4AF938B28CD9196
                                                                                                                                                                                                                                                  SHA1:8A5BBCF6B9D04E3BA1C8A5B54DDC78167A8ACFF3
                                                                                                                                                                                                                                                  SHA-256:01923E4F4B2E16D2A870B6B1447FC9CC95CC2DF680CBDD5DF389A067DCBD30B8
                                                                                                                                                                                                                                                  SHA-512:C785D2A6BF15CD5B109AF02118F2C69E7D51B58BD025B2227168B41EEB2F10B4B711F27052EF52F247F06A9DCC7292674D84C9070E5A1F1343C3F8BE67024F87
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_)..};....(function (wa, lr) {.. var util = wa.Utils = wa.Utils || {}

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa_install_check.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):558
                                                                                                                                                                                                                                                  Entropy (8bit):7.494810764492959
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7iIHftwTmWkW3O+xbR/GfmNFycqV7o5jNiXrj0IGDfjo/1:zT5+aVefmORm8bnGD09
                                                                                                                                                                                                                                                  MD5:F8AF1796D709A69C3FBDD16822596FD6
                                                                                                                                                                                                                                                  SHA1:D216CB9A49EF4223138BE20D027B3ABEEFAC7DB0
                                                                                                                                                                                                                                                  SHA-256:055E07F760351C3F33E708E4720D5A34A60ABD8D13F2FE05A473DFD5ED9714C2
                                                                                                                                                                                                                                                  SHA-512:FBD9C93490B818798F4614E6EEA7EF9FA05D535F50071806E763CD9EBEE478559F614EAC90720E4B5F88D803DB0AD459F1D1C67954C2C379B1BB435CCA74390A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............H-.....gAMA......a.....IDAT(.u..k.Q....1&.k..T..bO.K...DP....I..{.PRA..............QA..J/....eM.tS..7..v...y.7.7.f..R?......W.......N.....G...z.N.a._.X=.sg.5..r.k....Z...R....[..X..W....N....v...H.1x......L......R..@:v.w.....W........v.lc/F..b .C\.:.[Q.`..E`.L.J..!....<..m.q....R.&...""%F(^M.`..e.,N..q..y<.../.O:.mP..,A.QrZ}[u0..,3...S.K.\.EM5.!mH......}N.+j....p.O.E.......[..C.\x......nMi...~%.vv...|8...y.xV..v<ZZu.....y]@.1......]..).6.M.'.'.%o.T..5.Rq8..l..;...Ha......5......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa_install_check2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 14 x 14, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):785
                                                                                                                                                                                                                                                  Entropy (8bit):6.380231936591206
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:nmwBSRPy8iSvgv+aYS0NFVO/6cgDHNUPZ7SCOr2zhxNoEMBxNB:mwBSRVL4v+/jNFVO/6cgDHWhbOKHCEIj
                                                                                                                                                                                                                                                  MD5:5367B11C1B0484E2B64AFFF761DB5B69
                                                                                                                                                                                                                                                  SHA1:CA05EC2A55FAB6A4035920C38B6FF198044DA594
                                                                                                                                                                                                                                                  SHA-256:1CAE0E0663BA559CA8FE7AD3A1E07AB23AB9E3DBADA1AA572AD9C2C5D51D5627
                                                                                                                                                                                                                                                  SHA-512:322DF7AFB16185EB4D39AA4881A27E04B1D310773FCFBB77D0F1C83237A56D100F6567091E30BF0DC6A11EA29A22A52BF091B66C5863823596108C155C031588
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............(.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE...#..$..%..$..#..#..$..$..$..#..$..#..%..%..$..#..#..#..#..#..$..#..#..$..$..$..$..$..#..#..$..$..$..$..$..$..$..$..$..#..$..$..$..$..$..$..$..#..$..%..$..$..$..#..$..$..%..$..#..$..$..#..$..$..$..$..$..$..$..$..$..$..#..#..$..$..%..$.....p~.S...NtRNS........................T....L..........K..T...S.....JJ...O....r)1N.T......L...P.....bKGDOnfAI....pHYs.................tIME........l.-....IDAT..-.g..`.F..o.PISC.[.........|..s.@.Jr.PM.3.Ah.&....dI.01..t...v.K.h.o[?..^.....Gc.&..8....A..<..r5...QY.F..n.8..@=A.l.u.....n.C.....>.o.4...&!.KUd.&R$>.e*o..T....:...~g....%tEXtdate:create.2022-02-16T15:21:59+00:00h......%tEXtdate:modify.2022-02-16T15:21:59+00:00..x.....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa_install_close.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):327
                                                                                                                                                                                                                                                  Entropy (8bit):7.1140535970703365
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPIcWn2ofLbzmoGGaKdwjXI76l4AXT8ctmzXxNuJpTqAp:6v/7DWn3btahecDAuJp1
                                                                                                                                                                                                                                                  MD5:C0708D1E58F1EF1BAB621620F3B09130
                                                                                                                                                                                                                                                  SHA1:0BEB49A1CC1E71F364BCF42B474890F35CB8CC3A
                                                                                                                                                                                                                                                  SHA-256:834380BD8B6F9BFEF000A555541AEC2BEC01DC46C91DCB7F950D109B81BAE5C2
                                                                                                                                                                                                                                                  SHA-512:241C93BC2677B1F0788C2C0DDD9A7FFCCC7A865DAD427EA8C89E437FC796FD12F80D2A962A8D02B1B2391E10CFF768F17E34BD45502A0E31D6E1C8F443C2AA34
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............Vu\.....gAMA......a.....IDAT(...On.@........=J.&....5....8A..M]{..s......Q#0.7...0.......yr).q8..s....sp.....W.u.q+..;|.5&..n{..{.............>..".^S......#q.6B...4.t....~e.[@B.&...L.o...h..8.......Q....+..b.i..MhxRaG....Y..F....,......G.E....`(....V.v.4.b.$..S.O.....Sh.B....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa_install_close2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):272
                                                                                                                                                                                                                                                  Entropy (8bit):6.591404605834916
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPIcE/6TsR/nQV32e46OIoiMr6FRK7MhtCxllbp:6v/7DE/6Ts/nnPIcr6+ozCjz
                                                                                                                                                                                                                                                  MD5:F79A1953A8E6CC342847B4B00DDBD736
                                                                                                                                                                                                                                                  SHA1:9AC411CADB6652F4FDBD854300ADCB5C21C04BAA
                                                                                                                                                                                                                                                  SHA-256:4F8EF204C1884F868866D03B4D11DF1237480C1CAA38ADEC1C13444050105B88
                                                                                                                                                                                                                                                  SHA-512:DFB54D3D20FF53B867328945FE3D69B56055D5861EFCE2A069653B1792A5477AB4C3B73A3DEE82DD1377D1573099AB70C2F6C285C694DDBD0B1EE9667CFC4F2A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............Vu\.....pHYs.................sRGB.........gAMA......a.....IDATx.u.... .DW>...>.RRYJq>).>|E...!..3...t...a.?..w.!.P..../l....2....Q..ZS.%'.........y^.Q..H.T.V.D..W]..t.*X4t#9O;......=U%u0...f.......3`...[.S^..m..$..?[...{4.Y....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa_install_close3.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 25 x 25, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):404
                                                                                                                                                                                                                                                  Entropy (8bit):7.033473403283132
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/75/6Ts/THdCug1JmIiSJgH0Htx7n6u3GvewiSulgs7:I/6WHdVgOSJ8ivnb2vXiSulgm
                                                                                                                                                                                                                                                  MD5:958DBAA93BCDEADA1D578CB7AE159E1B
                                                                                                                                                                                                                                                  SHA1:15B954D2E439A725CFE04FF14D16938BB928E937
                                                                                                                                                                                                                                                  SHA-256:DAA47D81BEC1A30312B994269EF408222094C826661FFB655C2CBCEE25A695C0
                                                                                                                                                                                                                                                  SHA-512:DF2EF3DEEE9ABF2E1E61A00419228D66492D0E36389D01AA9E9599F9B19AC72133068ADEF5A1E1D7F2E790ADF91D057568C0091C71DC284A0A6D89206738B57F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...............c....pHYs.................sRGB.........gAMA......a....)IDATx..=N.@..g..(}.JJ.%.2..::Bk.9..>.PQSRA.+.L..K..J.d9.......j<.O..f.&......OR.Y.$....k.0^y=DQ.....@...'GB.y.....L....Y].!.'....j.....y.>.8.......!C.1.-......1....u..@.@...X:..b.........i.....m.b.e...H.D....ey..5:GJ.....t....M...O..BA..Wo...?.s.\g...?..\s...O.I.t..u......W...UO.&)..E..........IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa_install_error.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):428
                                                                                                                                                                                                                                                  Entropy (8bit):7.367179920202989
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7iIHbGI9XbxzlcdqzUCOXC5pC38WWn9:eGIrzlcdL4CZW9
                                                                                                                                                                                                                                                  MD5:0EF65600F5A2D01876B6F9EC668C9D2E
                                                                                                                                                                                                                                                  SHA1:31F378D2D6BE62F3A426523B1AA3D61323B2B9AA
                                                                                                                                                                                                                                                  SHA-256:17DC5C3BAA1D35CA60C7DEE7CC70B76446765769960FC5D4852E065478C871C4
                                                                                                                                                                                                                                                  SHA-512:7D9EC74CECF8DF49D4F8E676053573798A029D889E8676CFE90891EB68E49A2FE9AE828F38BB99851888B25A76581EBE2B62694D3C66D193016B4446004A9271
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............H-.....gAMA......a....cIDAT(.uR.J.A..f..&Q..*....h..... ...(.........K...!Vib...B...qf..{.9....|..3C............@..........5..8.b...z`-....s.ID..G....PEQ.;?1...p.h;..z6Z..4.X..c..$E3s.b..ry.|..yVy...0.Rr..W..S.......A.1.....s./".j..g.H{l...Q....d................fE..;..'+.).j.F...J......~.s..Y./...6.v....|......,...m..[m....n......D.E.OvU.n..W<.m..=h#.O..Zm.yj..@.tums.....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa_install_icon.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 107 x 108, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4418
                                                                                                                                                                                                                                                  Entropy (8bit):7.945868276745926
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:BSXpPtcN4jQ/l2TW7NCXY5VudzavDXNuN+BOokaUxV0MBhtsW:BS5Ptl7T6NUBSX8N+BOXvV0qAW
                                                                                                                                                                                                                                                  MD5:85731024186630DC2090EA039BC46BAF
                                                                                                                                                                                                                                                  SHA1:1AFFCA914FE3D2EDE59753D85F0F75AD88EFC1FB
                                                                                                                                                                                                                                                  SHA-256:0DC43266D3BBE9D952FEAF46E816E3F3C80C3425AF795D7C41FB5647C80A2FF5
                                                                                                                                                                                                                                                  SHA-512:D7FE98C43463647DEBD42F7A79128AC681F89355244546DAE5CB924123CC1EFF0B18F71D9A50EE6BE3A4903B417B63C1665E20A19CB35435CFD6B7A7671321D4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...k...l.....m.L.....pHYs.................sRGB.........gAMA......a.....IDATx..kp..u.........I).)...m....Nj.-...V..L..C.Q.O.4iBu.f.G.$..C=..d......7...+}L;.......X..t..I....x?vs...."w...P..P.....s.....&&&&&&&&&&&&&&w(...J.'..'.g........m@S....6...D. .....G.<...V....+..{......Ihx....A..1A.._..X.a\Qr.(..;.;...4.X..D.8.Y.Q..gL.3...u6.X.... ......b.e.).|...9...!......:..Z.V..,.n..T,vw.(..M....V.tz?p.[........z...]..nU.&....E.&........W..Y.:F....+..6.".3V.rZ.z.2V..X...nDs.Mz..$.h=.b..`>..^....Qo.hh..jLM.JG..).c.j..H|VQ.../j.!n042..6(*J.....|R...o...._{^.F.}..PV$'.y.z.*.Z....D..Pt..P6./..I..j.V..4.........._~.......*...0x'.%.....?...au.J.."..#.<.U.F.XP....n..eeD.P.i(....,....t...#p......NG..E...~..?(l+..%...&.....>A.h.L...?...........a..&.b...K..$[..\<.9.D3 ..Z..J..N@..P-.$.s; ..v...=..B.J....%.....i.J"..k. ....V./Z.Y.......wQ$.6.Q..B..Z#.... [...P.q#..zC7.]Y.F..s.s=(..%..T@Eb..p....J.$..B.T&........lp.B.{..2.y%i.s......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa_logo.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 233 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5361
                                                                                                                                                                                                                                                  Entropy (8bit):7.956335361585333
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:tXYxwio7C2guemm5poLpMmjxiN4f7DsCk7RkuxKBaKeVfGJiQmiMQ2qileA2I:toxpo9gKmsMmjwSXgyLBepQblA2I
                                                                                                                                                                                                                                                  MD5:0D8F8EFEB474FC9B2C825D7F2A875471
                                                                                                                                                                                                                                                  SHA1:ADBC30FD0131A01B3150753C7EBFD6EF648F0DE1
                                                                                                                                                                                                                                                  SHA-256:ACC40FDA844EADDF65B9580C484F1FE2E17358B352D99BABC6865BF0C74D9B00
                                                                                                                                                                                                                                                  SHA-512:90FEBC4B2165D37CBB1CF09295CF2F5B5713DD14A02CDC101318426CEB55D35B7C47B254D0F20CCB8297FC69EE77EAA5969FF98A0965D325C94AD81B6A56BA9E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............9B....gAMA......a.....IDATx...xTE....I .D..l,....(....Q.\..ftf...qA..D...?a..o.#.8..<.9:....A..."......KB...?7...M:......}7U..9..N.s.T..hZ"%$..@B...$$..@B...4!.UYY.E].Ln.%Qu.K.8....Z+I..m...m%v.6...K..]ki....W.}.y.%.O.1"dY..5...{...x.ef.X.~a..3K.u.l^.8'..?.z*#%.._.}.yT..Z..k..b..3{.{.>W_.,x,J......LM.T.>.x.....^..c.'...8^..(]...z(..._.......&..w..9..)..W.,s1.>.):.0.4.Y...nq...7....;......7)Xk.a...O...g.l...c.^..)8.%.e...h....U..7.O.'$.....]K.r0.Y5u..K....tH?.NSzwl.o..IG6...........X.(.z-.X....ju.+.Jpd.j......t.>...../?TW.0u..7........@B.. ....yYZ.iZ..:s...}_X2.O.....1kJ..3.*.9+... ].4.Y.2.....r>hM....}..-..|!d..i#U...F...Dr...5....D[..]..u._u....[.>.{5.xX...t.|L........}?........J.H?P.....M.n....-.......d......pQ....3..[...;vT.dg....5.@..0...[.c..1...U....i........a...o..[.PB.....E..^......."|........$..."V....tZ..`W...[...z.1..[~.Buu.[.........]/..x.(.`Z.A....`p...]RR.4u'u.]..u'...p..[sh..w.....g+

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa_logo2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 232 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2938
                                                                                                                                                                                                                                                  Entropy (8bit):7.909981061900822
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:nv/69bTJ0Ji4hnEhRHzXJH3ndGzDr9zHUeqr7zpiT7efEgo3cRE0+U9sLBCYv2ZG:vSdJN7HziDr3S9i/efLQcRZ9sowGdK
                                                                                                                                                                                                                                                  MD5:65938FC9439B2307513A95D515BCA1F7
                                                                                                                                                                                                                                                  SHA1:DDDFE8D64ED371E973C46B6726B60BB0C0810BF9
                                                                                                                                                                                                                                                  SHA-256:B2703E2E2A404B90EDAB7A67B23037C32BE2780F20CB15FFA6F6E44666B8EFB5
                                                                                                                                                                                                                                                  SHA-512:93F755F5E208CA08955684D7789F6B8AF49F542DD41AFD9D678EC417CB535734C9C8182B87EC2EA8B8AA9FA502AC8BA90E383A9977F7E01BFF393AF0D1F400BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............m......pHYs.................sRGB.........gAMA......a.....IDATx..\]R...o.T.yZ.'.8..y..f_"N.8.....`N.r... '.y...>,{..'.}....n..%[..!U.)..|.t...G..O?.. .~....@.N...a;..e.....1}.?....>.Ma...>.?..u.}L...m.N. ..8.>fe*.z..dr..u.D.1.R<.....T..J.......\.ZP..V}....M?...2..3.....)...T.yG.4...kO....t......b5...-....4F].q%c...-....v.2...O....g0...g.&R.2.n..<?P.q9.....+l3...X&T;...z."L).12..D..a.G3..OQ.Y....%..P.=.....2....%u.}4.(..N.!.)t....w...M.@.0.pt.a%..N...|.|\f+H.Rk.?..G..v.q.7.5.'..F}.....lm....rS[.4..F2..R.-..V......AU....!./.\S;...M/..K`..w...>.f'm..bf..y>..$D@......1....3.>...Cn!.:.........C*..-.PE14....$&}..?..I...._2.m.<....L.<.........92.p......jT....%.~..Q.U...6.4/.U..4L+HK.\i.z...Au.@>Z..Y.....kk...pQ..!....|..1g8...Uc$.....Y......9.....`0t..p..(...R.N....w`......\...<......M....-.95.f..W;xx>.7"..'..._z.REq.=e2..bg.S..r..VKcI.j.....\.O..T...q.>....H..6AE...{'?.....w.X.J...w.d.......O%..-%...1*.53..NPB.O.[M./.:..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wa_logo3.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 170 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2441
                                                                                                                                                                                                                                                  Entropy (8bit):7.882452566815817
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:g/6K2jqFIKOQuXlTw1zVYFZJ73pnzqE+RKtsMI8ZoHptP65FLdi:gStjoOQFy3p3Vf+oyp8CO5Pi
                                                                                                                                                                                                                                                  MD5:71612012982B1C220E7A4BA5F6099D89
                                                                                                                                                                                                                                                  SHA1:FAA7AEFFBD02AB94767039A2B2E35EF9CF3450E1
                                                                                                                                                                                                                                                  SHA-256:4EB38967FF6BA50EFBCD918875A997B26776A6884AD6A04E00405414D7721B11
                                                                                                                                                                                                                                                  SHA-512:AC5A5C1033BE2A9DD626DF26FAE52D4A161DF964B791A3562568ADD58AF802A9A6443BF59C9385023E20AB3A8EEC06579D88833D61FD444105E318CAF885221F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR................?....pHYs.................sRGB.........gAMA......a.....IDATx..ZMR#...j.F.... ...'....5'.8......'.9...#N....O0.c.{1z..H......j.z.Fb..B...*++.*..3l4...%c7..u`...WI....\.....2h.l..s...g.A?.z..k...<..nb..I....y..(.L..G..2.a.uj....mc..c....f..j. p...w..k.Y{.2.....w..x..iB...wwO+h....y./.Y.@..6..vw..].y.......l@.....Tt....U...v!@....rt.Q.~..S.Z.......vw..&....._.8...+th....s..I...7hc.}...(.x,k^d.1..............>............8.}.\..s.V...-..)._..g..E.......M1.C..)..3.xx...........?...B......H...%.c..e...htf6.EP.....I.C.bLGX.*...8....]..U.......m..7....r_...............o.....q.^..?Q.r.*.B.#.].>.|../^......k.@@MV.'fEP.o.s..u.#.....].q.X..C.....q\o"k..C.....|gU...&TtI..g....O....Y..p3~.W.....??..).Q4..v|.Z...g.qy@aE.x=..=0...s...J.n.....(..V.3........<....."Hk...NWb..w(....m..%z[..{^.S.J.0?y...}0Q.B..`..e.xO.........E..........W....4..B..'.."..p.......m.M%.ZT...O.a.Q.W%..9h.VJ..Q.wTF.......I....E.$<....C.[,.%l..,...Q...Z....~.mG-ya

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\webadvisor.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, single, 1223 bytes, 1 file, at 0x44 +A "\webadvisor.manifest", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11919
                                                                                                                                                                                                                                                  Entropy (8bit):7.688335463848691
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:3Dyyj6kSDnicM9Lx76iiX0in1k7IEY9x8yS35IVnEy2sE9jBF0Nyw8v0l/:P6ki29d1ikyGNGxvSJIVE8E9VF0Nyw8w
                                                                                                                                                                                                                                                  MD5:0EF336BB27EE9BEAC04C8AD6A8B186A5
                                                                                                                                                                                                                                                  SHA1:5FE7CA6F16DEB828B3C989EC8A127D707DCFD908
                                                                                                                                                                                                                                                  SHA-256:4011B7B1DBA4EC23887B9529915E194B9DC6574D80185FD482C0320A59AD2A88
                                                                                                                                                                                                                                                  SHA-512:C88BD126D08CBA3FE7CB5A59458039CF7F1981F12D875CB91CD9EE4F2D9ADFDE6703136B117B1943A1FBDE21E14EA9C04117B12F4CD18009A22F41FE520FAB3E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF............D................................)..........i..................YLq .\webadvisor.manifest.q.Q.V...[.....2Z..4.%3...f...>P(w..k.*..|......'4.4.WUr.}............D$.`V.Q.lBrC.......].."...}......0;...Wz./.].r.p....|.3...........f..N.4w.v......2./....O.?..b..x.......xZP...ES.NS.........Fq..2......i...5o|.k..xw>...qPD,....u.z.kj.N....j../!..o.........D...&.....#......X...BB....%$..F...wr.I.B4.d..g....X.3.d.G.@.e...o2..9~..1..}}...>...?..9A.XI....U...b0Z.. WH.W.br....o4.eZb..l.woigXr^....+c..v..D......2C[..v......F.|>Q'.pW.WM....T..sw}k..;!.Z..&.b7..|.O|.t/.....?:Btc....C....&.,..lPl...T-......[.s..^..t.~w.8'....r..-r.z...L...-.rw...uwYa.........7.Oy.0~....*JE...l....#U?LX.3...pbzD.._c.170..s.'.>.....M....{v......OWE../.K.m.{.....b.^N...*..*.O....*...\.g..}Y..9gWm.>zJ%H......q`.....=.,gp.*..q0.j....V..I1%6*."..>%,..y(_...N.;...h\..........bVx.QZ....4..^...P...'.\.9.q...Pp....[t;..g."..(..D......h.y...2....s............>.O....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\webadvisor.ico

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:MS Windows icon resource - 11 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):99892
                                                                                                                                                                                                                                                  Entropy (8bit):3.9749743269785345
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:JLBqG5eVRjB/jZRj0t4kgU1l50AIDP88+2Y:JLBh5eWgU1B8+2Y
                                                                                                                                                                                                                                                  MD5:236FC5ABB597615A608DAB7BE98D5FBC
                                                                                                                                                                                                                                                  SHA1:18D3D1CF56898B264A24DE24DC13E4B9B7EED768
                                                                                                                                                                                                                                                  SHA-256:06ADAB20CB028B5DC61762691E8C8A6157EB1199526F7C773338B9BF51BD63C6
                                                                                                                                                                                                                                                  SHA-512:155766AA5659BB9E298AEDE4064832168002EEDEE836710C2259446FC35437AD70C04454DEF2D9EB40A83A029351EA1726D65ACBDB8FE8217C016FD4986F7F4E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......00......h....... ......................(.......00.............. ......................h...~"........ .n....'........ .(...TC..00.... ..%..|K.. .... .....$q........ .h......(...0...`...........................................................................................................p......................9Yx...................yyy9Y..................yyY.yy57...............s.....y.yy.............y9Y9Y5..9y.w.............9yyy.....................y.9qy....yy5............yyy.yqy.y.Y9yp...........y.xy....9yyY5....yY9.y.9.......yq....p....9yyqqyp......y.yy5.p...YyY9..p.......yy9Y.Y.........p..............p...Yyy.p...............p...99Yw............y9S.0...................yy..p....yY8............yyS.p...y9y.............y1......y.Y8............yYy.p...................y9yyp...................yyY.p...yyy.............y9yq....9Y.w............yyY9p...................y9yYp...................yyY9p...................y9q.....................yyYyp.......................p.............P.....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\Temp2112252202\wssdep.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 576083 bytes, 3 files, at 0x44 +A "\wssdep.manifest" +A "\win32\wssdep.dll", flags 0x4, number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):586779
                                                                                                                                                                                                                                                  Entropy (8bit):7.9992830970835564
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:12288:wpnTlBe5fPL2OE9X9y9KO+HWpRWHMHHe6toSDe/W4K:wTlByLmPm+2zWHMH3oae+4K
                                                                                                                                                                                                                                                  MD5:AFB062D1441DF0ACB1171AF089D2050B
                                                                                                                                                                                                                                                  SHA1:EBAB2B66617C5CE75A1F8737335B71894FEE47FF
                                                                                                                                                                                                                                                  SHA-256:4C9B176469D7F6D987D0C6B7D9FA01AC9E894AF6C6EE88C2150786DD1DFD1505
                                                                                                                                                                                                                                                  SHA-512:9DDB46E01E816366F473DEC7F01E535611AFAD1C82436BE3D3088A28B4519DF6872D9A6B279AAC5842B98838969B47A4F11BA5302C998D95FD48DFAA1285C326
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF....S.......D...........................S....)..............-...i..........YTq .\wssdep.manifest.....i......Y.p .\win32\wssdep.dll..G..I......YLq .\x64\wssdep.dll....U.8..[...8....."C`3..[....]..4(.....F*m.@k.Uj......e....ST.)i....N.}.....3.....k-.-. ...F2Y......3..2....@..~......w..g.NRN>]..tN.C..-....`..B....-(.aW./.Bv......^.F.%i..Y...%..%.....Mk@6.fw.......d..S....d@y..:....@Xf..............{.....|.7.k.Mri.*.T.:..*."QIP.2..B.(.$``..... ..@X.......5.m...Q.3.e;.....I...NZ.3&.)1..m....*..w6.>.5.2.&.....A..=m.O.....OJGK4.6...4.>_RIU...t]N.8.O.{fT....'...<*]..E...Y..l....t...p.....k..o....S..k=....?4.....4.5..E.e.B7.....I..:..-.b/"...mk.w :.H..5...>..g....3..k.t~.Y.C.=.[....h..6U.....M.L...x>c^.~.m.....Z.1.W.5*S*Q.1.$..Wp...I.P..)H.O..........o...]+uIc{...E.6..#x..G. v............k..'.e..k.....9.0.(.....*.f....^.J.I..Z.La.K.e.:..JbL..Z\R_...._...y...?..Ia..}[.......4......(.7..d.a.k...D...s......l.......C.[.L..........t.6Z..].Q.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\aviary_client.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1531), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1738
                                                                                                                                                                                                                                                  Entropy (8bit):5.310615763879483
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:jL4Ej0KD98d7lvOKi18GDAxJxFyWLcLBoHC85QsZKwkYq1O:fQKud71OKincxJxMW08RkYq1O
                                                                                                                                                                                                                                                  MD5:BF5DBDBC3BE0BEB13B8DC98C9C80AB1D
                                                                                                                                                                                                                                                  SHA1:F94538C278914A6B7DE73667B59324B2E07EFAA1
                                                                                                                                                                                                                                                  SHA-256:9FD4D6CA3E5428EAAFAB78196B9901DE6871A003335F3A609943904AEC510121
                                                                                                                                                                                                                                                  SHA-512:42439E42E63A86D9F245CADFA42A73AD94C16892737C76DA921BF92BB7974B1FF8097709F079D2028FBB61D590FB0CEB896F9AD9D1CF96572526610F635E14BE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var aviary_client_fileVersion = "1.2.207"; ..function CreateAviaryClientHelper(){try{var a={Get:function(f){try{if(this._aviaryPlugin){var c=this._aviaryPlugin.Get(f);this._logInformation("Get: key: "+f+" value:"+JSON.stringify(c));return c}}catch(d){this._logError("Get exception: "+d.message)}return null},Set:function(c,d){if(this._aviaryPlugin){this._aviaryPlugin.Set(c,d)}},ToJsonString:function(){try{if(this._aviaryPlugin){return this._aviaryPlugin.ToJsonString()}}catch(c){this._logError("ToJsonString exception: "+c.message)}return null},GetDirtyFlag:function(d){try{if(this._aviaryPlugin){return this._aviaryPlugin.GetDirtyFlag(d)}}catch(c){this._logError("GetDirtyFlag exception: "+c.message)}return true},Setup:function(){try{if(this._aviaryPlugin){return}var f=JSONManager.getSingleton("dictionary");var c=f.data;var d=c.product_settings;this._aviaryPlugin=getPluginFactory().Create("ContextItemAviaryStore");this._aviaryPlugin.Initialize(JSON.stringify(d));g

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\common.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (14337), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14537
                                                                                                                                                                                                                                                  Entropy (8bit):5.350517802797016
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ktu3RAn5OgUkr5oAZ0hFrBhCHzWFhBs4tdOceg+tktXSWV03w:k43RAnblghz0TqDsy+tklVH
                                                                                                                                                                                                                                                  MD5:B1F49ADA2A373D0CAFCFC589F7387F38
                                                                                                                                                                                                                                                  SHA1:22C7047052583C698E48510BF7A02A03ACA8B4CB
                                                                                                                                                                                                                                                  SHA-256:D75CA8FB29D82F4B6EB36924E10A8F8A95B38CB7E63F3CB16F559ACD0B5076AC
                                                                                                                                                                                                                                                  SHA-512:F07E04861EC294CA7F3E559983755FF244F6B10675007966078FF89AD4DC5E6FED44B9CD2EE2D6FAF5C53336D377DE63EA89A31FE5B5EAB2700055DB287B32A5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var common_fileVersion = "1.2.207"; ..if(typeof JSON!=="object"){LoadScript("json2.js")}if(typeof enableAnalyticsSDKForUWP==="undefined"){enableAnalyticsSDKForUWP=false}var GetEngineSetting=function(b,a){return a};if(typeof GetSetting==="function"){GetEngineSetting=GetSetting}else{logInformation("Missing GetSetting function; will only use default settings (this is expected pre SDK.2.3)")}var GetEngineProperty=function(b,a){return a};if(typeof GetProperty==="function"){GetEngineProperty=GetProperty}else{logInformation("Missing GetProperty function; will only use default Properties (this is expected pre SDK.2.5)")}if(!enableAnalyticsSDKForUWP){LoadScript("logging.js")}var getSystemPlugin=function(){var a=getScriptVariableStore().Get("system");if(!a){a=getPluginFactory().Create("system");getScriptVariableStore().Set("system",a)}return a};Date.prototype.toISOString=function(a){try{function d(f){var e=String(f);if(e.length===1){e="0"+e}return e}var b=this.getUTCF

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\config_manager.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (842), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1050
                                                                                                                                                                                                                                                  Entropy (8bit):5.331663611219219
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:nvVaMEhIBolSPnrVCYJqPse4A7PWLb/X0rbjIfJNoUy:vbEhDSPrHAPse4A7PW3/X2uo7
                                                                                                                                                                                                                                                  MD5:64F0EE978A9AD6ACEFB78A9E65639166
                                                                                                                                                                                                                                                  SHA1:D0448B2DAE8E0FCE91CE5D212C8FC1A14753E24D
                                                                                                                                                                                                                                                  SHA-256:92831E44E8EB7792CFB274A2AF856B94EB3B6B2F494261B6542C1A129412449C
                                                                                                                                                                                                                                                  SHA-512:2DD51E99D635C7C515011E2BFE0AC03B29F59A2696A7807AC8514579F1BB4AAE79D36AFF67A8CB1507B39FDB588D15E65732AD9012F7E54F2F92D76F3E07E040
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var config_manager_fileVersion = "1.2.207"; ..function CreateEventConfig(){var a={getEvents:function(){var b=JSONManager.getSingleton("events");return b.data},getProfileNames:function(b){try{return this.getEvents()[b].profileNames}catch(c){return null}},getAttributeRules:function(b){try{return this.getEvents()[b].attributeRules}catch(c){return null}},getPriority:function(c){try{var b=this.getEvents()[c].priority;return b.toLowerCase()}catch(d){return""}},getDataSetNames:function(b){try{return this.getEvents()[b].datasets}catch(c){return[]}},_setEvent:function(d,b){try{return this.getEvents()[d]=b}catch(c){return[]}},getThrottleRule:function(b){try{return this.getEvents()[b].throttleRule}catch(c){logWarning("getThrottleRule: failed, cannot find throttle rule attached to "+b);return null}},_events:null};return a}ModuleManager.registerFactory("config_manager",CreateEventConfig);..//953095630E5BC260E5E4F8B036C3C20CAA70AD6ED5B391112307B476B9CB80CAFE7A03BCA5581A55

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\csp_client.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3383), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3587
                                                                                                                                                                                                                                                  Entropy (8bit):5.310702375397368
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:59Brq8ECI+Vttye8xYAAkSynknNkTv5ApLCYnawFwklt48ZI3OU2k9qM4JCZ0urG:trHEfqr6GpdL4RgI3OL8ACe0E9C0B
                                                                                                                                                                                                                                                  MD5:15FBE1F6B7403B7F3E6123FDEB108FB1
                                                                                                                                                                                                                                                  SHA1:15CB2FE8977BE2D30AFF5278992E2901991F59C3
                                                                                                                                                                                                                                                  SHA-256:51A5D5E68164D2F41D9DCB72D9E8422976B228CFCCC7FF123227C6A72944B482
                                                                                                                                                                                                                                                  SHA-512:53A5D02FB4CA42275406B0DCDEE30C180CE733A67C727EABD455D6363115A09A4DA10883352BCCD75494E43B91DC78C51ED5787F9D3A46C1AEE25F6F148B6AFD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var csp_client_fileVersion = "1.2.207"; ..function CreateCSPClientHelper(){var a={getClientID:function(c){if(null==c){logError("Invalid (null) appID for CSP::GetClientID");return null}try{var b=this._getPlugin().GetClientID(c);if(!b){this._reportGetClientIDFailure()}return b}catch(d){logError("Failed to retrieve Client ID from CSP for '"+c+"': exception is '"+d.message+"'")}return null},reportEvent:function(b){},getPolicyItem:function(c,b,e){var d="policy_general_settings."+b;if(e){d="policy_general_settings."+e+"."+b}return this._queryPolicyItem(c,d)},getCachedData:function(c,b){try{return this._getPlugin().GetCachedData(c,b)}catch(d){logError("Failed to load cached data for appId='"+c+"', service='"+b+"': exception is '"+d.message+"'")}return null},_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("cspClient");try{var b={policy:"full_sdk_only"};this._plugin.Config(JSON.stringify(b));logNormal("CSP Client plugin configured to us

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\data_collector.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (13754), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13962
                                                                                                                                                                                                                                                  Entropy (8bit):5.215759154605658
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:IWRhWbpBthL10g4fquSZHo7vwFCw43NvyLUPu1phBOeY4PZTIit6BUQ2wHAUJ6fI:xmbpJY4WXo1tYQZTAV2LhA
                                                                                                                                                                                                                                                  MD5:644CE9F96B15B259E25F64B7CB8F9D7F
                                                                                                                                                                                                                                                  SHA1:E032A895FEFC72F6FBC7BC8765ED91B6992E540C
                                                                                                                                                                                                                                                  SHA-256:436A023C1FC0D163A4BE552E9701EF763769FB4CC61ED82B0B7D73C6EAB884EF
                                                                                                                                                                                                                                                  SHA-512:753140480C744241063E94B55793F1BECBA88B1FB7839A656E869E2C0452F660C2BFD7293E79FC03F538EDD2FDAF393CA82C666743A2DF53578AC1000B2CD72D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var data_collector_fileVersion = "1.2.207"; ..ModuleManager.set("uptime_tracker",function(){return{fetchFromDataDefinition:function(b){try{return null}catch(a){if(a.hasOwnProperty("message")){return"[Plugin method failed: "+a.message+"]"}else{return"[Plugin method failed]"}}}}}());var Create_data_collector=function(){var a={setup:function(){try{this._logInformation("Setup Started.");this._loadDefinitions();this._farmers=this._createFarmers(this);this._refreshers=this._createRefreshers(this);if(!this._farmers||!this._refreshers||!this._definitions){this._logError("Setup failed: farmers("+this._farmers+"). refreshers("+this._refreshers+"). definitions("+this._definitions+")");return}var c=[];for(var b in this._definitions){c.push(b)}this.markDataExpired(c);this._logInformation("Setup Done.")}catch(d){this._logError("Setup failed: "+d.message)}},get:function(h){try{var g=null;if(typeof h==="string"){g=h;h=[h]}if(!h instanceof Array){this._logWarning("get: items

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\data_items.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):18607
                                                                                                                                                                                                                                                  Entropy (8bit):3.675086040693106
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:H/62/66/63xQ2m5dMoaMMmO/h5/JMb//U/zM//2/ka5zP/Rb/Z/X/l/46/n/n/6N:WBmptHLSMn
                                                                                                                                                                                                                                                  MD5:1AED066C47D366C4CF5EEC55A55CFA1F
                                                                                                                                                                                                                                                  SHA1:5ACC4395BCC237DB6C9691A57F12A2DE13B0CA15
                                                                                                                                                                                                                                                  SHA-256:ED8FEF7E21353ACEE5D98C9E29011E6FA94841F031FB847438F44751649B7F4F
                                                                                                                                                                                                                                                  SHA-512:52AACF2ABAC3286DF81D10343CE08EA5BAF2899C9B8B6DA185EBE9B1C24AFF53AC1FFB4848C5320064BE5C44440A00BA2E23F447F7B8269277CCC840714A8332
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "version": "1.2.207",.. "data": {.. "product_analytics_content_version": {.. "params": "getContentVersion",.. "rule": {.. "ruleName": "notNull".. },.. "source": "engineContext".. },.. "product_install_type": {.. "params": {.. "name": "is_loud_install",.. "scope": 0,.. "default": "UNKNOWN".. },.. "rule": null,.. "source": "waSettingsDB".. },.. "product_affiliate_id": {.. "params": {.. "name": "*Affid",.. "scope": 0,.. "default": "0".. },.. "rule": null,.. "source": "waSettingsDB".. },.. "device_geo_id": {.. "params": {.. "name": "SystemGEO",.. "scope": 0,.. "default": "0".. },.. "rule": null,.. "source": "waS

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dataset.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (7140), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7341
                                                                                                                                                                                                                                                  Entropy (8bit):5.272776603492146
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:NSNaQstBT0ZVs64Hwxizhs2RS+R8Btmm9TsbYF0b4G:KWhxhLCPmz4G
                                                                                                                                                                                                                                                  MD5:50680CF3ED41EBB5E92A474BB391B59C
                                                                                                                                                                                                                                                  SHA1:5623E6C32E066200590D2B48AD621B7BC1CD44DD
                                                                                                                                                                                                                                                  SHA-256:83B327F65C58A8A9F2F1FD1FAD1CD43B1A617FB42A8B3356383931895054E855
                                                                                                                                                                                                                                                  SHA-512:4B5BE9CAE57A707C437A3EB2AAA4DCF4C54278977A679B5C197BA66B13D1F21E9E764169F489F0D006D10D0151DE90EBECDAD9517DC973D01CFAD62DCD22F3A4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var dataset_fileVersion = "1.2.207"; ..function CreateDataset(){function b(c){this._name=c;if(!this._name){throw"Dataset created with no name provided"}}b.prototype={initialize:function(d){try{if(!d){this._logError("No configuration defined");return false}var c=d.data_items;if(!c){this._logError("Invalid Data items. Config ("+JSON.stringify(d)+")");return false}this._itemsList=c;var f=d.refresh;this._setRefresh(f);this._logInformation("Initialization complete");return true}catch(g){this._logError("initialize: "+g.message);return false}},get:function(c){try{return this.getContent()[c]}catch(d){this._logError("get: "+d.message)}},getContent:function(){try{this._logInformation("getContent starting");this._logInformation("itemsList"+JSON.stringify(this._itemsList));var d=ModuleManager.getSingleton("data_collector");if(this.dirty){d.markDataExpired(this._itemsList);this.dirty=false}return d.get(this._itemsList)}catch(c){this._logError("getContent: "+c.message)}},

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dataset_da.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (6749), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6953
                                                                                                                                                                                                                                                  Entropy (8bit):5.406953542808857
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:DE+7wzRBsvJdOwfwrsEkRvtPYiNsnWPVybI6gNzgMd7e6peMYs5mIQ0Ql:DE+7uoJdSwHlQit0ONzgC7us5mIQNl
                                                                                                                                                                                                                                                  MD5:0B3699EE9D6ADBC8BE5DE6DFBEFE9EB1
                                                                                                                                                                                                                                                  SHA1:C8ACBF20D3DD65159D27468FDBB2350E4B57C3B1
                                                                                                                                                                                                                                                  SHA-256:D7ECAB2ACF542B4F2208D7482C8AA5804ECED40160B2A7FD49210B34A03E2785
                                                                                                                                                                                                                                                  SHA-512:92623EFFBC1EF55ADBF5CA37A0EC811A913FABBFF1A1A5698C8FD6397479E615C66AC66AF9176F8CFC141FD4C3BE92EF99D9D4A276462BF594C5168D80A42BF3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var dataset_da_fileVersion = "1.2.207"; ..var Create_dataset_da=function(){var a={dirty:true,load:function(){if(!this.dirty){return}setTimeout(1*60*60*1000,function(){this.dirty=true});logNormal("Loading dataset da");this._content={};var f=this._getTimeLastDA_Query();if(!f){logInformation("dataset_da: Failed reading query start value. Going to use 0 as start");f=0}var b=this._getTimeNow();if(!b){logError("dataset_da: Failed reading query end value. Going to quit loading the dataset.");return}var c=24*60*60;b=b-c;try{this._processRequests(this._da_queries,f,b);this._store_DA_QueryTime(b)}catch(d){logError("Failed to load the da dataset: exception is '"+d.message+"'");return}this.dirty=false},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{this.load();if(!this._content){return null}return this._content[b]}catch(c){logError

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\datasets_catalog.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2350
                                                                                                                                                                                                                                                  Entropy (8bit):3.7724549775855634
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:HJEnvU2mEsWYFAnLqrtrMKKbDsHOrpFxssScJZQpcmG/VA7K:mvU2KWsALEJqbDsHofxsJ8ZQsD
                                                                                                                                                                                                                                                  MD5:1ECA2971AD8DBFE9DF6831235966EA3B
                                                                                                                                                                                                                                                  SHA1:69366788B2018049DA5F9250C659E3412DA759C8
                                                                                                                                                                                                                                                  SHA-256:271307F6A5F0B88E9734F212D536962E70FE58587A3F1EB6B2EEF7D174532144
                                                                                                                                                                                                                                                  SHA-512:B4AC164DB465E46481DAF0EF09913AEC723648C1F2D209E5CEDCB97310FEE7B2646980480371E52CE56F8353CB9113FC268A3CFC14D477AD22EE0375DED0AE32
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "version": "1.2.207",.. "data": {.. "default": {.. "data_items": [.. "product_analytics_content_version".. ],.. "refresh": {.. "useEngineDefaultTimeout": true.. }.. },.. "wa": {.. "data_items": [.. "product_version",.. "device_country_code",.. "product_subscription_type",.. "product_ab_test_group_id",.. "user_account_id",.. "product_productkey",.. "product_package_id",.. "device_platform_edition",.. "product_cpu_type",.. "device_platform_version",.. "product_install_type",.. "product_affiliate_id",.. "product_subscription_expiry_date",.. "device_geo_id",.. "user_global_reference_id",.. "device_id",.. "device_platform",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\dictionary.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11114
                                                                                                                                                                                                                                                  Entropy (8bit):4.06719219286141
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:WWOHdgzPqNxXciNwSmX2C6mWaSgkzRqU8MAqZPh4U:IgziHGazGsh4U
                                                                                                                                                                                                                                                  MD5:3E2557F41184A52A640FA7505DA746CF
                                                                                                                                                                                                                                                  SHA1:0DF2A2AC893875C0A5A9B3EE7CEE49C09E47E0BF
                                                                                                                                                                                                                                                  SHA-256:3E4B9EBE1EE082A4D9ACE5463AF166576B4CEC0D8C5ABA6DBC33CAA1F7854229
                                                                                                                                                                                                                                                  SHA-512:F083E2A15261D3DD3F2DCC4F2D1C044CA57943B77733DFA42A3A61380DB5A754B5B4B81DFA504C7A1C3F2E9F5D9E1D1D95C118FB16E856BBA7D75D53E908E3C7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "version": "1.2.207",.. "data": {.. "event": {},.. "global": {.. "uniqueid": "hit_event_id",.. "uniqueidentifier": "hit_event_id",.. "feature": "hit_feature",.. "trigger": "hit_trigger",.. "interactive": "hit_engagement_interactive",.. "hit.interactive": "hit_engagement_interactive",.. "hit.user.initiated": "hit_engagement_userinitiated",.. "userinitiated": "hit_engagement_userinitiated",.. "desired": "hit_engagement_desired",.. "engagement.desired": "hit_engagement_desired",.. "useridentifier": "hit.userid",.. "label1": "hit_label_1",.. "label2": "hit_label_2",.. "label3": "hit_label_3",.. "label4": "hit_label_4",.. "label5": "hit_label_5",.. "label6": "hit_label_6",.. "metric1": "hit_metric_1",.. "metric2": "hit_metric_2",.. "metric3": "hit_met

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\emitter.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (4110), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4311
                                                                                                                                                                                                                                                  Entropy (8bit):5.218987411673366
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Ayk11hc+35U8Md+O2SNyMZ5uGC2AjrkCOGnDbs2//klaeOoR:nk1I+5Md+O2SNtC2WrkCOGnDalJOI
                                                                                                                                                                                                                                                  MD5:6EDB43E2B897ED058467005809A0A98B
                                                                                                                                                                                                                                                  SHA1:0CBEE317745D4B311FAEF7FE8AF3A74302B2AE62
                                                                                                                                                                                                                                                  SHA-256:683F13FF9CEDBC314FFA9DE4847DD44576DFD98C08D0DACF14130A9C33CCE9EB
                                                                                                                                                                                                                                                  SHA-512:99B29C3D15602108084B6F9B98658486F2F9DBF0AE73561131057ADB6B8FE2B6B287C07E2C2C4EC75846303DD23691BCF5DD6B8AC90B45C2E316EF303E115289
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var emitter_fileVersion = "1.2.207"; ..function createEmitter(b,a){function c(g,i){var h=getScriptVariableStore().Get(g);if(h){return h}try{h=getPluginFactory().Create(i)}catch(j){logError("Failed to create plugin: '"+i+"'")}try{getScriptVariableStore().Set(g,h)}catch(j){logError("Failed to set plugin '"+i+"' in store as '"+g+"'")}return h}try{var d={configure:function(g,e){this.profileName=g;this.profile=e;this.transportName=e.transport;this.transportConfiguration=e.transport_config;this.dataSetNames=e.datasets;this.enableRules=e.enableRules;this.throttleRule=e.throttleRule;this.throttleMultiplier=e.throttleMultiplier;this.maxDimensionLength=e.maxDimensionLength;this.extendedAttributesLengthConfiguration=e.extendedAttributesLength},send:function(h){try{if(!this._isEnabled()){logInformation("_isEnabled() returned false. Will not send data to "+this.transportName);return false}h=this._sanitize(h);if("csp"==this.transportName&&"1"==this._getPlugin(this.transpo

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\engine.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (11329), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11529
                                                                                                                                                                                                                                                  Entropy (8bit):5.251509170872591
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:k8+1u9z1l8Le62L9s9Zs2JFsIOSsnQSRTPd3uXsx14jxN2FhvsC7PquQQHDmksFD:Ge1LYpJyZQSRrdeXsx1AxNWFRddDmWM7
                                                                                                                                                                                                                                                  MD5:D2B620DD44EAABD828691CD183544D77
                                                                                                                                                                                                                                                  SHA1:F69EE6279E138B861C753B0337B64F97D650E0A7
                                                                                                                                                                                                                                                  SHA-256:EDE3C3FA3231657C54873834025FC874812F66CBA5BBADD49B35CA41BB161819
                                                                                                                                                                                                                                                  SHA-512:B70EE95087C2CE049FB95C82930D2B0AD9EB65DA177B725F14A705E569C9DBA13F818369EB5DCA2BDAB854A959DD18A06E68F6F637A1B4344E52A29D7F7CBB3C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var engine_fileVersion = "1.2.207"; ..LoadScript("common.js");var _factoryManager=CreateFactoryManager();var ModuleManager=CreateModuleManager(_factoryManager);var JSONManager=CreateJSONManager();var StorageManager=CreateStorageManager();var PDManager=CreatePDManager();var RegistryStore=null;var setContentHeartbeatTimeout=function(b,a){var d=getScriptVariableStore().Get("heartbeattimerid");if(d){try{clearInterval(d)}catch(c){logWarning("setContentHeartbeatTimeout: Fail to clear timer id "+c.message)}}d=setTimeout(b,a);getScriptVariableStore().Set("heartbeattimerid",d)};var engine={defaultClientAnalyticsRegistry:GetEngineSetting("Analytics.Base.RegKey","HKLM\\SOFTWARE\\McAfee\\McClientAnalytics"),heartbeatTimestampKey:"analytics_content_heartbeat_timestamp",datasetsRefreshRate:60*60*1000,userId:null,createEventJson:function(c,a){try{a["Tracker.Type"]="event";return{UniqueIdentifier:c,type:"event",payload:a}}catch(b){logError("engine::createEventJson: Exceptio

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\error_transmitter.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2529), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2740
                                                                                                                                                                                                                                                  Entropy (8bit):5.307372536970292
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:jURsQEqp22+r9sEDQgWenZsEXRiRmf3djAFzsEysEBQsEsFsEBMCnUGsEaffL/T8:vQnp2fxsrsnZsEAEf3d0FzsFsfsHFszw
                                                                                                                                                                                                                                                  MD5:4ADEEACD0258D40755E5A022B33F7546
                                                                                                                                                                                                                                                  SHA1:2A02C96A0887BF6D2D46DCE1F59C9A0E6A1093C4
                                                                                                                                                                                                                                                  SHA-256:CDD72A97AEEFEB56A17CE7EC7994D94F2814920307C97945B35C01035BA38839
                                                                                                                                                                                                                                                  SHA-512:FB8817E0BAC93E97E621BF6F8CBC0B8089D7FEEFEF3EAFE202935D9DC7412E0F61A83BCDB4F59BF5F1F689534924BACED815D9A54927937C5258290E6650A10A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var error_transmitter_fileVersion = "1.2.207"; ..function CreateAnalyticsErrorTransmitter(){function a(){this.setup()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.messageName="analytics_event_error_occurrred";a.prototype.setup=function(){var c=ModuleManager.getSingleton("config_manager");var d=c.getProfileNames(this.messageName);if(!this.emitter&&d){this.profileName=d[0];this.emitter=this.retrieveEmitter(this.profileName)}};a.prototype._generate=function(c,e){var f={hit_event_id:this.messageName,hit_category_0:"Analytics.Event.Error",hit_trigger:c,hit_action:"Analytics.Event.Rule.Failed"};if(findObjectSize(e.type["ruleMismatch"])){f.hit_category_1="ruleMismatch";f.hit_label_0=JSON.stringify(e)}else{if(findObjectSize(e.type["ruleError"])){f.hit_category_1="ruleError";f.hit_label_0=JSON.stringify(e)}else{if(e.type["rejected"]){f.hit_category_1="rejected";f.hit_label_0=JSON.stringify(e)}}}var d=new Date();f["__record.created"]=d.toISOStr

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\event_handler.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (6709), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6916
                                                                                                                                                                                                                                                  Entropy (8bit):5.332785368649959
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Xb+vdzkDCDfgTg3ZyHORvgaF22TYlpt3NnhYqBU3YYXCf1S/:wkDgrouvgaF22TYlpdNnhVW3YK0w/
                                                                                                                                                                                                                                                  MD5:5D3894984C361C0872B32692D17E4C9A
                                                                                                                                                                                                                                                  SHA1:B877DE05F412254B3BCB20376A768E82B4AFB403
                                                                                                                                                                                                                                                  SHA-256:2BA37D92C9482CCA05EEB44B7D88E95CB7B2D923C2149DEAEE6F052060CE1BD5
                                                                                                                                                                                                                                                  SHA-512:FF6EF80108F614BE3F3B6BA49262B1571ECC760E6467ECB83D2E5D5A69DEFF146D65F960E0B2D78FD02560AF4ECE6576FCD5106572F9DFB044F329C325845CEC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var event_handler_fileVersion = "1.2.207"; ..if(typeof dataManipulator!=="object"){LoadScript("common.js")}function CreateEventHandler(){var c={handleEvent:function(g){try{var h=JSON.parse(g);var f=h.type;if(("MessageBusPlugin"==f)||("InProcAPI Plugin"==f)){this._processMsgBusEvent(h.payload)}else{if("UWP_Event"==f){this._processAnalyticsAddRecord_v1(h)}else{logWarning("Unexpected message was rejected (unknown type): "+g)}}}catch(i){logError("Failed to process incoming event: exception = '"+i.message+"'")}},handleV1Record:function(e){this._processAnalyticsAddRecord_v1(e)},_processMsgBusEvent:function(h){try{var f=h.name;var k=h.payload;if(("Analytics.v1.AddRecord"==f)||("Analytics.AddRecord"==f)||("Analytics.Automation.AddRecord"==f)){return this._processAnalyticsAddRecord_v1(k)}var j=ModuleManager.getSingleton("data_collector");j.notifyMsg(f);var g=ModuleManager.getSingleton("observation_analytics");g.handle(f,k)}catch(i){logError("Failed to process message

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\events.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):111041
                                                                                                                                                                                                                                                  Entropy (8bit):3.9348502925966873
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:MfTdafTwJm8IKF7aSFjNEwH9H44dfgLLwSf4DAEqCLZ++ZY9cmQjqLqjVLBe+82Q:+GVnLw4Vlc41Semf5ZC
                                                                                                                                                                                                                                                  MD5:88E1A666137E08C1DF1184311EE4EDC3
                                                                                                                                                                                                                                                  SHA1:5EA47571ED9826D834414F4FD3859081781124CB
                                                                                                                                                                                                                                                  SHA-256:A3CF45EF0EFDE76EE0EDC622E4A060F9AD89D253D2789980B42585C75E9319DC
                                                                                                                                                                                                                                                  SHA-512:443A6BECC9D649B63ED9B7C291F6873161F6429029E7C18EA683FFEA49650161A911CFD7F791441C59FA6689FE9D8C3564259EF507EABD6F008968A0CC85E014
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "data": {.. "wa_advanced_protection_signals_impression": {.. "attributeRules": {.. "hit_action": {.. "meta": "screen_load",.. "ruleName": "override".. },.. "hit_category_0": {.. "meta": "Analytics",.. "ruleName": "override".. },.. "hit_engagement_interactive": {.. "meta": true,.. "ruleName": "override".. },.. "hit_feature": {.. "meta": "TBD",.. "ruleName": "override".. },.. "hit_label_0": {.. "meta": "success",.. "ruleName": "override".. },.. "hit_label_18": {.. "meta": "AdvancedProtectionSignals",.. "ruleName": "override".. },.. "hit_label_19": {.. "meta": "Impression",.. "ruleName": "override".. },.. "hit_label_20": {.. "meta": [.. "ch",.. "CH",.. "ff",.. "FF",.. "ed",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\hash128.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (4059), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4260
                                                                                                                                                                                                                                                  Entropy (8bit):5.611688326739459
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:vhGfe5Z6TQ25OkR/ZCpMJFU7Rz94+IFpRREbgMG6hxOIq4sU/G/HIGIkUNjYbXO8:vI14icRpVIbRybgMGyxOIq4sU+/oGIkT
                                                                                                                                                                                                                                                  MD5:7983FF75E04CC866E9C3736EC6CA6E38
                                                                                                                                                                                                                                                  SHA1:84DFDEC6B1C7DA0766F55C9B19B0208FEDA82FC4
                                                                                                                                                                                                                                                  SHA-256:FD0C12EE4B5A3C229876C78E882C9C22E110D63DE0BDE7AB6755599B6BB7213A
                                                                                                                                                                                                                                                  SHA-512:FD15671001D00170D9A46B6400776EFDA9C2C3F852D2C8CFBB76194AB2215FC1F94956D6026CA58AFB209C79099B1508EE518D4CEA2192358F4CD3B1F02B34DE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var hash128_fileVersion = "1.2.207"; ..function CreateHasher128(){var a={hash128:function(s){function L(c,b){return(c<<b)|(c>>>(32-b))}function K(x,c){var G,b,k,F,d;k=(x&2147483648);F=(c&2147483648);G=(x&1073741824);b=(c&1073741824);d=(x&1073741823)+(c&1073741823);if(G&b){return(d^2147483648^k^F)}if(G|b){if(d&1073741824){return(d^3221225472^k^F)}else{return(d^1073741824^k^F)}}else{return(d^k^F)}}function r(b,d,c){return(b&d)|((~b)&c)}function q(b,d,c){return(b&c)|(d&(~c))}function p(b,d,c){return(b^d^c)}function n(b,d,c){return(d^(b|(~c)))}function u(G,F,aa,Z,k,H,I){G=K(G,K(K(r(F,aa,Z),k),I));return K(L(G,H),F)}function f(G,F,aa,Z,k,H,I){G=K(G,K(K(q(F,aa,Z),k),I));return K(L(G,H),F)}function D(G,F,aa,Z,k,H,I){G=K(G,K(K(p(F,aa,Z),k),I));return K(L(G,H),F)}function t(G,F,aa,Z,k,H,I){G=K(G,K(K(n(F,aa,Z),k),I));return K(L(G,H),F)}function e(x){var H;var k=x.length;var d=k+8;var c=(d-(d%64))/64;var G=(c+1)*16;var I=Array(G-1);var b=0;var F=0;while(F<k){H=(F-(F%4)

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\json2.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3618), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3817
                                                                                                                                                                                                                                                  Entropy (8bit):5.530625915891614
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CbxjvqEYontqQYCNRqihKDMl1Q9/+slg60yvb0Pz/RlOZglybLnE3L:hEKTGzg2sWqz+lybLEb
                                                                                                                                                                                                                                                  MD5:20F5C2032879B10E8B580C46AC1EF8CC
                                                                                                                                                                                                                                                  SHA1:DBCF94C479FDB1A8EF68516985D5119DCA24ED30
                                                                                                                                                                                                                                                  SHA-256:F2B3D3B14C5F9333FB239A13F7E67F01C9376A1590149C93D19F10859BF85029
                                                                                                                                                                                                                                                  SHA-512:865280D030E7D106B40DF9302EF18449B2AD15585309884C4762233D32B08FBA5FB63415BB1F91BCD6CB23C64BAD7A2C3443806A884647E73A28892BB3656A6A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var JSON2_fileVersion = "1.2.207"; ..if(typeof JSON!=="object"){JSON={}}(function(){var rx_one=/^[\],:{}\s]*$/;var rx_two=/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g;var rx_three=/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g;var rx_four=/(?:^|:|,)(?:\s*\[)+/g;var rx_escapable=/[\\\"\u0000-\u001f\u007f-\u009f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;var rx_dangerous=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g;function f(n){return n<10?"0"+n:n}function this_value(){return this.valueOf()}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.toJSON=function(){return isFinite(this.valueOf())?this.getUTCFullYear()+"-"+f(this.getUTCMonth()+1)+"-"+f(this.getUTCDate())+"T"+f(this.getUTCHours())+":"+f(this.getUTCMinutes())+":"+f(this.getUTCSeconds())+"Z":null};Boolean.prototype.toJSON=this_value;Number.prototype.toJSON=this_valu

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\logging.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3176), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3377
                                                                                                                                                                                                                                                  Entropy (8bit):5.479273243699144
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:BXNGJtGJIGM+GtH5jnV+g2CdWVvDK1lEwJ2MPRp0WvmQ:SJEJTMpzYVrKwMPv0W5
                                                                                                                                                                                                                                                  MD5:B555BD6163BDF924B6C1B5074C601639
                                                                                                                                                                                                                                                  SHA1:6C8589BB8C6DD5E3DA3601BF0EE4145A82F3783E
                                                                                                                                                                                                                                                  SHA-256:A92DAFE1710A0C98889B1424A772C4D629B8AC3E64718B712EEF9A9398EA7BF9
                                                                                                                                                                                                                                                  SHA-512:BD0803FCF279DFC0A957CB62B77001301D9948058F2937E46812D30A3916DEF715B8C24BCA03443A89D1A9D123E0CB302719010F64D7911827AB6AB13A21486F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var logging_fileVersion = "1.2.207"; ..var debugEnable=false;function callerName(){var a=arguments.callee.toString();a=a.substr("function ".length);a=a.substr(0,a.indexOf("("));return a}function getLogger(){var b=getScriptVariableStore().Get("logging");if(b){return b}try{b=getPluginFactory().Create("logging");try{debugEnable=GetEngineProperty("Analytics.SDK.Script.Debug.Enable",debugEnable)}catch(a){}}catch(a){b={LogMessage:function(){},WriteToConsole:function(){},WriteToSyslog:function(){}}}getScriptVariableStore().Set("logging",b);return b}var LOG_SEVERITY_NORMAL=1;var LOG_SEVERITY_WARNING=2;var LOG_SEVERITY_INFORMATION=3;var LOG_SEVERITY_ERROR=4;var LOG_SEVERITY_CRITICAL=5;var SYSLOG_EMERG="emerg";var SYSLOG_ALERT="alert";var SYSLOG_CRITICAL="crticial";var SYSLOG_ERROR="error";var SYSLOG_WARN="warn";var SYSLOG_NOTICE="notice";var SYSLOG_INFO="info";var SYSLOG_DEBUG="debug";var logNormal=function(b){try{b=sanitizeLogMessage(b);getLogger().LogMessage(LOG_SE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\mappings.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2160), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2362
                                                                                                                                                                                                                                                  Entropy (8bit):5.341126002451161
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ts7j7XL5Zqjbtkp2yI4XNJEE+yqAUfOh6A+33SRWVCYCZVpjCm:C/IkxXn1+yQOh6D33vCtVpmm
                                                                                                                                                                                                                                                  MD5:201D239AC5641E21276B010729194627
                                                                                                                                                                                                                                                  SHA1:BC28DE2C3B754F70E28AC6AC338B922A298C6355
                                                                                                                                                                                                                                                  SHA-256:073705514949ECEFCF223B162CCDFB2F441B751D4F300E8C66CDDD97ECFA43FB
                                                                                                                                                                                                                                                  SHA-512:DEB9B0F64A2C829933EFC574F3E89ED208D0A2764154F8B874FAF68C8C8128EE09C3F65810CC04149706730B7EBF289C00A66C5170B03A770613E0624B479A11
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var mappings_fileVersion = "1.2.207"; ..function CreateMapping(){var a={eventMap:function(c,b){if(!(b in this._eventTable)){return c}return this._map(this._eventTable[b],c,true)},globalMap:function(b){return this._map(this._globalTable,b,true)},daMap:function(b){return this._map(this._daTable,b,true)},profileMap:function(c,b){if(!(b in this._profileTable)){return c}return this._map(this._profileTable[b],c,true)},getProfileTableStr:function(b){if(!(b in this._profileTableStr)){return"{}"}else{return this._profileTableStr[b]}},getFlippedProfileTable:function(c){if(!(c in this._profileTable)){logWarning("Requesting flipped table for invalid profile "+c);return{}}if(c in this._flippedProfileTable){return this._flippedProfileTable[c]}this._flippedProfileTable[c]={};for(var b in this._profileTable[c]){var d=this._profileTable[c][b];this._flippedProfileTable[c][d]=b}return this._flippedProfileTable[c]},_map:function(b,f,h){if(!b||!f||(typeof f!=="object")){logWarni

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\mcutil.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1832), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2032
                                                                                                                                                                                                                                                  Entropy (8bit):5.423277669449905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:+s9YBy8KJU9hYErsYvZ5YxHqbWbb//yb07jcFl4ADv8TuScS:+aY7MErvScaiNXScS
                                                                                                                                                                                                                                                  MD5:3CBF8AFC920909380ACB992BDF3E512B
                                                                                                                                                                                                                                                  SHA1:04671BE11FE13EA1F94720F6000E8BDA4EC85A17
                                                                                                                                                                                                                                                  SHA-256:C7A25297A77FA791908A502D7E2C9947495FEE364F4D0B082C840B160E8DAA8E
                                                                                                                                                                                                                                                  SHA-512:BFE85B6B8900C53AEF2E2DC43644CCDDA69363CDAAA8152DC43754BA27F3B5EAE647564EF65C46E9EF11D6DBCD217F82B9339FFADF95120F5732B9F168D0AF4A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var mcutil_fileVersion = "1.2.207"; ..function CreateMcUtilHelper(){var a={_logError:function(b){logError("mcUtil: "+b)},_logInfo:function(b){logInformation("mcUtil: "+b)},_getPlugin:function(){if(!this._plugin){var c=ModuleManager.getSingleton("data_collector");var b=c.get("analytics.sdk.version");if(b.match("^2.[0-5]")){this._logInfo("This SDK does not support mcUtil plugin. sdkVer("+b+")");return null}this._plugin=getPluginFactory().Create("mcUtil")}return this._plugin},_plugin:null,_hardwareId:null,_softwareId:null,storeHardwareAndSoftwareId:function(d){try{this._logInfo("storeHardwareAndSoftwareId - start");if(!this._getPlugin()){return}var b=d;if(!d){var h=ModuleManager.getSingleton("data_collector");var f=h.get("WSS.Hardware.ID");b=(f==="[ruleMismatch]")?true:false;this._logInfo("value: "+f);this._logInfo("storeValue: "+b)}if(!b){this._logInfo("Not going to storeValue");return}this._invokeGetMachineId();if(!this._softwareId){this._logError("storeHardw

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\observation_analytics.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1151), with CRLF, LF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2017
                                                                                                                                                                                                                                                  Entropy (8bit):5.26731779293553
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:nvCEumJTxfCViKARzApkiNOVBdDzdzHbp5db5GFDvVd9MGZdozuIdvm47q:nvVusTxfCViK0zJD5zHVjb5GFDvfb5IK
                                                                                                                                                                                                                                                  MD5:ABBC3977ABF11A6939F540A6868D33C1
                                                                                                                                                                                                                                                  SHA1:05369495EA24DFF62B8228AC6062C67161DCED7D
                                                                                                                                                                                                                                                  SHA-256:5F866BB319EC2ED7439190ACCE6706C9B23A3BFDED5199A0E75A876A2A320D05
                                                                                                                                                                                                                                                  SHA-512:6F504C616DFBD2B3C9C6B0593A34E7FAFE640DDF96C74FB0033DE8604F0970E3C4E6356D0CACB0EA2892BB4EBEE4373C51A7CB3D5AF2AEEEB6F8F1303CE5D842
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var observation_analytics_fileVersion = "1.2.207"; ..function getObservationAnalyticsEngine(){./*. * config format:. * 'Message.Name' : { // name of obsved message on messagebus that we will subscribe to. * 'map' : { // map from message keys --> analytic friendly keys. * 'Count' : 'Metric1', // ex. 'Count' : 123 --> 'Metric1' : 123. * 'Policy' : 'Event.Label' // ex. 'Policy' : 'XYZ' --> 'Event.Label' : 'XYZ'. * },. * 'default' : { // default values that are not specified in the obsved message. * 'hit_event_id' : 'XYZ'. * }. * }. */.var a=function(){var d=JSONManager.getSingleton("observability_datasets");if(!d){d={data:{}}}return d.data};var b=a();var c={start:function(){try{var d=getMessageBus();for(var f in b){d.Subscribe(f)}logDebug("observationEngine Started")}catch(g){logError("observationE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\operations.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (6532), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6736
                                                                                                                                                                                                                                                  Entropy (8bit):5.338180967031238
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:1Ak6WqZs6S+qL5QaQlifjf9i/OCi8sdHvzqZ+SSf72NfoDc8H5sviXvn34Z:1EbS7yidGBdg4Z
                                                                                                                                                                                                                                                  MD5:9EE3DA049A15DC1FED10A69374D29AA5
                                                                                                                                                                                                                                                  SHA1:663BF2C28E76A62D7344C7BCE0E79CA981F6E37E
                                                                                                                                                                                                                                                  SHA-256:626ED39BCBF1FD198FE95CFA0E41B3A4054E2012E9DB727ACFB98B621B3EBA3D
                                                                                                                                                                                                                                                  SHA-512:25E75948D8FF66329D756E7F1A3CA326D1CDB674BBA7D9D986679BE877E07AAEC1A176FA7FB08A86B00C04FD98C8D523B7B6C5A1136C2E1EACAB6E58C6A33603
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var operations_fileVersion = "1.2.207"; ..function CreateDataOperations(){var a={apply:function(c,b){try{if(!b){return c}if(!this._isValidValue(c)){this._logWarning("Invalid value Val("+c+"). Operation with operationConfig("+JSON.stringify(b)+") will not be applied");return null}return this[b.name](c,b.params)}catch(d){this._logError("operations:apply: Excption caught("+d.message+". Val("+c+"), operationConfig("+JSON.stringify(b)+")");return null}},noop:function(b){return b},equal:function(b,c){return b==c},isValueValid:function(b){return(b!="[not assigned]")&&(b!="[ruleMismatch]")&&(b!="[ruleError]")},notNull:function(b){return(b!=null)},validLen:function(b){if(!b){return null}try{b=JSON.parse(b)}catch(c){this._logError("validLen: value ("+b+") not an object, exception: "+c.message);b=[]}if(!(b instanceof Array)){this._logWarning("validLen: value not an array ("+b+").");b=[]}return b.length},lenEqual:function(b,c){return(this.validLen(b)==c)},lenGreater:fun

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\preprocessors.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (825), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1032
                                                                                                                                                                                                                                                  Entropy (8bit):5.407206303181614
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:nHaMLYQI/YCqYJIAb2sFsn5caYyb2srq7Y4cbfsk0RrnsEeEcEQ02ka+5X:9LVI/xqIXbTFsKrybTAncbfl0RrsnEQ0
                                                                                                                                                                                                                                                  MD5:3A098C1847B809C74FA2F81A6EDB7A2A
                                                                                                                                                                                                                                                  SHA1:44FE06FAFB93229C16B5AFCEA617A9FFD0FD7ED3
                                                                                                                                                                                                                                                  SHA-256:50343A3BA19D3B1EA88CB25AFB793A6F3A9EF89F1536877FFAF63488B42171C1
                                                                                                                                                                                                                                                  SHA-512:541DE8EAA210AFE0A8984BC4596BEE91676AA0266BA9C285B1F8206DD349F7E811C9A90B6C7813EE21C003B0859DD175BC7AFD4FA5791E70A5320A7C4C41E24A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var preprocessors_fileVersion = "1.2.207"; ..function CreatePreprocessors(){var a={noop:function(b){return b},splitByComma:function(b){return b.split(",")},joinWithComma:function(b){return b.join(",")},sum:function(b){var d;for(var c in b){d=b[c]}return d},toInt:function(c){if(typeof(c)=="object"){for(var b in c){logConsole("toInt value="+c[b]+" parseInt:"+parseInt(c[b]));c[b]=parseInt(c[b])}return c}return parseInt(c)},toString:function(c){if(typeof(c)=="object"){for(var b in c){c[b]=c[b].toString()}return c}return c.toString()},toUpper:function(b){return b.toUpperCase()},apply:function(c,d){logConsole("rules type="+typeof(d)+" rule= "+d+" value="+c+" typeof(value)="+typeof(c));if(!d){return c}if(typeof(d)=="object"){for(var b in d){c=this.apply(c,d[b])}return c}return this[d](c)}};return a}ModuleManager.registerFactory("preprocessors",CreatePreprocessors);..//2A8BA9A3CF28FE0B788EE8EE5EF460AE4C277718D31A3828255A026318A7D3CBC2DAE6A471F917D6459DA78B69D7D366DA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\profile.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5310
                                                                                                                                                                                                                                                  Entropy (8bit):4.151562694252807
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Hm9y51drjiTX2/mIQft9y51drGhImxs9y51druhmmxD9y51drGhIme0mW9y51dro:Mf2/dGTYs62sBY0m821O62Rp
                                                                                                                                                                                                                                                  MD5:77EC6811E64A2D1062B6D2B6E99FE511
                                                                                                                                                                                                                                                  SHA1:AD89005E27D4AF9751C203D794E3BEE95857F834
                                                                                                                                                                                                                                                  SHA-256:B54D150627770DB1B485F3B1C35D21A3B2680638146C435AA584B9375E223DCB
                                                                                                                                                                                                                                                  SHA-512:509396EB87E906B49137C15FDC2A3BA2C01E47775684104734972ABFC26635A74715911BAD1E78AC358B6505724C683B63016ED960B1768E7F81AA5FE826572A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "version": "1.2.207",.. "data": {.. "profile_webadvisor_mosaic_100p": {.. "transport": "eh",.. "dictionary": "dictionary_wa_mosaic",.. "datasets": [.. "default",.. "wa".. ],.. "maxDimensionLength": 500000,.. "appid": "7b3ed1a8-7907-436a-ac6c-640bfd5db80c",.. "transport_config": {.. "apiVersion": "2014-01",.. "servicebusNamespace": "cu1pehnswebadvisor1",.. "eventHubPath": "new_wa",.. "sharedAccessKey": "IU1g+5XrDoldu/krnr8GDbVL/jHXoqZrH9alKG29J8Q=",.. "sharedAccessName": "new_wasend".. },.. "throttleRule": {.. "meta": 100,.. "ruleName": "dailyMax".. },.. "throttleMultiplier": 64.. },.. "profile_webadvisor_mosaic_kongapi_100p_qa": {.. "transport": "mosaic_api_v2",.. "dictionary": "dic

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\registry.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2785), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2987
                                                                                                                                                                                                                                                  Entropy (8bit):5.391898752346337
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:kNToenoesA9R/io8udVQN7wfagenv7sboA+FNvf4uCmnWoGbA/WoGb5u4U74:gBVsuvsnvYc/UiWAWBun74
                                                                                                                                                                                                                                                  MD5:C3DDA0578EB6C5E9E98822CFCDDD2F77
                                                                                                                                                                                                                                                  SHA1:7465CABFCCEFCAFFAFF46748C4CE084479BECDDC
                                                                                                                                                                                                                                                  SHA-256:42AA37BFA9397326FD2221029DB7F77555CFEFF9F3CE4220AADE522E22E93C71
                                                                                                                                                                                                                                                  SHA-512:9175040B933F546B8F3C57CB38015C7E6A849C303FF9A76848AEF1DA2713F4CF49A3A77F11081154C6F6848CAC88CDAD380EB9391755426A691214BBA89F7E05
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var registry_fileVersion = "1.2.207"; ..function CreateRegistryHelper(){var a={openKey:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode");return this._getPlugin().CreateReg(c)}logDebug("open registry in read mode");return this._getPlugin().OpenReg(c)},openKey64:function(c,b){if(typeof b!=="boolean"){b=false}if(b){logDebug("open registry in write mode (x64)");return this._getPlugin().CreateReg64(c)}logDebug("open registry in read mode (x64)");return this._getPlugin().OpenReg64(c)},queryValue:function(c,b){var g=false;try{if(typeof b==="boolean"){g=b}var f=this._getPlugin().QueryValue(c,g);return f}catch(d){logInformation("Failed to query "+(g?"obfuscated ":"")+"registry key '"+c+"': exception is '"+d.message+"'")}return null},setValue:function(d,f,b){var h=false;try{if(typeof b==="boolean"){h=b}var c=this._getPlugin().SetValue(d,f,h);if(!c){logDebug("registry.setvalue failed ("+d+", "+f+")")}return c}catch(g){logInfor

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\rest_transport.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (6423), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6631
                                                                                                                                                                                                                                                  Entropy (8bit):5.299670531341887
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:S8sCKa1ZC0CG20+M9wBFmGO1zadW9NvEPzs5C7c8a5dcQbefnLpNxZ:6B9PzpR
                                                                                                                                                                                                                                                  MD5:F9918F7C56ADDF54DAC785161A448446
                                                                                                                                                                                                                                                  SHA1:C35138433004A8DD0BE6AF271748B0348E653E44
                                                                                                                                                                                                                                                  SHA-256:349E3AA4B233C2EDE4BB2ED593B6064D2EC432E8DEBDB43F99EA04ECD36ED0D5
                                                                                                                                                                                                                                                  SHA-512:0CCDBA4EEBAB0FBDFDE7A36D4BA1244EDADC9E8E0971305FD9C78EB0580C70A98604E2503F03DEE753D876769DA13FE22D9B6D9232BDC1439D85252946156BCA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var rest_transport_fileVersion = "1.2.207"; ..function RESTtransportPlugin(){this._plugin=null;this._requestHeaders={};this._url=null;this.RESTClientAvailable=false}RESTtransportPlugin.prototype=ModuleManager.create("transport_template");RESTtransportPlugin.prototype.constructor=RESTtransportPlugin;RESTtransportPlugin.prototype.GetVersion=function(){try{if(!this._plugin){return null}return this._plugin.GetVersion()}catch(a){}};RESTtransportPlugin.prototype._createRESTclientPlugin=function(){try{this._plugin=getPluginFactory().Create("RESTclient");if(!this._plugin){logError("RESTtransportPlugin:: Could not create RESTclient plugin");return false}return true}catch(a){logError("RESTtransportPlugin:: Failed to initialize the plugin for '"+name+"': exception is '"+a.message+"'");return false}};RESTtransportPlugin.prototype._setup=function(){try{this._url=this._config.url;if(!this._url){logError("Invalid (unspecified) URL for '"+this._name+"', version "+this.versi

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\rules.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3246), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3445
                                                                                                                                                                                                                                                  Entropy (8bit):5.356749738549081
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YM0Vnh1PJzvkXv3i/kYrAH6aEPhZf3a4BdaFBLYFpGbaaPYFpGbMmUpXjJbO8iRT:Hfpkq4qFypHrVdiSN5bYQhavJHsI
                                                                                                                                                                                                                                                  MD5:03E1CF256ECCA67F71C03E80F523E1E1
                                                                                                                                                                                                                                                  SHA1:E0E40A0C65C991D5F4D66E11709EBC6F0DE7527F
                                                                                                                                                                                                                                                  SHA-256:FCD1D2A21372C716729057E3B1204844FAF21755EE524B5582AFB997DC775970
                                                                                                                                                                                                                                                  SHA-512:82ADA970915808DCB2DC926C48F7D121D711969DB7512AC15CB8EA3388EBAB968E80B77E99F4C6AE13B5FDA31CAFA600CB69E8CA13459280E56B1099F413F589
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var rules_fileVersion = "1.2.207"; ..function CreateRules(){LoadScript("sha256.js");var a={notNull:function(b,c){return(b!=null)},inRange:function(b,c){return(b>=c.min)&&(b<=c.max)},equal:function(b,c){return(b==String(c))},greater:function(b,c){return(b>c)},greaterEqual:function(b,c){return(b>=c)},less:function(b,c){return(b<c)},lessEqual:function(b,c){return(b<=c)},notEqual:function(b,c){return(b!=String(c))},startsWith:function(b,c){return !b.indexOf(c)},endsWith:function(b,c){return b.indexOf(c,b.length-c.length)!==-1},contains:function(b,c){return b.indexOf(c)!==-1},regex:function(c,f){try{var b=new RegExp(f);if(f.expr&&f.flags){b=new RegExp(f.expr,f.flags)}return b.test(c)}catch(d){logWarning("rules.regex exception: "+d.message);return false}},timestamp:function(b,c){if(!b){return false}return(new Date(b)).toISOStringms()==b},"in":function(c,d){for(var b in d){if(c==String(d[b])){return true}}return false},isType:function(b,c){return(typeof b===c)},isE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\sha256.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (709), with CRLF, LF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):37442
                                                                                                                                                                                                                                                  Entropy (8bit):5.182461810815972
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:wNLZ52t2LQdhrnY09gCZHAtV9EhhfVroWqA2l:wv5KUQ809gwHAlybqAK
                                                                                                                                                                                                                                                  MD5:F537624BEFCF3D5C8BFB1B6E6E080C27
                                                                                                                                                                                                                                                  SHA1:A05D1F1713A801A078DE5466DC98B113DF3542BB
                                                                                                                                                                                                                                                  SHA-256:61CF3782570531EA00959C733C001E41191143224E9AA1F05A2C6EA7F9B81987
                                                                                                                                                                                                                                                  SHA-512:6EDE0C255EA1A720ACDCF227CBABC07798C1F8390C57A5F4EC18C48DB0EFE01E3051E102A563EE47D4E5F32E162872021075B5C83302248A1D69227592F54BA8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var sha256_fileVersion = "1.2.207"; ../*.Copyright (c) 2008-2017, Brian Turek.All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. * Redistributions of source code must retain the above copyright notice, this. list of conditions and the following disclaimer.. * Redistributions in binary form must reproduce the above copyright notice,. this list of conditions and the following disclaimer in the documentation. and/or other materials provided with the distribution.. * Neither the name of the the copyright holder nor the names of its. contributors may be used to endorse or promote products derived from this. software without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS".AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE.IMPLIED WARRANTIES OF MERCHANTABI

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\subdb.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (663), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):862
                                                                                                                                                                                                                                                  Entropy (8bit):5.490919968989528
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:nYmaMV5IOd09ODopDwLgmjNnbijyUIihtUR:tV5iOD+ss4NbieDGte
                                                                                                                                                                                                                                                  MD5:EB3E712B17A036B166AF5F45974C73E3
                                                                                                                                                                                                                                                  SHA1:9679D85A870EDB37A79A4536A89387EA9DF9EF51
                                                                                                                                                                                                                                                  SHA-256:FFACAF239D4EAEF3E1CA8715932988D76E5538699E424D37852FA7A18D4111AD
                                                                                                                                                                                                                                                  SHA-512:90650A8A3064FFECDECF462AFC8EAE283D429C15860ED0AE20F15DDDEFD106BA2A207CAE64F5D92A51C863B9D34A0953C18891EC77A810E95775F0F65BBC22A2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var subdb_fileVersion = "1.2.207"; ..function CreateSubDbHelper(){var a={_getPlugin:function(){if(!this._plugin){this._plugin=getPluginFactory().Create("subdb")}return this._plugin},_plugin:null,fetchFromDataDefinition:function(c){try{if(!c){logError("subdb:fetchFromDataDefinition: No dataDefinition supplied");return null}if(c.action==="canIRun"){return this._getPlugin().CanIRun(c.appid)}if(c.action==="GetProperty"){return this._getPlugin().GetProperty(c.appid,c.name)}logError("Unknown action name ("+c.action+")")}catch(b){logError("subdb:fetchFromDataDefinition: "+b.message+". dataDefinition"+JSON.stringify(c))}return null}};return a}ModuleManager.registerFactory("subdb",CreateSubDbHelper);..//510B6CF2F4B5F5627F98E3A207501510DF1A543E23B23AA0DC6EC97FB2920BFB822A063BC45B3DC4140D6895D94C8C9BE91339ACA6CAAA2FDDD05F839AB76744++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transmitter_template.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3717), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3931
                                                                                                                                                                                                                                                  Entropy (8bit):5.348065191482385
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:TDeOIhVr9zrhSLCxNBpyX0irau/9lRCHfYMSWmL8s:2OIBzrhscB80irj/9lwH+Is
                                                                                                                                                                                                                                                  MD5:233219ECDC73DDB26CA928030F2F0088
                                                                                                                                                                                                                                                  SHA1:9C4F96173A42196DE65E2C07CF80FC6170C93FC8
                                                                                                                                                                                                                                                  SHA-256:F0919941ED5D166FB99A5CC6FD3992B6D0C6FDC88A605E0E421951F21ED05493
                                                                                                                                                                                                                                                  SHA-512:751957404FF4782C18DEC26B2114CE9BB57F4D9F488312494A6E142FD867E14F780F9ECC3B63068BA83D04F5DEE118D60AFBB876736FC2FBBF9F7CDCFC033290
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transmitter_template_fileVersion = "1.2.207"; ..function EventTransmitterTemplate(){}EventTransmitterTemplate.prototype={addDataSetNames:function(c,d,b){var a=[];if(d.dataSetNames){a=a.concat(d.dataSetNames)}if(b){a=a.concat(b)}a=dataManipulator.arrayRemoveDuplicates(a);logDebug("emitter ProfileName: "+d.profileName+". allDataSetNames: "+JSON.stringify(a));this._mergeDataSets(c,a)},_isEventThrottled:function(b){var c=ModuleManager.getSingleton("config_manager");var a=c.getThrottleRule(b);return this._applyThrottle(b,a)},_isProfileThrottled:function(b,d){var c=ModuleManager.getSingleton("config_manager");var e=c.getPriority(b);if(e!="critical"){var a=this._getProfile(d).throttleRule;return this._applyThrottle(d,a)}return false},_applyThrottle:function(a,c){try{if(!c){return false}var d=ModuleManager.getSingleton("rules");return d.evaluate(a,c)}catch(b){logError("_applyThrottle: "+b.message)}return false},_applyAttributeRules:function(p,o,a){try{var h=Modu

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (7089), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7292
                                                                                                                                                                                                                                                  Entropy (8bit):5.239946272970433
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:5NppM62N2XDFDHmoHKvxOjrfFQdRn2ESa/ecRWUIWqdGE1SbGvkrC:5NppT2N2XDFiRvxOjDFQdJ2ESa/ecRWb
                                                                                                                                                                                                                                                  MD5:90D8B73452EADCAE0E19455654E53D4F
                                                                                                                                                                                                                                                  SHA1:82D9645BF9AC62C85D67A6C9D5CBE00D7532DAB0
                                                                                                                                                                                                                                                  SHA-256:E2FFD71E0AB4184DAF2331002977BD9348E889103100BE41340BFE972BFA28EA
                                                                                                                                                                                                                                                  SHA-512:16C187C5260127D9DF8E8EF557EC9B2676CDC891BED80CED0F1448F94B16990098594A25EF8B6FE09D651338FED253FE11D1E119622774DEBC00CF5857BF8CD1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_fileVersion = "1.2.207"; ..function CreateAnalyticsTransport(){function a(){this.retrieveStoredQueue()}a.prototype=ModuleManager.create("transmitter_template");a.prototype.transmit=function(m,s,t,c){logDebug("analyticstransport.transmit message="+JSON.stringify(s)+", profileNames="+JSON.stringify(t)+", datasetNames="+JSON.stringify(c));if(this._isEventThrottled(m)){logDebug("Event "+m+" was event-level throttled");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{eventThrottled:m+" is event throttled"}}));return}for(var l in t){try{var o=t[l];if(this._isProfileThrottled(m,o)){logDebug("Event "+m+" was profile-level throttled by '"+o+"'");logAutomationError(m,JSON.stringify(s),JSON.stringify({level:"info",type:{profileThrottled:m+" is profile throttled for "+o}}));continue}if(engine.isStopRequestReceived()){logWarning("transmitter.prototype.transmit: Stop request received, so stopping all data transmissions..");return}var

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_ai.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2458), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2664
                                                                                                                                                                                                                                                  Entropy (8bit):5.488185422412943
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:ktUciWIdy2hgcmGY2rVTOd6oNoP5vCuKKiWXUlK7oBCijzAq:dA2hqGY2rhOELKM0BCijsq
                                                                                                                                                                                                                                                  MD5:049E091FD0F44EF44D0F8577E2145672
                                                                                                                                                                                                                                                  SHA1:5956689F2AFEACC9A8D57B778353D457DD297695
                                                                                                                                                                                                                                                  SHA-256:4860B53624E471C48DBC5028C24966FC506D98B36698B505824FCE6908225C8C
                                                                                                                                                                                                                                                  SHA-512:BE2157468A141AA1ABBC3231200697F80C27CC7021AF3D15FAEC3C4D2CFEFD8460D7FD508EAC05206924982E814A5DA1C98E2B1A3A8E33546D860748A5193D62
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_ai_fileVersion = "1.2.207"; ..function CreateApplicationInsightsTransport(){function b(h){try{var j=/\d{4}-[01]\d-[0-3]\d\T[0-2]\d:[0-5]\d:[0-5]\dZ/;if(j.exec(h)){return h}var i=/\d{4}-[01]\d-[0-3]\d\ [0-2]\d:[0-5]\d:[0-5]\dZ/;if(!i.exec(h)){return null}var l=h.split(" ").join("T");return l}catch(k){logError("getValidIso: Exception caught: "+k.message)}return null}function c(h){if(!h){return null}switch(h.toLowerCase()){case"event":return"EventData";case"screen":return"PageViewData"}return null}function f(i){var h={};try{for(var j in i){if(isNaN(i[j])){logWarning("getNumberValues: ignoring value at key: "+j+". With value: "+i[j])}else{try{h[j]=Number(i[j])}catch(k){logError("getNumberValues: Exception caught at key: "+j+". Exception: "+k.message)}}}}catch(k){logError("getNumberValues: Exception caught: "+k.message)}return h}function e(h){if(!h){return null}switch(h.toLowerCase()){case"event":return"Event";case"screen":return"PageView"}return nu

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_api_endpoint.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3250), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3466
                                                                                                                                                                                                                                                  Entropy (8bit):5.326893850767579
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:IEi5lyUHvoZQLbMF1YfEj05DK+wlVE15DkAPAjh:IEi5ZwibMF1YfY05DK+wkzDkAPAjh
                                                                                                                                                                                                                                                  MD5:3A09D3B85D33DC30FD553CFA10169A16
                                                                                                                                                                                                                                                  SHA1:1EB6CA315E21A823E829D0BDFDD578D168E78817
                                                                                                                                                                                                                                                  SHA-256:18589CC1AA6AAED8302A28E05B22BD8B68E991D04317AAD2527A0F5D2EB3CFD3
                                                                                                                                                                                                                                                  SHA-512:6BB2A45DE0836C167B43E6EBA3A69BC4FB0393ADACAB92BEED76CB5018FBC7D706F759D1E5F19D05702B4A50451EF2218C237E4606AA32B17D11A2CAE71A235E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_api_endpoint_fileVersion = "1.2.207"; ..function CreateAPIEndpointTransport(){function a(){this._url="";this._verb="PUT"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._url=this._config.url;if(!this._url){logError("APIEndpointTransport:: Initialize failed url not provided");return false}if(this._config.headers){var d=this._config.headers;for(var b in d){this._AddRequestHeader(b,d[b])}}if(this._config.verb){this._verb=this._config.verb}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()!="1")&&(this.GetVersion()!="2")){this._usingRESTclientPlugin=true;logInformation("Calling parent class to setup using the restful plugin");this._plugin.SetHttpMode(this._verb);var c=getSystemPlugin();this._plugin.SetAgentName("McAfee Mosaic API V1 transmitter_"+c.CreateGUID());this._plugin.Connect(this._url)}else{this._plugin=null}return true};a.prototype._sendUsingRestClient=fun

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_aws_apigateway_v1.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (4753), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4974
                                                                                                                                                                                                                                                  Entropy (8bit):5.40433259600301
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:gK44u2URXvoZjLFlE5WB1AwfitMQxHcdqbw:gK4LdwFFl2NwfitrxHcdqbw
                                                                                                                                                                                                                                                  MD5:C84AE5F12BAE4A5B5901083E3B1AF7E4
                                                                                                                                                                                                                                                  SHA1:E50A9FBC0F3A88D456809321694D7B42D328BD62
                                                                                                                                                                                                                                                  SHA-256:5C470D788353E477219D77A29544D58890CED27CDF6B8683627CBDA9CD4D3521
                                                                                                                                                                                                                                                  SHA-512:7D82FB71D1D8CB4E644186529D262FFE62A645EF6FE4EE33B0B3EFF01E21394A937C3642E21B03E6A293695C77AF4215F212B93E9771DDE2944E81ED11B49C78
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_aws_apigateway_v1_fileVersion = "1.2.207"; ..function CreateAWSAPIGatewayV1Transport(){function b(){this._apikey=null;this._partitionKey=null;this._url="https://{dns}.awscommon.mcafee.com/1.0/{gateway}/v1/record"}b.prototype=ModuleManager.create("rest_transport");b.prototype.constructor=b;b.prototype._setup=function(){this._apikey=this._config.apikey;if(!this._apikey){logError("AWS_APIGateway_V1_Transport:: Initialize failed API key not provided");return false}var c=this._config.dns;if(!c){logError("AWS_APIGateway_V1_Transport:: Initialize failed DNS not provided");return false}var e=this._config.gateway;if(!e){logError("AWS_APIGateway_V1_Transport:: Initialize failed Gateway not provided");return false}this._updateURL("{dns}",c);this._updateURL("{gateway}",e);this._partitionKey=engine.getContextId();if(!this._partitionKey){this._partitionKey=generateAlphaNumericString(256)}this._createRESTclientPlugin();if(this.GetVersion()&&(this.GetVersion()

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_da.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2581), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2787
                                                                                                                                                                                                                                                  Entropy (8bit):5.394292692824491
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:k+KC4cETZD7ThSwsnoK2NkNCalAVKp9oH259ln2W8HsFAS0+NN70JxAesVuCdL0j:tUvhSwODAAce2OpNS+VfBs/ks
                                                                                                                                                                                                                                                  MD5:7EDA555B9A0E1761B0E7B789E0E70C8B
                                                                                                                                                                                                                                                  SHA1:7CAA2741F2ECB2F8DA06D52C527C45AECBB43DC3
                                                                                                                                                                                                                                                  SHA-256:E9F667C71FDC49970382128856373841C7CB24C737D59FD4612986153EAA9D9A
                                                                                                                                                                                                                                                  SHA-512:2C9A633E91E0D9209393419FF6C47D86C38D830BE63F48850CA955904B4C023735C5B3EFD43D8FE25152ADD0584FED801A34BE2CF685FBDF00459E64BC67AA6A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_da_fileVersion = "1.2.207"; ..function CreateDATransport(){var a={Send:function(c){try{var b=this._getMsgBusPlugin();if(!b){logError("[DA Transport] Current MsgBus Plugin does not support request/response.");return false}if(!b.IsAvailable()){logWarning("[DA Transport] Message Bus could not be loaded; subscriptions will not be active");return false}var g=ModuleManager.getSingleton("mappings");c=g.daMap(JSON.parse(c));var d=this._ComposePayload(c);if(null==d){return false}b.Publish("Data_Aggregator.Add_Data",d);logDebug("[DA Transport] Emit outbound data: "+d);return true}catch(f){logError("[DA Transport] Exception thrown when sending da event: "+f.message);return false}},_ComposePayload:function(c){try{var b={};var f={};var h={};c["__record.created"]=this._convertToLocalDate(new Date()).toISOString();c["__record.created"]=c["__record.created"].split("T").join(" ");for(var d in c){if(this._indexOf(this._metricList,d)!==-1){f[d]=c[d]}if(this._inde

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_eng_observability.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3274), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3495
                                                                                                                                                                                                                                                  Entropy (8bit):5.199517939540756
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:JOXKiK/bXDX8cX0XkXRXUXL1XUXSwXUXNXWXBoX1b6iYikiXxxiEiQX4iw2XK/nF:JOXK9/bXDX8cX0XkXRXUXL1XUX5XUXNo
                                                                                                                                                                                                                                                  MD5:257029E2FDA438BCDD5FBA8D84DA00DF
                                                                                                                                                                                                                                                  SHA1:E6538A33232613B1F62064220139BD713679A99D
                                                                                                                                                                                                                                                  SHA-256:FDDE7D299E825C5A43B95FC487A273FD073B7EBE8638D9109F3D8A10D95C146A
                                                                                                                                                                                                                                                  SHA-512:15E34D922D863705A41B8929865F9232C22DD550465202D51800A92015F414AAA7B0DE4FF0C512F12EADDCD2E326EEC9EA4DB9791EA54705A79F51C4E7EE2F2A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_eng_observability_fileVersion = "1.2.207"; ..function ObservabilityTransport(){this._transport_api_endpoint_emitter=null;this._url="https://pl8qcwep6c.execute-api.us-west-2.amazonaws.com/prod_v1/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this.logInfo("New ObservabilityTransport Created")}ObservabilityTransport.prototype=ModuleManager.create("transport_template");ObservabilityTransport.prototype.constructor=ObservabilityTransport;ObservabilityTransport.prototype.logInfo=function(a){logInformation("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logError=function(a){logError("ObservabilityTransport: "+a)};ObservabilityTransport.prototype.logWarning=function(a){logWarning("ObservabilityTransport: "+a)};ObservabilityTransport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};ObservabilityTransport.prototype.GetVersion=function(){try{return engine.getContentVersion()}ca

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_event_hub.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (7985), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8198
                                                                                                                                                                                                                                                  Entropy (8bit):5.265738364412356
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:3ZONyk/DC0+p55U7voKLgIEpfEdvQKf3Jmn/i/6/lWqu/K/z1gdnxmVMdqAQ7FGv:3Zvk7uYwGOZIWEcQ5s0nx23VIHk4
                                                                                                                                                                                                                                                  MD5:EB13ACF1CBE53258B4975A3A93B64593
                                                                                                                                                                                                                                                  SHA1:3869F58347755A3BE0473B04BC0DF34CA864E82D
                                                                                                                                                                                                                                                  SHA-256:7DB8C911B5E40C1D128909B5FEB8ACD249B7CB958D4A615A121413DF8B781C6B
                                                                                                                                                                                                                                                  SHA-512:C200393EA9ABB67F16821552E84F9300010BF4092CF7B8C87DA57ACAB9C44FE041ED756659B58497474D162572FC43BCC17F6EBC842CF5734F7EA3B10C7088EC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_event_hub_fileVersion = "1.2.207"; ..function CreateEventHubTransport(){LoadScript("sha256.js");function a(){this._apiVersion=null;this._servicebusNamespace=null;this._eventHubPath=null;this._sharedAccessKey=null;this._sharedAccessName=null;this._sharedAccessToken=null;this._tokenCreationTime=null;this._timeout=60;this._url="https://{servicebusNamespace}.servicebus.windows.net/{eventHubPath}/messages?timeout={timeout}&api-version={apiVersion}"}a.prototype=ModuleManager.create("rest_transport");a.prototype.constructor=a;a.prototype._setup=function(){this._apiVersion=this._config.apiVersion;if(!this._apiVersion){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _apiVersion");return false}this._servicebusNamespace=this._config.servicebusNamespace;if(!this._servicebusNamespace){logError("Event_Hub_Transport:: Initialize Invalid (unspecified) _servicebusNamespace");return false}this._eventHubPath=this._config.eventHubPath;if(!this._ev

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_ga.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2200), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2406
                                                                                                                                                                                                                                                  Entropy (8bit):5.484170892348279
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:kMoavQfNfXcBBCE+yR60SO4k2WMWsH6du4jTk7v9:3MXcgE+yWOd2WRsH6ZkZ
                                                                                                                                                                                                                                                  MD5:9CDE7447BB10D521D0EEB8D8933A8A58
                                                                                                                                                                                                                                                  SHA1:718E0E80C92E52EB73FC34CB078E795F94C7A2E0
                                                                                                                                                                                                                                                  SHA-256:68D128F781F2C11A752BDA8CF4B667F4541406B558ADEA507E3E865960464C7A
                                                                                                                                                                                                                                                  SHA-512:0CAE6268634CCCA394A48E2C92B39F330963911F2DFA93CB4CD9E2F9F13DCC61C514EBD1EC43827B5359042C21634691009D29B9A7DFBB30D16FE03D5F2F8EDF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_ga_fileVersion = "1.2.207"; ..function CreateGATransport(){function a(){}a.prototype=ModuleManager.create("rest_transport");a.prototype.Send=function(c){try{var i=this._ComposePayload(c);if(null==i){return false}var f=this.RESTClientAvailable?this._sendUsingRESTClient(i):this._sendUsingXMLHTTP(i);var d=JSON.parse(c);var h=d.hit_event_id;this._transportLog(h,i,f,this.GetName()+(this.RESTClientAvailable?"_rest":"_xmlhttp"));return f}catch(g){logError("GA_REST_Transport:Send: "+g.message);return false}};a.prototype._sendUsingXMLHTTP=function(f){try{var c=ModuleManager.create("xmlHttpComObj");if(!c.setup()){logError("GA_REST_Transport::_sendUsingXmlHttp: couldnt create a xmlhttpcom");return null}logInformation("GA_REST_Transport::_sendUsingXmlHttp: Using "+c.getSelectedObjName());c.open("POST",this._url,false);c.send(f);var g=c.getResponseHeader("Content-Type");logInformation("contentTypeResp:"+g);return g.match("image/gif")?true:false}catch(d){log

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_mosaic_api_v2.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (4495), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4712
                                                                                                                                                                                                                                                  Entropy (8bit):5.252505075477052
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:5itfQ5N+gtjbS6iYikiXx8iHi17iwyRAinJOdtUinPM8:58fQ5Ig5VikCuYq7HyRA0Jwtln
                                                                                                                                                                                                                                                  MD5:3BFF1CE9338838EDAE8C0EB0311E3115
                                                                                                                                                                                                                                                  SHA1:994089983AF9D7039D92CD3DFA2AA8158509AF33
                                                                                                                                                                                                                                                  SHA-256:AB4D2C30F4D4A1D59F9EA4E600F9CC2C3ED87FC02CE5CBE1AB0ABE275DF05B67
                                                                                                                                                                                                                                                  SHA-512:39D47E7EC4C7A60A9AE87C159065F2995BA7DE334FB4B3EAB69565EF419790B7DD9717297031B3F481E72E259D2500C98F7BC23D6836C3B79CFEA7F73F9BAFD8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_mosaic_api_v2_fileVersion = "1.2.207"; ..function Mosaic_API_V2_Transport(){this._transport_api_endpoint_emitter=null;this._url="apis.mcafee.com/mosaic/2.0/{service}/{consumer}/v1/record";this._apikey=null;this._verb="PUT";this._partitionKey=null;this._service=null;this._consumer=null;this._environment=null;this._rtHeaders=null;this.logInfo("New Mosaic_API_V2_Transport Created")}Mosaic_API_V2_Transport.prototype=ModuleManager.create("transport_template");Mosaic_API_V2_Transport.prototype.constructor=Mosaic_API_V2_Transport;Mosaic_API_V2_Transport.prototype.logInfo=function(a){logInformation("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logError=function(a){logError("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype.logWarning=function(a){logWarning("Mosaic_API_V2_Transport: "+a)};Mosaic_API_V2_Transport.prototype._updateURL=function(a,b){this._url=updateStringWithReplacement(this._url,a,b)};Mosaic_API_V2_Trans

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_msgbus.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (3000), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3210
                                                                                                                                                                                                                                                  Entropy (8bit):5.2474011174074295
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:kr7AiguxG0OAO/YxsMY7/KK3q/JepiZOViXNlJdZJz7ISjV:IANwGPAhxeP6xGSjddPzckV
                                                                                                                                                                                                                                                  MD5:3CA8F099BCD6E03D1081FE224BBAFB0E
                                                                                                                                                                                                                                                  SHA1:9703BE5C345AFD5B28863DFF4277D82C220643F5
                                                                                                                                                                                                                                                  SHA-256:B679EAE6ABE3313283BED1DE35D22435F841E3C6DE823D186F318EC06D391CBD
                                                                                                                                                                                                                                                  SHA-512:E41D9F67B49CD225741639614A4AA23DB29EF66FA2C0681124674746BE965BCC976FEFB53462D105D68E97F665C5227E2142FFDBD4A41876519D7F3E5E24EDEA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_msgbus_fileVersion = "1.2.207"; ..function MsgBusTransport(){this._msgbus=null;this._msgName=null;this._processorName=null;this._processorConfig=null;this._processors=(function(a){a.logInfo("Creating processors");return{noop:function(c,b){a.logInfo("noop: Returning eventDataObj unmodified");return c},simpleMsgComposer:function(c,b){a.logInfo("simpleMsgComposer: Creating new message");var f={};for(var d in b){if(b.hasOwnProperty(d)){var e=b[d];if(e.startsWith("$")){e=c[e.substring(1)]}a.logInfo("simpleMsgComposer: Adding new key-vaule to message: "+d+" = "+e);f[d]=e}}return f},passthroughComposer:function(c,b){a.logInfo("datasetComposer: Creating new message");var f={};var e=b.filteredKeys;if(!e){e=[]}for(var d in c){if(e.indexOf(d)>=0){continue}f[d]=c[d]}return f}}})(this);this.logInfo("New MsgBusTransport Created")}MsgBusTransport.prototype=ModuleManager.create("transport_template");MsgBusTransport.prototype.constructor=MsgBusTransport;MsgBusT

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\transport_template.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (1249), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1461
                                                                                                                                                                                                                                                  Entropy (8bit):5.34278016822941
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:nk/8aMm3IGAIOt/m/HYu2eRejjysUutC9zf/98L4oIiAIu7LQ/Ho7/Ts7f0gB:k/Sm3FAd/m/Hz2xLcT/696Dx7/mB
                                                                                                                                                                                                                                                  MD5:AA705B06B1B20E35AEAF8B868C5F4128
                                                                                                                                                                                                                                                  SHA1:3316B62A89EF479F16FE937C72C5E62317C23C27
                                                                                                                                                                                                                                                  SHA-256:E8800992443E9F4D70590C7DFC9B2927DE5EA49EB6B761EAE3205E465E017D39
                                                                                                                                                                                                                                                  SHA-512:EDB9F9C4BD7FB4B31A1415CD6D6286ACD78F81E9C3BCDCE2D6A7001D953D33C85985C59821EE9F8047DD134F74F7B351F31FD78C469E6AD12852678D793CDA38
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var transport_template_fileVersion = "1.2.207"; ..function TransportPlugin_Template(){}if(typeof TransportPlugin_Template.prototype.GetName!=="function"){TransportPlugin_Template.prototype={GetName:function(){return this._name},GetVersion:function(){if(transport_template_fileVersion){return transport_template_fileVersion}return"0.0.0"},Initialize:function(b,d,a){try{if(!a||!b||!d){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b+".Dictionary: "+d);return false}this._dictionary=JSON.parse(d);this._config=JSON.parse(a);this._name=b;if(!this._config||!this._name){logError("TransportPlugin_Template: Failed to initialize (name). Config: "+a+". Name: "+b);return false}return this._setup()}catch(c){logError("TransportPlugin_Template::Initialize Exception caught with message: "+c.message)}},Send:function(a){logError("TransportPlugin_Template::Send: Did not overwrite function. Send will return false");return false},Uninitializ

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\uwp_storage.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (474), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):679
                                                                                                                                                                                                                                                  Entropy (8bit):5.528651726553457
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:UqbdaN47iGreq8C5qlHz0TTqB7kh8hqzfAImT0mgqmOYBx/T/gAVOQWQ8Xz5fT:nbdauiGf88qlHQ/qIUIqqq9uJTFOQafT
                                                                                                                                                                                                                                                  MD5:683F4A83D1B003A49578D9C111CAD65F
                                                                                                                                                                                                                                                  SHA1:191149157678970687DB152E356185308F85B29E
                                                                                                                                                                                                                                                  SHA-256:925244EF5AEF3318A21E93C4CE94BBA4092F875DB7F10BF703B407868B06AB18
                                                                                                                                                                                                                                                  SHA-512:352B6292A0CC93408028107E889AA7C6FDC954C74A0C98AFB4FDD58EB66070C4BF475AAB7FFDAD06911BEB05D9D5F9F2B7D9EDF11493DC95316B2DA1AA835186
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var uwp_storage_fileVersion = "1.2.207"; ..var createUWPStorage=function(){var a={_content:{},add:function(b,c){if(!b){return}this._content[b]=c},set:function(b,d,c){if(!c){this.add(b,d);return}var e=ModuleManager.getSingleton("rules");this.add(b,e.apply(d,c))},get:function(b){try{if(!this._content){return null}return this._content[b]}catch(c){logError("uwp_storage:get: key("+b+"): "+c.message)}},getContent:function(){return this._content}};return a};ModuleManager.registerFactory("uwp_storage",createUWPStorage);..//9D8D5538830D5DDA530017E019CC1928F5F33E59A7F6257D35764CCC7A2613215B5A5874F10B8B9B3D6BF582F358A7C2A0271967C57AE30B52AEEFA0482D0B33++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\wa_settingsdb.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (814), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1021
                                                                                                                                                                                                                                                  Entropy (8bit):5.404669125329936
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:nxbaMFOX49BAsnzOURzngpy3WAsngFPSIO90doQUkQ0Ps8B2:xBFOSAZA3WAzSixdUI2
                                                                                                                                                                                                                                                  MD5:AFD66758130673E67FD28B1198B8200B
                                                                                                                                                                                                                                                  SHA1:1E2E680B1FDE12118C8B1EEF1C83ECFA306E18CB
                                                                                                                                                                                                                                                  SHA-256:32FE98CB61D1A2E9524D2DDCCDB76D8629B70A3E3C0A9724D2F86ED7FC0023E4
                                                                                                                                                                                                                                                  SHA-512:D0D1D8FA3A545BDB55E15DCBB34BE5F5AAC057157CE0DEAE7A10697792F0455D910EAEC265D9741D8EE6DF7E4798DBAF2F230C0223E04432F64AB40445FA58CC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var wa_settingsdb_fileVersion = "1.2.207"; ..function CreateWASettingsDBHelper(){var a={getSetting:function(b,c,f){try{logDebug("getting WA setting: "+b);return this._getPlugin().GetSetting(b,c,f)}catch(d){logError("wa_settingsdb:getSetting: "+d.message+"setting("+b+")")}},fetchFromDataDefinition:function(g){try{if(!g){logError("wa_settingsdb:fetchFromDataDefinition Invalid data definition");return null}var b=g.name;var c=g.scope;var f=g["default"];return a.getSetting(b,c,f)}catch(d){logError("wa_settingsdb:fetchFromDataDefinition: "+d.message+"datadefinition("+JSON.stringify(g)+")")}return null},_getPlugin:function(){if(!this._waSettingsDBPlugin){this._waSettingsDBPlugin=getPluginFactory().Create("SettingsDB")}return this._waSettingsDBPlugin},_settingsDBPlugin:null};return a}ModuleManager.registerFactory("wa_settingsdb",CreateWASettingsDBHelper);..//6D8DD7DDB36D91D32AAF8638B985F7ACF089948683CA6948892D84305AEDB7CACBE9573416041415E14F60F8EF13FA814BE9F7EAA489F

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\Scripts\wmi.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (7401), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7598
                                                                                                                                                                                                                                                  Entropy (8bit):5.385271350984257
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:lt40Xb6wcFz1g8o3IE/ADvEWgj0xOsdmMcJS+c04IqIz65vSzCT0:lt48brys3IE4D8WqM0S+c04wzlzCQ
                                                                                                                                                                                                                                                  MD5:704BDC280B4C8AAE827052FAC90172DD
                                                                                                                                                                                                                                                  SHA1:609D04ECF1DDC83F55CB8EB7C2E98DEDECA126AF
                                                                                                                                                                                                                                                  SHA-256:B667E7A4414310951EC845AD81CF4D90A22DB4FBECB5D5E05CF009F0D2078A09
                                                                                                                                                                                                                                                  SHA-512:E9B066D0B89E8FE1749D3ADC15F9B0126A078514E07FBD23F92671AA91643A309006A6F6B5CF26791B4A2CC6AADCBE62528C09644F7F90160D150BD40590DE73
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! $FileVersion=1.2.207 */ var wmi_fileVersion = "1.2.207"; ..function CreateWMIManger(){var a={_createAttribute:function(f,c){var g={_data:[],get:function(l,j){try{return l(this._data,j)}catch(k){return null}}};try{f.reset();var d=f.next();while(d){var h=d.get(c);g._data.push(h);d=f.next()}}catch(i){logDebug("failed to populate attribute object")}return g},_getMockIterator:function(){var c={reset:function(){logWarning("mockIterator: Calling reset(). noop")},next:function(){logWarning("mockIterator: Calling next(). Returning `null`");return null}};return c},_unavailableServers:{},resetAvailableServers:function(){this._unavailableServers={}},_getServer:function(g){try{if(this._unavailableServers[g]==true){return null}if(!g){return null}var c=this.getPlugin();if(!c){return null}var f=c.connectServer(g);if(f){return f}}catch(d){logError("_getServer: "+d.message)}this._unavailableServers[g]==true;return null},_queryWMIServer:function(h,d){try{if(!d||!h){return null}var g=this._getServer(h

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:Microsoft Cabinet archive data, many, 63363 bytes, 44 files, at 0x44 +A "aviary_client.js" +A "common.js", flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1503 compression
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):76467
                                                                                                                                                                                                                                                  Entropy (8bit):7.975020219369136
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:oHzKTWi0+jyw/hdhS16Sc8buLdkpxl6ZggPJhNK5NyuFfUl:oHzKTW1+7hwccu5kpxdAJhIRfK
                                                                                                                                                                                                                                                  MD5:001AAB25A9ED3A8EE5C405901E6078F3
                                                                                                                                                                                                                                                  SHA1:939596B653E3ED74A5B76506C62CD68FE5C9265F
                                                                                                                                                                                                                                                  SHA-256:0210CFDDC082F6DFD9EEAD5D8FB64B5B6B70E8938246CFE8E530BC47C10E05A5
                                                                                                                                                                                                                                                  SHA-512:702C8B0DE00675331DAF53075091A773BBC316AA9E4AB142C71640E508E08BCF98F9A828820AAF96ADAB4D133D5C65468E2294B4003F4D9942D43559DFEF5043
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MSCF............D...........,...................03............................{Y.. .aviary_client.js..8........{Y.. .common.js......?....{Y.. .config_manager.js......C....{Y.. .csp_client.js......Q....{Y.. .dataset.js.....]n....{Y.. .datasets_catalog.json.)....w....{Y.. .dataset_da.js..6........{Y.. .data_collector.js..H..>.....{Y.. .data_items.json.j+........{YZ. .dictionary.json.....W=....{Y.. .emitter.js..-...N....{Y.. .engine.js.....7{....{Y.. .error_transmitter.js..........{Ye. .events.json......7....{Y.. .event_handler.js......R....{Y.. .hash128.js.....Tc....{Y.. .json2.js.1...=r....{Y.. .logging.js.:...n.....{Y.. .mappings.js...........{Y.. .mcutil.js...........{Y.. .observation_analytics.js.P...y.....{Y.. .operations.js..........{Y.. .preprocessors.js..........{Yj. .profile.json...........{Y.. .registry.js.....:.....{Y.. .rest_transport.js.u...!.....{Y.. .rules.js.B.........{Y.. .sha256.js.^........{Y.. .subdb.js.[...6.....{Y.. .transmitter_template.js.|.........{Y.. .trans

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\class.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):656
                                                                                                                                                                                                                                                  Entropy (8bit):5.259529720888838
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6csNwI62Td/sSEw+gwG8k47nC6VY16oBzkykHs/nIBiS5knn5k2:6clsh/qwzf8b7CwY16oBzkyb/dSennm2
                                                                                                                                                                                                                                                  MD5:063B01ACFBC3E53986EE211B4E420E51
                                                                                                                                                                                                                                                  SHA1:D482713530D7859CEE7FA935B56BA9A0BAFE65E4
                                                                                                                                                                                                                                                  SHA-256:05B1E88EDB1E11DFEEF1F635C297D660B7A4019209AF233A39A4E7EEA754E083
                                                                                                                                                                                                                                                  SHA-512:FF7D8505A4F5D37CF4D3D6EA86F64DE223AAA48B13414DB1934F29184FAF8CA84BB7F2BC4058FFF5C02CABEE2EF87553676FF0C0FE8FDEFC34B1DA4D61DDE985
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........4...6.......-...B...-.......X...-.......G...A...X...-.......X...-...9.......X...-...9.......G...A...L..........init.setmetatableR.......6.......B.......X...U.......X...+...L...9...X...+...L...._base.getmetatable........%4.......X...6.......B.......X.......+...X...6.......B.......X...6.......B...H...<...F...R...=...=...4...3...=...=...3...=...6...........B...2...L....setmetatable..is_a.init..__call.__index._base.pairs.table.function.typeB.......6...9.......X...6...4...=...6...3...=...K.....class.core._G...//F2B26E9DD241203C81C77BFECA6B630511697551E4152D1BF87BAD56E3CC9BD8698F46768662FB0027454CBEB274D612743D86C7F0BBB5EE6DAA8106C5A91BD5++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\dkjson.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10234
                                                                                                                                                                                                                                                  Entropy (8bit):5.605516703152428
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:jWXBkgh/3g7O7qaNfEyc80vDGwVd4Wog1DYEZpQ7+hC+Tf8IkZ0JGlG:ckgBGO7q8RcTvf7xNZUqmG
                                                                                                                                                                                                                                                  MD5:E6C5467CF4387066DD18ED54A17D0FCA
                                                                                                                                                                                                                                                  SHA1:EFE872AD5F4537B1439400E63B2E780F8C554251
                                                                                                                                                                                                                                                  SHA-256:5C9465F5979C568525708D1EDC98E582B01AA4D6647261ED908CFEA4E518DAC6
                                                                                                                                                                                                                                                  SHA-512:F44EA1E701DED4F22F6838CD288B414211D1E0CD8425F702F321CA14BB681BBD0937D3F1B5ED21F1939BF9D58E8494C7E1C1015ACB9F2F3D84E49D8AC119B4A2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..>.......-...'...B...9.......X.......K........getmetatable.debug........'...L....null........5)...)...)...-.......B...H.......X...-.......B.......X...........X.......X...-.......B.......X...).......X...-.......B.......X...+...L.......X...........F...R...).......X.......X...........X...+...L...+.......J..........number.n..........w-...8.......X...L...-.......)...)...B.......X...).......X...).......X...).......X...)...............).......X.......X.>.).......X...).......X...).......X........... .......X.0.).......X...).......X...).......X...).......X........... ........... .......X...).......X...).......X...).......X...).......X...).......X........... ........... ........... .......X...'...L...*.......X...-...'.......D...X...*.......X.......-.......B...............-...'...........D...X...'...L...K............\u%.4x\u%.4x.\u%.4x.............................C.......-...........B.......X...-...............D...X...L...K...............A-.......'...-...B.......-.......'...B.......X.0.-.....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\handlers.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2315
                                                                                                                                                                                                                                                  Entropy (8bit):5.736679766271146
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:5JwHko/hrVeTYVJe7yAeeSiQRlVavdyJmlF6AjmjAHfs:UHkoucKOA7jQzRm36k6A/s
                                                                                                                                                                                                                                                  MD5:23B615D0D66D1113EA7F2F8C640A5097
                                                                                                                                                                                                                                                  SHA1:C20551AAD8F385C6251254866CD839E381FFCFF3
                                                                                                                                                                                                                                                  SHA-256:A75781DA1A65843FDF2266DC6BCDF2F9C9D31CF8F4D20CF840F03D3ECD654DD8
                                                                                                                                                                                                                                                  SHA-512:3DD24BD30237A157447FC71CB3BBA86F4A7D589704888367FB161FB0F1E49F0C7A4BAB454137DBD341E4ED95A1202701B90490168D7A97872DB85653D7F90392
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........]6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...9...8.......X...9...4...<...9...8...)...........X...U...8...9.......X...X.......X...5...=...=...8.......X...8...9.......X...6...9...........5...=...4...<...=...B...X...6...9...8...9.......B...K....handlers....order..handlers..insert.table.check_updater_flag.handler....handler..check_updater_flag..order._registry.handler must be a function.function handler id must be a string#handler order must be a number.number event type must be a string.string.type.assert.|.......6...6.......B.......X...+...X...+...'...B...9...+...<...K...._registry event type must be a string.string.type.assert........)6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...9...8.......X...K...9...8...)...........X...U...8...9...+...<.......X...K....handlers._registry handler id must be a string e

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\init.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2305
                                                                                                                                                                                                                                                  Entropy (8bit):5.843848594991481
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:DhmEnssOUb+Oi6ZNmMWpIJQtbNSE6N+iwgOLL2X7eKTGn8tAwlTzX:DUEssOUSOMtpIJQtbSEivXCKhtAGX
                                                                                                                                                                                                                                                  MD5:3520FA72735133EAC7A2A4CF0EB8B928
                                                                                                                                                                                                                                                  SHA1:B6AF95708C3C88296C3B83BE1FB254179ED94593
                                                                                                                                                                                                                                                  SHA-256:13E62CF4BEE454DDAC70336AD8C28D063CF852DDB43E18912C954407797CF55E
                                                                                                                                                                                                                                                  SHA-512:2640D6D81FA03703CABD082D7A38AA6D76D0758C82D41B0ED856FB94E66499A88629CB7F201E940076B3F4E4F23A2AF7695E2D7DA8D286A1AA66B4E4F52E3718
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........5...'...6.......B...X.......9...'...'...B.......9...'...........&...B...6...........B...E...R...K....require.Loading script: .info...luc.gsub.ipairs.mfw\core\.....dkjson.luc.handlers.luc.PostInit.luc.json.luc.PriorityQueue.luc.UiArbitratorHelper.luc.UiHandler.luc.UiThreadExitHandler.luc.utils\SettingsDB.luc.utils\StringUtils.luc.utils\PackageUtils.luc.utils\BrowserUtils.luc.utils\common_utils.luc...... ...6...9.......)...B.......X...6...9.......)...B.......X...+...X...+.......X.".....9...'...B.......X.......9...'...'...B.......9...'.......'.......&...B...6...6.......'.......'...&...B.......X.Z.....9.......B...X.U.....X.:.....9...'...'...B.......9...'...B...6.......9.......'.......'...&...+...B.......X.......9.......B...K...6.......9...........B...6...9...9.......9...........B...'.......'.......&...6.......9...B...'.......&...-...............B...X.......X.......X.......X.......9...'.......'.......&...B...-.......'.......&.......'.......&.......B...K......Found subdirectory

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\json.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):562
                                                                                                                                                                                                                                                  Entropy (8bit):5.4883641051879914
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6uNkydLkg5M10kgPv7BkkFAtLvYUkjoU+TmUEf:6IoERB2tLHUGwf
                                                                                                                                                                                                                                                  MD5:0C82522CAFF671B7C481F594411F2F08
                                                                                                                                                                                                                                                  SHA1:3C6C1DC686DD524891079E382B4AEAE5974DBA9A
                                                                                                                                                                                                                                                  SHA-256:5FA68D7AD18C33EEE4A71E838C7D951C2C2656D03F50ADDFC62291F11199A7A5
                                                                                                                                                                                                                                                  SHA-512:CB2CF6834E66063CF34ACBFD534439996E5BF3235A36708E493105D4FA200E309733BF6F9DA55D8741F06BB1632584F947AB70344B49F8A91BCA81676879343C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........9...9.......)...+...B.......X...6...'.......9...)...).<.B...'.......'...'.......&...B...L.... pos: .',.), error: '.sub#Failed to decode json string (.error.decode._json3.......9...9.......5...D.......indent..encode._json.........6...9.......X...6...4...=...6...5...6...9.......X...6...'...B...=...3...=...3...=...=...K....encode..decode.._json....encode.._json..decode..core.dkjson.require.dkjsonTest.json.core._G...//5978B0CAF663886B7BA14FEFEF0D9A85B433B96C101A3A3F8D24D1927330B6E7FAB93BE793A42923F6DD3D8C6F65367041260F4FB3EBBAC7AC68A71D15BBBBC8++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\logger.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):699
                                                                                                                                                                                                                                                  Entropy (8bit):5.329885535844202
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6x5bYn4wF0WNYtAr78KQK78KTR78Ky78KSV+AQlm1ZMWOPGgMuM24An8bnNSKpdk:6u4wF0WNEUyg1qWOug82N8jAMAqTi
                                                                                                                                                                                                                                                  MD5:5A0EF4664B797B6F7B6A26FE551B31CF
                                                                                                                                                                                                                                                  SHA1:CABE08555ACBBEAB6C064A87C263A7E6A5CD5656
                                                                                                                                                                                                                                                  SHA-256:4A51796B530FF23E6E7C2D986F17ABFF3B828E5F86F39EC4CC2B2CFCE0173B91
                                                                                                                                                                                                                                                  SHA-512:C991F566D8C9F3D0C4361079FDDA85466EA74C5994529BA2A7EC46328C5CF9D3D3215EFD54D08CDD010B9F981C075A0D4F6F213C2A31011E4D8EE509BBD429BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........G.......X.......9...G...A.......6...9...)...B...6.......9.......9...9.......B...K....currentline.short_src.Log.utility.getinfo.debug.format........-...-...9.......G...A...K........Normal/.......-...-...9.......G...A...K........Warning-.......-...-...9.......G...A...K........Error0.......-...-...9.......G...A...K........Critical.........6...9.......X...6...4...=...5...3...6...5...3...=...3...=...3...=...3...=...=...2...K....critical..err..warn..info....warn..info..critical..err...log.....Warning...Error...Critical...Normal...Automation...core._G...//0966E7F515283E273ACBCACFD0DD1C5E7AAC6239BC7C2766795554C272176E3F5A9B7F182B12F84F7F48C27D689C7045313EB127DE417BD8AD4E22CAF5736F0A++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\postinit.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):980
                                                                                                                                                                                                                                                  Entropy (8bit):5.699909195659202
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6YDsnrMjnBNMVCXMgrmPJ4rAobrLQJxX+fThOhcqtflUDBs5:JuIjYVpgyhgbrLQTkEhcqZlsC5
                                                                                                                                                                                                                                                  MD5:75D95D21674993A821F2D4FDF3871DA2
                                                                                                                                                                                                                                                  SHA1:49736A6B2461EE9425FEC80F29FE81AA72C7DBE9
                                                                                                                                                                                                                                                  SHA-256:8F9731CE44A2914F3F03AF3240DF4B4885309A98BBA53B4AFB5628FF8CD1A4C0
                                                                                                                                                                                                                                                  SHA-512:A0B90BD93A3B43D55D6A702BF65E779DE86DF06ADCFC707E84614E74786113F0EB4A5AE0A4E842FD76707539551330D5673D2EA93F81468DBF1EDFA09FD69C71
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........96...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...)...9...........X...U...9...8...9.......X...X.......X...6...9...9.......5...=...=...=...B...K....callback.id....callback..id..order..insert.table.order._registry%Callback type must be a function.function!Callback ID must be a string.string$Callback order must be a number.number.type.assert..........6...9...B...X...6...9.......9...'...9...9...B...6...9...B.......X...6...9.......9...'.......B...E...R...K... Failed to run callback (%s).err.callback.pcall.id.order4Executing post-init callback. order: %d, id: %s.info.log.core._registry.ipairs.........6...9.......X...6...4...=...6...5...4...=...3...=...3...=...=...K....execute..register.._registry....register.._registry..execute..PostInit.core._G...//2CC7DF6538F086396E329725B3528D301943E946D4173342978FD1CDF61306157AC0B64DE87125C79877B3054BA56D61119326F5654ACA6D03C8BE5E8AB9D928++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\priorityqueue.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1267
                                                                                                                                                                                                                                                  Entropy (8bit):4.994679765460364
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6enUdjWd4nqwwDRmvA5bxMi0kdVxIXkfF32CG79lgxLEIeYlRl4R/Y8:znUd6UqwwdQA5bxMiNVjHyCdEI/mt/
                                                                                                                                                                                                                                                  MD5:87A95CC6A3DDD7827E448B0A603C0693
                                                                                                                                                                                                                                                  SHA1:E40A4AD03FA1EEE6AD5C2FD6E10855605B221CF7
                                                                                                                                                                                                                                                  SHA-256:7F0FB6C90341D6FE50219A6557C22D89F4A08FF34AB07D026A4679B162518506
                                                                                                                                                                                                                                                  SHA-512:418FFC2A26756D827977795D67011DC213EAD07E27ECB5E57F21186C612E4DE61D9A713E945E6C5A7F08A4ECE17E19447226AEC3DD1EA6975074DDF9F9A102CF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........1-...9...B.......X...5...=...=.......-...........K...-...9.......X...5...-...=...=...=.......-...........K...-...9.......X...U...9...9.......X...X...9...X...5...9...=...=...=...=...-...........K.............next..value..priority..next....next..value..priority..value.priority....priority..value..Empty.k.......4...)...-.......X...U...5...9...=...9...=...<.......9...X...L......next.v.value.p....v..p..priority........."-...9...B.......X...K...-...-...+.......X...U...9.......X.......X...-...9...-...9.......X...9...=...-...........X.......+...9...X...K..........next.value.Empty._.......-...9...B.......X...+...L...-...-...9.......-...........9...L..........value.next.Empty.?.......-...9...B.......X...+...L...-...9...L........value.EmptyB.......-...9...B.......X...+...L...-...9...L........priority.Empty........-...L.....&.......-.......X...+...X...+...L...............4...+...)...3...=...3...=...3...=...3...=...3...=...3...=...3...=...3...=...2...L.....Empty..Size..TopPriority..Top

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\triggeracceptor.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):476
                                                                                                                                                                                                                                                  Entropy (8bit):5.403433806188916
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6gQrQouWHpCJHMjvoQwqbADclzB8AUECTCixs5Qx:6NpCFgAD8KAULmiKC
                                                                                                                                                                                                                                                  MD5:0C7192E01776384350DB9D8385F969AB
                                                                                                                                                                                                                                                  SHA1:A28D8131B4E00DD60E9A990D15BBA0C132CE1079
                                                                                                                                                                                                                                                  SHA-256:BC3DEF1232BAA5BB547545F2C25CF5BAD52B9B47F2FC36F8A8859A0E5D65D5E1
                                                                                                                                                                                                                                                  SHA-512:B36B532E747D0C6F498D14F1EC35D312B60C0FA33FB023AC05C9FB31FC7D92228A20F5C257334633CD3CF109EAC651E2994CCD48389FBD7A347E2C57E33E8670
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6...9...8.......X...8...L.......X...+...6.......9...............B.......X.......X...+...<...L...6.......)...B...K....error.include.external.loaded.package=.......6...9.......9...........B...K....execute.handlers.coren.......6...3...=...6...'...B...6...9...B...3...7...K....HandleTrigger..loadPackages.core.core.init..require._G...//A04AE81F1AC78C57BEA1A6292D4647852EB9EAD9E9E484675B31EF517125322F9FD381B5934C3BDA6BE4C7C5B3CFBA3D19B596C1283C0E6BB1C045EA98EA8C66++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\uiarbitratorhelper.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3788
                                                                                                                                                                                                                                                  Entropy (8bit):5.552469780564675
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cklXeOJw5g1AGiz8wE8xxveb8ZvRXfy9L7W:ckRhwGKd8wE8xxveb8jXfy9nW
                                                                                                                                                                                                                                                  MD5:81E0A180BFD797E6BA36FEEA6C102413
                                                                                                                                                                                                                                                  SHA1:08132153CCDC3FE8CDF6D68A1F395B55853018B7
                                                                                                                                                                                                                                                  SHA-256:9A04D219A19827DB88BCF1E7EEF2DC33A860B11F8A61E202123ECBFBE9C8F52A
                                                                                                                                                                                                                                                  SHA-512:16AF20AB11D021953505D614EFA33139173AF2119457C6198B582264041EF6F22F2E5A5EC9B0498CE841C7B3E5497690125F303DD2AE44C0DFA937B28DE5B8AD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..T.......-...8.......X...-...6...9...9...B...<...-...8...L......new.PriorityQueue.core........-...<...K.....T.......-...8.......X...-...6...9...9...B...<...-...8...L......new.PriorityQueue.core........-...<...K.............-...........-...L......0.......0...4.......4.......4.......K............B.......4...6.......B...H...8...9...B...<...F...R...L....Data.pairs........"3...7...5...-...=...-...=...6...-...B...=...6...-...B...=...6...9.......9.......5...B...6.......9.......B.......X...+...X...+...2...L............StoreArbitratorState.uimanager....indent..encode.json.core.ShowingUiRequests.PendingUiRequests.UiRequests.uiId....uiId..PendingUiRequests..ShowingUiRequests..UiRequests..DumpTableData...............4...6.......B...H...6...9...9...B...<...6.......B...H...8...9...6...9...B...6...9...B...A...F...R...F...R...L....v.p.tonumber.Push.new.PriorityQueue.core.pairs.........3...7...6...9.......9.......B...9.......9.......6...9...B.......6...9...B.......K............ShowingUiRequests.Pen

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\uihandler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1220
                                                                                                                                                                                                                                                  Entropy (8bit):5.915091404145217
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6I0lBHW+Tks5h4uxHN2+PBh5DKScPDDQ5c4acKf38tRqV1Q0rOjsY4RKnaZcQ/c:Kzd7h4uqwRKScPDvMtYlrq4RKT
                                                                                                                                                                                                                                                  MD5:8F145C904518DB1406476CA8FB237EA1
                                                                                                                                                                                                                                                  SHA1:EB440C3301F48AC4BE22CFB7FB93EE0F9092CEA6
                                                                                                                                                                                                                                                  SHA-256:C91BA1420D89C87F3EC1CE84D460D7F531FDD89A3BC1C30238A48F2D294FF1A8
                                                                                                                                                                                                                                                  SHA-512:F1CB7AB8461603B983C3799A2F318C417369E6BDCDD0D950AFD3217244756982ED2DBC018909312EF1682AA1869A6B82184186859B090B3725063EDA35FC9E6B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ........)...6...9...9...B...9...B...=...9...9...B...9.......5...=...=...B...6...9...9...B...'.......&...9.......B...+.......X.......X.......X.'.9.......X.$.6...9.......9.......B...6...9.......9.......B...6.......9...........B...7...6.......X.I.6...9.......9...'...9...&...B...9...............B...X.;.9.......X...9.......X...9...6...9...9.......9...9...9. .6.!.9.".B...A...+...9.#.....B...6...9.......9...'.$.9...&...B...X...9.%.....X...6...9.......9...'.&.9...&...B...9.'.............B...X...6...9.......9...'.(.9...&...B...9.#.....B...........J...6uihandler: no special options, removing request: .AddPending"uihandler: adding to pending .skipPending,uihandler: Added a delay timestamp for .RemoveRequest.time.os.setting_name.setting_scope.SetOption.SettingsDB.utils.delay_data.delay.AddShowing"uihandler: adding to showing .info.log.ret.Show.uimanager.encode.json.overrideSelfPriority.TopShowing._.Browser.EventData.tostring.templateArgs.config....config..templateArgs..AddRequest.UiType.UiTypeI

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\uithreadexithandler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1141
                                                                                                                                                                                                                                                  Entropy (8bit):5.941607065548458
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6Bld27yrNDybt88WP3CvwgefKS6VlceP1Q3D2c0ebE0+pwp+vE94:UsQgu8QgWaZ1427ej+Gp+8C
                                                                                                                                                                                                                                                  MD5:D892D62313540E1ED073B6BDF7121A80
                                                                                                                                                                                                                                                  SHA1:1E0BB14013D49F68DFDB90D767E4AF1A2E59DAD3
                                                                                                                                                                                                                                                  SHA-256:376C12DC224A6A2F70A6B64A8E0B8AB25FC9D78E8ABB48D3A0BC6371F52D0468
                                                                                                                                                                                                                                                  SHA-512:93F95CCE8C380C40502FDD52A09179BE825D7AD7D466C951EB4465AF9457508374BDD15188B821E45A4312791CC378F6313BDEDFEFB551E4FF0CDDB81EC0E58B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ........$.z6...9...9...B...9...9.......B.......X...6...9.......9...'...B...K...9...9.......X. .6...9.......9...'...6...9...9...B...&...B...6...6...9...9...'...6.......B...'...&...B...A.......X...6...9.......9...'.......B...9...9...9...B...6...9...9...9...B...'.......&...9...........B...9.......B...9.......B...).......X.+.9.......B...9.......B.......X.......X.!.9.......B...9.......B...6...9.......9...9...B...6...9.......9...9...B...6. .....9.!.........B...7.".6.".....X...9.#.............B...K....AddShowing.ret.Show.uimanager.templateArgs.encode.json.PopPending.TopPending.TopShowing.NumPending.RemoveRequest.RemoveShowing._.Browser.EventData.UiType.UiTypeInfo'Failed to run onExit callback (%s).).(.load.pcall.tostring6UiThreadExitHandler: requestData.config.onExit = .info.onExit.config,UiThreadExitHandler: requestData == nil.err.log.RequestData.ID.GetInstance.UiArbitratorHelper.core.....j.......3...6...9.......9...'...)...'.......B...K....Core_UiThreadExit.UiThreadExit.register.handlers

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\browserutils.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3251
                                                                                                                                                                                                                                                  Entropy (8bit):5.531580876024518
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:f/BP24m6A8F6JjKtwxzqE+zqlRwr6RwEJdrNLu1hrdOWsaBA:f/BP24mvzxSwxzKz0+KRd01hoKBA
                                                                                                                                                                                                                                                  MD5:2B4A67342C584C9B9C3668896884DC03
                                                                                                                                                                                                                                                  SHA1:B6663290BEC311FC9C584A23FE20DBDFC5B8B147
                                                                                                                                                                                                                                                  SHA-256:3FCF58D474734E572E264F83281C7D315AD4246ACB60E316FFB385A6F0E038CA
                                                                                                                                                                                                                                                  SHA-512:EF2D9ADAA6D480930A56ACC1E4F66FD45F988DB1CE96C1DE2676D9059F5CCAC7B8AE2A6455C698336DE773924A7019B2502753A1BBA46F5E8877DF82070DE0E3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..a.......6...9...9...9...........B.......X...+...X...+...L....GetBrowserStr.BrowserUtils.utils.coreI.......6...9...9...9...8...L....BrowserTypeString.BrowserUtils.utils.core.........6...9...9...9...8.......X...6...9.......9...'...6.......B...&...B...+...L.......'.......&...6.......9...............D....GetOption.settings._.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core.........6...9...9...9...8.......X...6...9.......9...'...6.......B...&...B...+...L.......'.......&...6.......9...........D..."GetUserOptionWithSystemBackup.settings._.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core........"6...9...9...9...8.......X...6...9.......9...'...6.......B...&...B...+...6...9...9...9...9...J.......'.......&...6.......9...........D...,GetUserOptionAndErrCodeWithSystemBackup.settings._.Unknown.settings_error_codes.common_utils.tostring.Wrong browser type .err.log.BrowserTypeStringLow.BrowserUtils.utils.core.........6...9...9...9.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\common_utils.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6002
                                                                                                                                                                                                                                                  Entropy (8bit):5.582050221373269
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:zjx4bqxfcsUvEBsF5e8yQLv13RBgoNevPg/lsvebKlDPCeat:zjx4bqi80EcvpjNIPsCebKleek
                                                                                                                                                                                                                                                  MD5:FF2C89AD86AA498588D50F222E1E1312
                                                                                                                                                                                                                                                  SHA1:BF1DC6666EF3AB96A97A0829DB651BE64C1914E7
                                                                                                                                                                                                                                                  SHA-256:52FC880CF8D169B38141A627982869348F9F17A138202B094F9AA9E1B502ABBD
                                                                                                                                                                                                                                                  SHA-512:8134B235C9FCFE3171AAD7B6B5EA2050D030C3A1067F44D50EFF8FD20BCA5EF1787DEBBD6CFD4CFC897327AC41582CA90EB481AC5A4BF4CD96E0C35D805D2E55
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6...9...9...'...'...)...*...B.......9...B.......X...'...L.......9...'...B.......X.......X...'...L...6.......D....tostring.NULL_AFFID_ERROR..affid.QueryValue.READ_ERROR.IsValid+SOFTWARE\McAfee\MSC\AppInfo\Substitute.HKLM.Registry.Win32.core................X...6...9...9...9...9.......X...6...9...9...9...9.......X...6...9...9...9...9.......X...+...X...+...L....WrongType.DoesNotExist.Success.settings_error_codes.common_utils.utils.core.........6...9...9...'...'...)...6...9...6...9...9...9...6...9...9...9...B...A.......9...D....IsValid.KEY_WOW64_64KEY.KEY_READ.RegistrySamConstants.bor.bit5SOFTWARE\McAfee\MSC\Settings\ApplicationInfo\MSC.HKLM.Registry.Win32.core........06.......B.......X.......9...B.......X...+...L...6.......9...)...)...B...A...6.......9...)...)...B...A...6.......9...)...)...B...A.......X.......X.......X...+...L...6...9...5...=...=...=...D....day.month.year....min...sec...hour...day..month..year..time.os.sub.tonumber.len.string.type.,.......6...9...!...-...#...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\packageutils.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):867
                                                                                                                                                                                                                                                  Entropy (8bit):5.420155880344147
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6DA+0TGrcQqcnEbbqTrc8u6BIuAfcnquJv:eJcQqcEfIcd6BIuAf/8v
                                                                                                                                                                                                                                                  MD5:CDD29945D0C68EB61CEE10443472EEF1
                                                                                                                                                                                                                                                  SHA1:823D487C44AE9B75A51BE9849380B42CBD621DDD
                                                                                                                                                                                                                                                  SHA-256:1D2BFEC6357810B63C4D221C8542FDCE455FFC0686E9CFA695EDC631ED5B14DD
                                                                                                                                                                                                                                                  SHA-512:E92E26B23DA060FB1134E80D71BE121BC4A93980E56E03E5F94A91859B98F8486E1DF57A64C087D254F44FDA24AF275B54E99C78B0FD26ACE5FC8D6D50159659
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6...6.......B.......X...+...X...+...'...B...6...6.......B.......X...+...X...+...'...B...-...<...K.....%Package version must be a string"Package name must be a string.string.type.assertr.......6...6.......B.......X...+...X...+...'...B...-...8...L....."Package name must be a string.string.type.assert.........6...6.......B.......X...+...X...+...'...B...6.......9...B...'.......'...&...L....\.mfw\packages\.GetInstallPath.utility"Package name must be a string.string.type.assert........&6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...6...9...4...=...4...6...9...9...3...=...6...9...9...3...=...6...9...9...3...=...2...K.....GetPackagePath..GetPackageVersion..SetPackageVersion.PackageUtils.utils.core._G...//EEDA1B62B0BABFBD34F253DA79417CD49A955337F0D4AE061213855F9E674327B5D8C77004B5CCF9ACC3E8B7B81F5CE1C051B86BB6B7C527AF3492D462FD8B09++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\settingsdb.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):761
                                                                                                                                                                                                                                                  Entropy (8bit):5.493514972861823
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:67gclf2Magc5B/oQjf8uSIcz5qqxDax0fh99ATjS8tX8PN71u+xMIf8wQjXeqqxs:6RpaZB4uSIc/O4Du+xCwUe9eP6i
                                                                                                                                                                                                                                                  MD5:30C2FDDCAB3389AE2E04F14ECCFEFE7B
                                                                                                                                                                                                                                                  SHA1:EF74BC536D9A56A5BC3BD6787B2C805ED62EFCD0
                                                                                                                                                                                                                                                  SHA-256:54006C552A5789278084466B52904D12E7AF1C07422267E4FD8EC5C1BD9AC250
                                                                                                                                                                                                                                                  SHA-512:F5889A0C7D9D48C79DDFED1E224B298B60C56EBB91D76EA74977C24EB9261D013E98DF1185EDF307018625248727BBA636CC0A1A63963006E42B0E72C3F3CAF4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..6.......6.......9...............D....GetOption.settings.........6.......9...............B.......X...6...9.......9...'...6...9...&...B...L....Name.elem.Failed to set option: .err.log.core.SetOption.settings.........6...9...B...X...6...9...9.......9...9...9...9...B...E...R...K....Value.Name.Context.SetOption.SettingsDB.utils.core.Settings.ipairs........)6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...6...9...4...=...6...9...9...3...=...6...9...9...3...=...3...6...9.......9...'...)...'.......B...K....Utils_SettingsUpdate.SETTINGS_UPDATE.register.handlers...SetOption..GetOption.SettingsDB.utils.core._G...//6BEA2EB0FFC1AEAD1F13002ED7939A51D869C6CEA7F2829DBC2904ECB1D774477B9D77FDB2FCDDEB8045986F792B45AE25E091A485D39495D98C89C1DFB2ADDA++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\stringutils.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):381
                                                                                                                                                                                                                                                  Entropy (8bit):5.192806180869675
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6emuLqNlmHiRDPVj9fE+ATjS8JYcR7Qh9bFDVS62Zdu1t3wFPvdWQIn:67lmHiRDh99ATjS8atj5V3wdu1izPIn
                                                                                                                                                                                                                                                  MD5:C7357C3ACFC7BF9BE6F1EE4DA1F9EED2
                                                                                                                                                                                                                                                  SHA1:D2AD3BC41D5BCA5826BDB06BCAC064FF28179C62
                                                                                                                                                                                                                                                  SHA-256:628F854469B54B3C88C1FB6035BB86270A92CF8D049889822CC316635CB20EE9
                                                                                                                                                                                                                                                  SHA-512:9E102CD2206847C3E27E836EC9C38DBB6DE27547971391BB70983ADB19B078422F71FBAB065AD59631B53290D9AEEB254176344C2923FE5BFAE9A17F0D3B428B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..O.......6.......B...X.......9.......B.......X...L...E...R...+...L....find.ipairs.........6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...6...9...4...=...6...9...9...3...=...K.....MatchInPatternsArray.StringUtils.utils.core._G...//F62C77D6F474015EDABFF60D7E46FA815F06323665B7150C7866A0657CF815BB11A0199713AF92E27F2E3D614D3B44514A71F277956673F679985E61330FB7C1++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\core\win32helper.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):30539
                                                                                                                                                                                                                                                  Entropy (8bit):5.704642369166357
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:JX/CIGkba/ZqyBhyCTz5KamxnbxSHo44G29gJ6UOzC0Ob:Jfah5yAKaqboIrG29gJ6NzCt
                                                                                                                                                                                                                                                  MD5:C4658946A09BD22D3E0E262A9EC1EBBF
                                                                                                                                                                                                                                                  SHA1:2B45539B2F030D99689D7DCF839FE3C0B2A1072A
                                                                                                                                                                                                                                                  SHA-256:02E3CBA1C4491E184C6583BD8C35263175AFD5A893EEBF11B3A2457A78BFF724
                                                                                                                                                                                                                                                  SHA-512:CA76966A53D934121EC84FD6287C3CCC1825A42E59E5423C3F8094EE2C4E53DEC30B6113E183E12C56EC7C0A58F8213B588F565B0DE26381938A13D4FBBF9067
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..9...........X...6...9...9.......B...K....CloseHandle.C.ffi2.......=...6...9...9...3...B...K.....gc.ffi.handleV...........X...6...9...9...9.......B...K....DestroyEnvironmentBlock.userenv.Win32.core/.......=...6...9...9...3...B...K.....gc.ffi.env1.......6...9...9.......B...K....RegCloseKey.C.ffi........<....X...'.......X...).......X...6...9...9...9...6...9...9...............B...7...6.......X...+...=...2. .6...9...'...B...=...6...9...9...6...............9...B...6...9...9...9.......X...+...=...2...9...:...=...6...9...9...3...B...K...K...K.....gc.ERROR_SUCCESS.Win32ErrorConstants.RegOpenKeyExA.C.void*[1].new.ffi.hKey.rootKey.GetRootHKEYFromString.KEY_READ.RegistrySamConstants.Win32.core.(.......9.......X...+...X...+...L....hKey........n....9...B.......X...6...9.......9...'...B...6...9...'...B...6...9...'...B...6...9...9...9...,...........,...B...6...9...9...9.......X...6...9.......9...6...9...'...6...9...9.......B...A...A...4...)...:.......)...M.5.6...9...'...:.......B...6...9...'...:.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\auxiliary\reset_handler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2338
                                                                                                                                                                                                                                                  Entropy (8bit):5.634661983308953
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:ulTdkjpbD/Lcww/IvvfpNC28F4dHX879pKo1koJyLzF30F0LAw0q4k9F:ubkFbDwRwvvfpp8F4dHXk9pKo1koJyLD
                                                                                                                                                                                                                                                  MD5:0BB0A2B9A63053149EE717E7D88BAD5A
                                                                                                                                                                                                                                                  SHA1:4BE9E7378E349862653D4C42BACADB756A685AAD
                                                                                                                                                                                                                                                  SHA-256:143BC8CB43D56F6E6B38C680344E6F179C245FD99BDDF2BA1E61D701222F0D53
                                                                                                                                                                                                                                                  SHA-512:4A64181FE8D9ECD71CDB98F9DEF6251A15FFCC8471C491802617CCCB54A6E329EF34794821861962BB666126B46EFD1508BE01E30E77D3107951F8A10BE793A9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........Z6...9.......9...'...B...+...9.......X...6...9.......9...'...B...K...6...9...9...9...9...8...6...-...B...X.6.6...9.......9...'...6...9...B...'...6...9...B...'...6...9...B...'...6...9...B...&...B...9.......X...9...'.......&...6...9.......9...'...6.......B...&...B...6.......9...9.......9...B...X...6.......9...9...9...9...B...E...R...6...9.......9...'...B...K......handle_reset_event: end.SetOption.settings/handle_reset_event: local setting name is ._.reset_value., reset_value = .add_browser_suffix., browser specific - .scope., scope .name.tostring+handle_reset_event: resetting setting .ipairs.BrowserTypeStringLow.BrowserUtils.utilsBhandle_reset_event: no browser field in event_data. returning.Browser.handle_reset_event: start.info.log.core......../4...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...3...6...9.......9...'...)...'.......B...2...K....reset_settings.event_on_reset_settings.reg

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow-right.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 54 x 46, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):509
                                                                                                                                                                                                                                                  Entropy (8bit):7.265106458574301
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/76lJ/6Ts/4qfsK+Sz2D2cP03cbekp8LuwkWBjMAraM7P:9lJ/68fsPSyFP03gpLWqu7P
                                                                                                                                                                                                                                                  MD5:B9239E137DA0942222FD6E7FBB95F084
                                                                                                                                                                                                                                                  SHA1:4D8B1C9DA9E1A8772F5C6929A4337D5D9A659EF7
                                                                                                                                                                                                                                                  SHA-256:FB3B5BE9639CDB51AEDA6F379B0E3D78E64035C53EBBD9D99D28E6913A6BB761
                                                                                                                                                                                                                                                  SHA-512:02EEB55B6C2A00D6E638B57CF448A5110C40A0962D68121BB869C8CD82812AA50FCC882A0E3FCFBF9DA5047F15A2686176CCFA1F61044DD8BF7F0CC957A630BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...6.........c..+....pHYs.................sRGB.........gAMA......a.....IDATx....M.0......kzH..+d.6..$.0BF..e..!7. ......B...I..g....{.].b.D.K.....".e..."}k~..Sk.y.R...1.x.R....rcp9'.!.......n.&.<.zc.9..(..W..7..9.ZbX.d..e*.....n2v5i.x.!.8.0d....l.D..7N..q.D...N..q.D..T.X.....Ccq.ah......S..MS<..b...C.KI;h......a...k.%..`fx......{e&.r7.)...P$.T.Q(....(........h..P.G..Q(...(....i(....(....0....p....i....5`....p.c...5`......i^.e....dC!.0M.c.....^...4?..R...Kb_}nL...i.....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 46 x 54, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):525
                                                                                                                                                                                                                                                  Entropy (8bit):7.401937246200202
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7W7/6Ts/B2l3fqAXsMj1VswTbTfH9O95UzdOo9Fy2S97:F/6B3io1p79O/kdjHy2St
                                                                                                                                                                                                                                                  MD5:CFD3007010FA11DFE25FA8D48E65E72A
                                                                                                                                                                                                                                                  SHA1:9973303D168AECC57EF380EB705DB4B7C6055766
                                                                                                                                                                                                                                                  SHA-256:8FFC2BAD58D0322050F9AF74D140A23A589AA6E0710D6E48285FCC123A80ACE4
                                                                                                                                                                                                                                                  SHA-512:DA7514A4B7CCED85378E25B49742AB674937B7CE3AB714923D848CC1F3CE38CF6C11A0DEA8B97C2860B0BCFC770ED3CC39E74AA358A63BFE81E9DC47754DA60B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.......6......<......pHYs.................sRGB.........gAMA......a.....IDATx...MJ.@..........EA\y....y........'..R.B=B.."dmM.L...$........4...$......I..........\ '.r;..~.o...zy(Ujq.vu.,.C.W.!t<......Q..h.....@C(.(x......#.P.>.......pD4..W>'.<...........#g..s..........r.c...p.7"&....k.._.os...SL.b......../8.......w..B.%.K4./......9.......&5'....x).}.........P...3Oo.^.........P-^..r...h.W.,.q...2.\..>.........}2M.G.t.3I.{... .....Cb.b8u.....1.:.S.p..N..c8u.....1.:.S...Di.(.."....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\card_bg_image.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 150 x 198, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13807
                                                                                                                                                                                                                                                  Entropy (8bit):7.980033051105471
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:r82XmabuE9fiCT7j5ggQkSDKoEBF4mRzzJt:40XiClggenEBp
                                                                                                                                                                                                                                                  MD5:A7522FA80144583C5F0E070F50E06C47
                                                                                                                                                                                                                                                  SHA1:FF32E2DB5468B183DE1FC7A68D3F82BCAC033262
                                                                                                                                                                                                                                                  SHA-256:AE9F79BE354331730247196BAF87001D48330E8452593952820AFEE0DCE5724D
                                                                                                                                                                                                                                                  SHA-512:FB8E730EB796F051AB4E84A1277C2C6B53CC8DFCA96CAD8B3CCE4DB48675B3D7AE008F1A1B100D776E1BB9F040CE0DCEC020462F13C9CC42126F463F87CC0802
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............0.y.....pHYs.................sRGB.........gAMA......a...5.IDATx..}m.#7.% _..c........{....X."upp........Uf. ...J...._......p.y...?.v.........UA.....k.i..W.+...f.?..8h.F.C..:..z.=...\.)..P.+yW.....km8.O.N.;s..9Hs....x....ni.2b..1.....$:.V.c%.~...4Q.w....VuT<N..... .....^.....j."Q../#n'....K..d...h.c...tQ'....L.U6@^.K..g.. .....>1;.@..m./...<.0.......d..o.t#........!d0.^9..|..D..K..6..Z....<....N-...M....%....B04Rr.. H......u...f.........|\.q...r.'Vt.g...,...[.V.....t%..]..H...J .G:.....x.....).....,.K..)....jC..........d(.m7p*9L.Lr=.Dc.~..f}8.J.c8.`..`i.Q.'..S.......ZT^1..L{n.Qy.._.6..)hv./41!.i.7'}..F.L:. .... K._Ag.L%{..:/[n.P.I..g].D.80J,o....)g..~.z.P......y.\..K..7^+..d..]42..k...+=.>.......k[..(....E....Zk.;..q.xu..?.H.t.*.N|.....].u..B/.TJ.+.x'.I..$@.)8.7..R..:9.)y....x...e...;^eP....K...H.G...#.)..t.=..>0..........I...n..,K|)8.....o.?.n'.....h......u.s_..`:A.....R.7G.v..$'..9w5v ,..x...xL1>.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\close_icon.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 11 x 11, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):312
                                                                                                                                                                                                                                                  Entropy (8bit):6.773823438465042
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhP8AMx7/6TsR/Jr5OhJTtEEc+GbxMWMEHFGejHr5fDp:6v/7kAMx7/6Ts/Jr5GJxJFmxMQHFG8Ln
                                                                                                                                                                                                                                                  MD5:539828AA00E3933554AD071A88D2620B
                                                                                                                                                                                                                                                  SHA1:EAB3ED1CE4E11D3428840E48870BC138DAD58499
                                                                                                                                                                                                                                                  SHA-256:CEB6F6C99816B65716862B6353DF4D4425D9E023A6BBEF7180E63954BAFED91B
                                                                                                                                                                                                                                                  SHA-512:0982F97ADA2F432BFAA87AD0598F4CB5AE482A4E57D5CD81F4848B62A7C9783F988DCE1E8DCCDB2C7D0F16DEF28387BB702E91C33E65E6EECE365548201536D2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...............w&....pHYs.................sRGB.........gAMA......a.....IDATx.}....0....-.#...A..$.H&@....F.]..D6`.2B.T...d.X....>.g..)..\]h...ho.,.j....N.'p5.Jj.....0..Y.........<..1,.v.....Jj.wr...d0.....cz(..b......d...w.......eW...C'ah....0....`..3..b.)..R.#....3q........IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\dialog-balloon-logo.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 44 x 48, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1620
                                                                                                                                                                                                                                                  Entropy (8bit):7.801361627421433
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:y/6nDZIGswiTaw1GdSET4w+r3RMMzXVetutVp6ipbIlSmdTKS:ySn+UP4wGMMzXVEut/6gElS+
                                                                                                                                                                                                                                                  MD5:6432DED3B3287224306B81E0204B1515
                                                                                                                                                                                                                                                  SHA1:4CED825AC86462D8004F80FEB0D771A8BAB89D0F
                                                                                                                                                                                                                                                  SHA-256:41998FBE91B8B250B389D89D1AA80D5817E4F2D51CE929A7D89F37AE0093D8B5
                                                                                                                                                                                                                                                  SHA-512:25AD6EA2105CDFE64D7153DCBC27F6EB64AD2565ABF378F6B8E0B7B8BDCADC8F370962B843714137720FC290CF41277ED612EB4660A209C67B1C7B44A4CAE486
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...,...0.....j.......pHYs.................sRGB.........gAMA......a.....IDATx..Ml.E....&.*M..qZ...R%..a.....VH......ZG...PW.=.!..*R..'.........:.R...I.TD,5j..`;..M.;...7..^..H.K....L~y~...1.}..c..}.f..6*.r..;..05sei-bw.....@..Q.\..<.X..........C...A!....m.!.<....=.y.h_<...D.\.A. .q.....oW5mcn.o$..{..]...^..q..p..4...O..5..D.(g.Cv-^.O....fLZ.6[...A.5.EN..............6(.<.~.d.a.Yt...nX5.-V].R....?......l...."...x..].......~..Qh^I....,....S...u.....b.4...Z.j\8......_........_.W..<^...e{..8.(I..r.PPa0...)<."h4....g.$..j(J.....-J.;x.+......6...V..V=sa.)..R:#.........[...^.>K.&..J.V.....=.ww...5[.L...&.".b.../..e..........iq...K.Y...K,d.'.,b..c....a.A.9Z.j.c.^X......]1.\{......y..C.O....8..px......(\L-f.=..0..x)....?......?.-..k.e\c3.7'.N"..'..]....9..K...5...95..k."<.....&.a.Z..w.>........Z....&_SL....B7..FD...0.)J.a.O7....*.Bd...oU+.|Z.di......^.@.s.TF....u9.+E.|f^.K....u..K..v..^....N.n`%Z..>ZYw=6v.g......Q..._l.gFS.Yl.O.1.~b.^...s..~d.I.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\edge_close.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):249
                                                                                                                                                                                                                                                  Entropy (8bit):6.533034399677308
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPZ2/6TsR/UxOffGpLpMvlvtJ/Iu2+jgDjp:6v/74/6Ts/1nGpLSvyuGZ
                                                                                                                                                                                                                                                  MD5:2172007725790B2B7A52D88DF43625A2
                                                                                                                                                                                                                                                  SHA1:56FD774395C97B8FBBF783A9BBEAF2D332252C4C
                                                                                                                                                                                                                                                  SHA-256:7537D8C8ED8AA44DD86002D4B67E0E14033E2A55CCD174F71D4DC504EE2BA8B8
                                                                                                                                                                                                                                                  SHA-512:23D3347A1944A66684C4B5E02DDDA1BD3C4B3AC43EE2E48E30010DF6C64C0F627D43B88D3F968BE499164B956A43C8EE439937B00E461643DB2287E4F96418E2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a.....IDATx..T... ..L.U....QWq.......L$..%&F.;..h.H).2f...\k.e..W..#n..}...|....,...N...@.M......f.!q.@1!T\....).-rh..>...!\.....^.K.....7...q....$......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_ss.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 176 x 190, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):18923
                                                                                                                                                                                                                                                  Entropy (8bit):7.9861701934335665
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:rRQZ43uKP67gxwrBM1vfj16druGvBBuf9aDGCdOGuQ0Xzu:lQ/KnnAJdy1aNdpuQ7
                                                                                                                                                                                                                                                  MD5:414AABA2691D865AF446A88F56DB10BF
                                                                                                                                                                                                                                                  SHA1:C7DE664C4AE999D4F31678C106C336A8AA12FEBE
                                                                                                                                                                                                                                                  SHA-256:A7B0B6B5834C71BF51DEA60B92CDB84692D7082D219F2FD460DA8B06D761B088
                                                                                                                                                                                                                                                  SHA-512:394AAFB7F371DF5A2456E4D1F478515099EA077E2EC3B3F749D1CF7E2EA1FF27BBF28DF369345D785A74D920A6829F2E11C27B380C94E175EA1221DF90638800
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a...I.IDATx..}..^Gqf.....i.dI^dI.....&..c..-,38.@&..`.!...pfB..L.,..@..$.93$.r.@0.Y..`..[.-.................."..x.....]]]..uuu..}.=..Ax..1...S.v.m.h>e<....9B]....y..h1+B...]OO#.Z<s..t..*....2.Z+..pBhF..`.J...1u....R..d.OQ+^..\...S.3..I..b....a....V2..%..G.L$..e0..d.'*(e*xA... ..k...:E.B.........h.).%].!..&.&...y...<.......R.....]....k..P...|.X.[KUZ+..@`....h..qJ.....(?...@...NF.u*..<......D.Q..OXn.2.^6.N...tQ.]<......}.7. ....~..!"....%-.....e9....sA/*'.5..D....]...r....i.TfQ.".).d....E.&@.x..l..'7..]......$....+..... .P..<....r..2.1..0.h......?... ....E.@..[.n..<..y#..,..Eg.$.2.F~.K-..^n.3..S..x./}YHD......8..FI.gB..l.5.,..lN..C...S...'F.P.....a..-.a.p..E'.I\y..5M.;..'.........+z$'..x.N$u.m.`.`...+aHY...yT...$...j...G....P...N.....&n.nA...*....5....Z.^(`..7P.|.@.:... .......P.).C...^...Nc...J.b.b.....z.<;Le.....).V=.0.2.0Z)...;...:?r.Z..&.Z.4&..:O....W..kh...u.k...+....,.k

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_ext_guide_wa.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 176 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21212
                                                                                                                                                                                                                                                  Entropy (8bit):7.98325864342395
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:O2GbDyxp4nQlUyEOZgtE0QsuSBmaibS7oiFaRXrDaLr:9SDyL4nOT9imai+7qXin
                                                                                                                                                                                                                                                  MD5:F1FBD29E2D0C3FAA510DA6A8397532DC
                                                                                                                                                                                                                                                  SHA1:FF5237B7D22A08182534B9083ABEDC36C0D3E349
                                                                                                                                                                                                                                                  SHA-256:7371BE7448704F7CFD6A8776482774791ECA122397006DC5841CE1D69436F065
                                                                                                                                                                                                                                                  SHA-512:EE496EC6F940CCF236FE8F86B7BAC8A62698049F2F310103A6BC4DCFEC4D2B3244762B844231A0326DC42197E3C851A82BF1E9E5D87A26B8EE7C5F686E4A2AD4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............J.....pHYs.................sRGB.........gAMA......a...RqIDATx....&.q.........f03.\.....^0.r%..D....k.&W.k.%..*V.7.P...I.+.....r7(KdH..eY.LZ.@..M..A.$.......s..w.?...U......;f...3.............:...!c. ^....R..g\.ri.....X..%..h%.B.....N%.F<.....X.~..\.^j.s...... ....q.:..IY).:YM....xM...L.......O.a]j.y..^.D..H..$........D.L..^..4>....8O......#B.y.8Z|JF.W....I.I.oD...2O...!3..)G.a.....J.|.(YCB>.,..*...f 0.|Xj4t..{.....!iQ~ i{.(...':......<.:H3B...$KezBs#.i.gc. .A.=...A.rF....cP.~C.|..!"...%}>..2m.2.y.,....B...."0.<....]...r`R}..%Oe..W.5e.....(....O...(..M(AW8..T.<.@z.......A..B9.....w/.IMx&4....!..r*.0&..t...8oe.j8...".>{...8<m.R..(.].Ss...O..5.+yx.rC>..q.....|HD......8.XGI.g..r.F...<X..<.....BL..B...C.&....#O.C...NQ.h$<.{^deM...A.I.e.c..r....|$..Ny.F$....r..)....C.E.P.F..hL.|..F.+y.PzW.....I.<#.....[.!...DCGe.,,T........TU.7#....5..0.<`(..E.r<...*...j.4F..u......Z8.e...T....."h5C..!........j...#.Uy.dY..D....7I.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\enable_sideloaded_ext_guide.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 176 x 133, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13412
                                                                                                                                                                                                                                                  Entropy (8bit):7.975594232205093
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:w0HE4jJ0oyx9ehCCmVEKtChcK6pRhXUPFLe1iU:5P0o00Ej8cdnCluP
                                                                                                                                                                                                                                                  MD5:12187FBB7EC8ADA4E6334B2297D78A6B
                                                                                                                                                                                                                                                  SHA1:9155356FDC70C7BB4C60950ADC4EF55BEE023B6F
                                                                                                                                                                                                                                                  SHA-256:05D775AC7CC5F970FA2A0DFF5A1F732B8DC43241F789242C17E39F4CF9AB39FC
                                                                                                                                                                                                                                                  SHA-512:55920F35FDA8F19C2372439774DED2B8E7EC61360DB81C8DB78B2A2F75F9FD10556203067E129F4D52F3BD1C9DD2B28788A12853DA15EEC9C2C18086FD68CC0B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...............r@....pHYs.................sRGB.........gAMA......a...3.IDATx..}....u........;......H..D..-n.DK".."Y...P.*.TRN....8..*;.Sv.E.n)v,Q.(J"...Iq_.. @.............g...x.p...L/.ow..}.v.<..s..DH-......>..E...}....Q$....+K.....n.%..+<.N>~\...7.}.S..oV[.rx.@<..>.....R.Gy../H.Y..4.g..PTD.Ne.:.t=J:.W)...G*_nN..(1...$\Iym0.2..By..G.4.._H..."$4N.........D.t..Dg..U\..'.....f.D..rEN.".8.A@....]......$,..xheH.)..S.N@j..........x.b...kT....#.`............^...J.......c.u:.(/..^.Z.+G./.........QR.:..*...H.6....ld\.%1../.{]P.........D&..S.P$...u...T.2@.$r....<.j...t.R...t...I."%.9..e..!H=......'.-....y`.5[...L.B..... QI....6....uX*..`..}\.Ga...5..4,...2..?.<.K.B,.0...._..............N[.+R.-..!mc.mA.N$r......Ny.MD.O.K.1.O....G.t}.L\P.g...F.f{..S.E...d0..)......R*.-.I2'..HN#...@0.f:.A..lm.R......?y...u.w..e.d6.)..'..w. ..EH..>c .($..V.$...g.R.1..Vf...a%.!O.&.l.x.q...............>......J..\....9+.||.%...d..1#...).,<p..../..X$cVX......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\green_check.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3166
                                                                                                                                                                                                                                                  Entropy (8bit):7.890916051269147
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:b/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODx7FspC:bSDZ/I09Da01l+gmkyTt6Hk8nT3KC
                                                                                                                                                                                                                                                  MD5:2048DF489A12C4C9E2341BEF42883205
                                                                                                                                                                                                                                                  SHA1:281863D9F8B8D4D0DAD62E66E35F5C96CA0155FD
                                                                                                                                                                                                                                                  SHA-256:DDA74B071B5869A22B327633D9641F1340EC5B913359BB389C34C44A6DB579A5
                                                                                                                                                                                                                                                  SHA-512:815FC1E3A2E623FEA3B13AA2BCB3895FF9DDB2A7A05E1633C83D3F647EC4A4050AF0670ED01CABA47F02A920BF6AD84191B0B03EAD1E45105DD20D302D00CCE2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\icn_mshield.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 28 x 29, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16099
                                                                                                                                                                                                                                                  Entropy (8bit):2.1119107535632073
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:R/6qMh8k29WJsEv+jJ/Zf9lnkouuJvBLD1LpKLxN+Y9rNGcfNGvsc5jq7LcQEdBp:RSB8kEWmjtZCxNXrNGQNGvsc5sx0
                                                                                                                                                                                                                                                  MD5:FE56C156669CA636CE71E5D23D9C685E
                                                                                                                                                                                                                                                  SHA1:6EF641E2CEDB274F9CE2AA2037697372C49CCA25
                                                                                                                                                                                                                                                  SHA-256:CD48CA4C27625C9286738652535097FCD7406C709371D85AD8297F8FEA19FF32
                                                                                                                                                                                                                                                  SHA-512:B82ADD72111983CAB0DB650F3D12D11E3E2CCC9681DB18484F2219EC4A8AD7F4E5BFEDEFBEE4362CD7CA03A17A025EA1E54E566AD2C458C1221F6EADAD099D62
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............Q.1....pHYs...............<AiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2017 (Windows)</xmp:CreatorTool>. <xmp:CreateDate>2017-05-31T16:18:28-07:00</xmp:CreateDate>. <

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\installer_background.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 541 x 82, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6612
                                                                                                                                                                                                                                                  Entropy (8bit):7.943206975174219
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:jSDZ/I09Da01l+gmkyTt6Hk8nTMVKh4rpfjDXliiulxWYwu4vw3eP29VIaUz:jSDS0tKg9E05TMq4Nf4QYw43v9V2
                                                                                                                                                                                                                                                  MD5:13029396423BD78CCCBB0223EA143844
                                                                                                                                                                                                                                                  SHA1:D23C69FE2AFA8469C06CD31FC8FF077B415EABC8
                                                                                                                                                                                                                                                  SHA-256:9979AC854DABCBFFED54312E8EC33B5C0402E220E100E47F0A22852EC695F248
                                                                                                                                                                                                                                                  SHA-512:32D34F2FF23DDF24D387D8A3B8A4B1D9258F525B785807466D9FD88A4097C288F0FC89E6B1C5A010F51E5C92F6941189404E194D9A3A85978F77418AA53AB85D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.......R........ ....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\jquery-1.9.0.min.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (32132), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):93205
                                                                                                                                                                                                                                                  Entropy (8bit):5.288138808574008
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:fYcvR3VhH37Ha7EmakRhIHASkCDy08otU6myJXXxMZyYk0AjrzCqlKDo9YhnaTd4:fY8MaW2c+UELKUqnAdit
                                                                                                                                                                                                                                                  MD5:15B82CF59C00E4671D2995CF6376F964
                                                                                                                                                                                                                                                  SHA1:04B90ED14478B954002E1561AC3CE3063BE75BF2
                                                                                                                                                                                                                                                  SHA-256:C2714DDC6328A8938937CEDB86849CE5B98575120E73041D8FE802324893F734
                                                                                                                                                                                                                                                  SHA-512:B5CD7CAD33A92445750C5D5AEBB38B52BAC9B2F278FF103A9370809213D71ED39F995EF4810951DBA05040DC344B036FB0FCD68BECF0D0FEFA83B7B6A4B0336B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! jQuery v1.9.0 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license */(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i||c[f].data)||!u||r!==t)return f||(l?e[s]=f=K.pop()||st.guid++:f=s),c[f]||(c[f]={},l||(c[f].toJSON=st.noop)),("object"==typeof n||"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\keep_changes_guide.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 176 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14533
                                                                                                                                                                                                                                                  Entropy (8bit):7.978234763785096
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:vbRTZyLGqlTGW2+6E7JfwA1fKUCYhVwKqpU:jRTZyKK6E7T1SUCYhVwA
                                                                                                                                                                                                                                                  MD5:AD6E786595C48812BE2D9BC7FE5D1485
                                                                                                                                                                                                                                                  SHA1:E98E3B2DFA4354754EC58188D88F6687DC239E22
                                                                                                                                                                                                                                                  SHA-256:4715BA3F13FB3554D64542BA93605E87DDB8601301F2C15B9CD65B708FFFEE57
                                                                                                                                                                                                                                                  SHA-512:2C0735D80841CEA8CE8F4816E9548B5A9474530781B1510A1FB72951EB36679B43F4ED86025CB9C5B8E2E81432B356D3466ED5FFE5A783773A77B142253BB0B6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............~B.u....pHYs.................sRGB.........gAMA......a...8ZIDATx..}y.^Gu...M.V..kiY.dk.!v,..bl.c...c.....@&..0......rfB.29.....5... $..c[F.dc.,.R.%..t.....^U.......^..}.~..u..{..u.V...S..r...c../Mu..n..Z.8..@.......b5..Q=/.O.\t....r.TS.|.1......... ....`.J.s....~....$+...U.V./O..kf..t.g.*...x....J2.i.y.G..#...d.Z.5.(......K...o..4n.W....#G.>.<....'_.!.].P.P..*.._..=.ya...o..`0q...zd..T..f...7TXci.d6....1....9......._.p..9.i0......*....:..%.D.Q)-...e.u3.y,..:...<.VW_g..].....o.U_.n\C..8.kI...l..ux.Y01....WJ.q.Q.I&....C...J )..T....<.....v..b.u0..qv[.s0An.;..tC...S:.:XzB_G]....O.tc..1C!.....Ly.I.a.~xts.A.%.{....4...ln.g.)..........=y..@...:..QQ.]i...0....p........5K.xxTE.:.}...q|...pq.SSSX...5.Wa...hin...)N.p..G]H..O..j.F+.<@..x......F.}.[.F...2-...%...=hmiv...$f..a.4bI+...C;.L.6.iM.....G.......DH.}QO....|.Y..|.i.Y.....x.......e..:.eZ:t..p&,U..KL...AM.iw..7...T....t..\oy..2%.!..!.p(V... ..X. V......).,.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\loading-spinner.gif

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 200 x 200
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):61451
                                                                                                                                                                                                                                                  Entropy (8bit):7.343059446968563
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:9fvs6a/gxRWNtTA4EOvbc51qb0zFy/Sc6mS8oyYVX3YeP8XFWZLNCih:9fkj8RWNtTA4EOzc3lBl58AdNCih
                                                                                                                                                                                                                                                  MD5:CBE8A62A079FCC257A6334A506A865A1
                                                                                                                                                                                                                                                  SHA1:B0135BD4B9A31BC7105111213C286FB3C06DEA7D
                                                                                                                                                                                                                                                  SHA-256:3A0F2212D503E07BE1246CFEBBBDEB40B642A44B4A3DEB959DFF78063A9822E0
                                                                                                                                                                                                                                                  SHA-512:C7AD87184B524C5908E9832675188DEC751484C849020031F91E5030AFA94AECEEB2DF3777657533947339A48A96A24C21D22D29C4A51C75BBF6000634993A05
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:GIF89a...........2/.50.4/.4/.4/.4/.4/.4/.4/.61.>9.E@.HC.HC.HC.HC.ID.ID.ID.LH.UP.[W.]X.]Y.]Y.]Y.]Y.]Y.b^.jf.nk.pl.pm.pm.pm.qn.qn.ro.ur.yv.~{..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................!..NETSCAPE2.0.....!.......,............[..H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h..x...W..[Un[.u..j...}.J.,.*..N.#f.x....B..RF...;..x...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\logomark_white.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):343
                                                                                                                                                                                                                                                  Entropy (8bit):6.9403490183632535
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPUp/6TsR/N7FDkQp+Fj4zBeQzdHLqOkNTcvKMK5iloCQl53fHKxgjTfv6Rp:6v/7Q/6Ts/N7tWAHdETeKMKsoCc53v/+
                                                                                                                                                                                                                                                  MD5:37F342F2D1658BF871B235B20CC254B5
                                                                                                                                                                                                                                                  SHA1:137F20C7685717B19BB089041AA03FA001601D09
                                                                                                                                                                                                                                                  SHA-256:432AF358A422B668D90A9B05D2329922BA20DE2E24F419232967601E7B8E77E7
                                                                                                                                                                                                                                                  SHA-512:B20465A790529F063309426AB878CD67823EA40FC5B464C5ABE2DCD7A26721FB57D26BCFADDED47CE584E0F575CC0FF922C29DA2DF6B8A18AECD567B678B5DDB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................pHYs.................sRGB.........gAMA......a.....IDATx.....0..[....n...&8.n .8....t...6...;...[z..../5..g(9.B..5....5..7..K...fk.....D.......~.b..'Od.B_..%....P.T.(Y`......i!.....\...l.F$....l...=.ab}.;.f......N..Y.K...ffy.(.g.....,.<.M..2..Gdio?..A.W.~w.....5...:S...S....3.Z.......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\main_close.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 7 x 7, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):535
                                                                                                                                                                                                                                                  Entropy (8bit):6.070255751604191
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7nsXUyptiPCC0turztDt5q8j1Age/6TZ+RyxtWcHzSoLiKEMBLKBd:YynOf0tiztDt4yxe/6oE8cHzhmKEMBWn
                                                                                                                                                                                                                                                  MD5:78118351597A04AE4CC8D899475BBA49
                                                                                                                                                                                                                                                  SHA1:3EED037A8879EC6F84C2545CBC3D710494C2FF88
                                                                                                                                                                                                                                                  SHA-256:D9059CE8A29D6CE4FB46BBC2292EFCA3478FB5D2DF106B33D4A37B50E41FEC39
                                                                                                                                                                                                                                                  SHA-512:DB64A010162385441800F0CF0212C68791447EB5361793389BC632B7B14E15EEA3CE7DDA89987EBF7414334022FC64FBB1002816532EA106F0CD873D109A1081
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...................gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE[y.^y.^y.]y.`w.]y.g|.[x.ez.^y.To.\y.]x.]y.]y.Zx.\y.]y.^z.]y.]y.Hu.\y.]y.]x.]y.]y.]y.\x.]y.]y.]y.\y.]y.]y.]y.]y.]y.^z.]y.]y.]y.^z.]y...........,tRNS.............a}.C...l.3.>...=B. i.S.U-.`e<..*.>....bKGD,..q.....pHYs.................tIME......9.3.....@IDAT..c...g`..d.......``.....af`a...gcg`V.VTR.`PPQ.TSWe.........aa. .......%tEXtdate:create.2022-02-16T17:16:42+00:00.v\^...%tEXtdate:modify.2022-02-16T17:16:42+00:00.+......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mc-logo-tm-bottom.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 110 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1542
                                                                                                                                                                                                                                                  Entropy (8bit):7.83009227115315
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:p/6xpdQeP1E+SD3r7bJsdU70sEDNdQ8Cxc:pSJ31UbLLDEMo
                                                                                                                                                                                                                                                  MD5:66016348184FBD87A9732F55FF570A7E
                                                                                                                                                                                                                                                  SHA1:DBF5CF9A220FFBA7513BB85A7008A292FCF2B8DF
                                                                                                                                                                                                                                                  SHA-256:BA8A9DF4C31C08AD40EB4A81DEF7C41707350BCDD43718159884592E071446C2
                                                                                                                                                                                                                                                  SHA-512:2939A8037E7824AB4603BF2C1C75A3F9A909C9CA559EF18EA535090C6D50EEF79AC3FF97D6FB52D3037481C94A488C217091EFDBDFB95B701AA4415F5FA92C72
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...n.........l..\....pHYs.................sRGB.........gAMA......a.....IDATx..YQr.H....@.........'.t..'0>@....'.>....=.....X.H.....U......A....._...M...._w.E.l.%.?..hC..MO.]A....Ctt4.]SI..>.m.....o.)/..)....t.L.Ng..A&"!"..5......Jl.-....[e......|.\.t'h4.!......+.s..R..A.r.~.^......--sH........]........8,.l..r.......B.."f9P..W..n}..=....{.1.@|...@..7N.r,.h...i{..'..I...x=.^..A...6q..~.E...g..=UT.....W..._KT*-......ND.....R~^'....j.2...!....B......w..=........8|(..u.r.E5.RF..r...L.d...Ow..S...M.2.....Dp...C.X.e~.....D..u.h...Y}.q.XI9EQ8..".#....'zsv.8........N..hV2.....e^.9UN&.V.X.3..I..F....)K............oLG...x.x..X.Kf...g..XV...G.+W....9..i].....B.K..1{.j.S..i...M..X....pl.....6..%;..mNG...K..C.8........Y.7...r.;0>P).:Z<c...9.....b8<.{d.:-.Pt.u..U....AZ...G..{.r..._.....M&m>....d.O)d{).A...Xr\...s.Ir..E..8...R..G......^...io.>...C..|lPc@.S.2Z.@.`.v....F.u.%r....F.sj...I\.paQ......|.;.c.i..)}.S4..K.DvQ.p...sfY..0*..v.M)w]..I;.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-1.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 87 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1559
                                                                                                                                                                                                                                                  Entropy (8bit):7.837839289025892
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:s/6yUlzHLuHwW1nx0MX/pET0ltUxHPJH3jT2M0wlH2s3R3LqyT7UFStz:s/6yOLP6vX/w0YlPRT2M0wlHfLjYstz
                                                                                                                                                                                                                                                  MD5:FA83BC8E14C9D2734DDBE84015E5BF3A
                                                                                                                                                                                                                                                  SHA1:2A863213DC1905FE82EFE6B1A5C4A039A34569B7
                                                                                                                                                                                                                                                  SHA-256:89F1D402046412A2921E41B0C4660DFCC9EE8C126EE8852CEE8B450038836B2F
                                                                                                                                                                                                                                                  SHA-512:3EEF9CC44509E74A4147BE230A372FC5E29E7A8AC85BB08B03FC584D9AEDECDBCB609208BA8951802FC770F70CA570159AC693C8BDF3F1EA2EC9F1F160A694C2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...W..........]B.....pHYs.................sRGB.........gAMA......a.....IDATx..X.j.G.>g....Mb.J6.&..(O....^Y~..O.]...].-...V. .U..$?A..........hd...v...=.^....\...F.g..|..9g.?.]....;..}..eD'.V,.'&..(.......MO/..J........8.7.o.6..h..4Y...T'.....MO...1.,....I.....f..yqr.?.s..../e.lIeo.B...7.&....P.bSel".Y..y..a..:+@*>g....B.j.E.X....l..;t.h.A.vw..FhbHq.*Z.KH2WA.:H^...@...>.p...:{,...d.M..^.$......-M..Gp.S..).\.r.........#.Q...Z...1..g...(!...'.7_m.C.T:=....8.....R........%%..@...q...1....0.}.?....H......)..5Q..x........i.8.$...i84J...&.lr..).....U@..H..eaq,..k..P....h...b.Ur......-gN....7..OPd.=rt.)\E7.kC8#.IN..}.7ol.i..%...\.=......hMy...t..i.#.........$..r...n..2 %.zG.@.B[=...;.....K....<b.#C.B.B........K...^.B....!...V.mw.M...d...R+.\.......t.. ..i..13.b(}.!#..6.B..qH.cn....Z.....E#[%..........P.06....B...3......;ba!...-.w=!.\......w.....&.....T,.:...i...Q.k.~..w^..S.....'.P.<.G....G<14.`.p.D7..u...#.:e 7..L..9V....r*.\R..g...Ml0d.d.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-2024.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 89 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1434
                                                                                                                                                                                                                                                  Entropy (8bit):7.812188474968883
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:gB/6FZKjUohZU/XCYVDr/K62aGThNbG+NetmhomQlgLCSX5wi:gB/62Y8qr/K621ThUWe0hongZpj
                                                                                                                                                                                                                                                  MD5:C564D03DCC373E6C01F4A0C8AEBDB30E
                                                                                                                                                                                                                                                  SHA1:0B8065753F23EC09CD5F4B0232631C687F4DFD27
                                                                                                                                                                                                                                                  SHA-256:1C7DA56A2BDE70E1CB265DBB8E8B04AB02D88B62A9BBF056A35F788D8D875993
                                                                                                                                                                                                                                                  SHA-512:04AFEFF007F2F5098B8B28D3B4DAAE07DA8467B3ACA73AA838AD5DC3EED2AF4088D48CB20B02213F948686A34EEB3A3C6EA5384FAD59E58B876E7F63ACFB5FAE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...Y.........0.r.....pHYs.................sRGB.........gAMA......a..../IDATx..X.q.:.^..rc.I...P..+0Y..+.]..."U`...U...Q.D....2V.Cx3g2..-.R MJ..39xgh...X|..aa1.v#At..F.r....1.......?O...^.z..]....F[.?..<......g......\*..H.......w.]..#.0.7q..V..fd..@g.B.K.<.I...@g....<.bg....?....B.K..MW..........[.n.Y.Z..;(>:....h7..?.v_.;x>8....u-.....(jR....^...p.....|g.#...v@{.G.....dzP.jZ..l...:ET.....FT.L....?.{...]..7......Z-........^.L+.9..K. '...........pT.....6).8.5;..?5mUu.....U.+s8...<...y~.~..(uAG...kT..d..t..!.b...7....].....N......C....I[2...Y...;.su..u..o.......N~Y.....>)V...)'u...f.'O...N...5..ez..$......:'..0..AG...q.\^...&..#7r..^....@...|.XS....#I.QwpT.......@...}..Q.{.no....v._..\[.#*.E.....[.~.6.]_....eD?/...........<.h.~#kh.P.+eHY.T.#p....'.`Z2Q.....|......l.(...Y....c>....j...&..i..E.A6...<.ZA.....n,../J.Z.p..'...:c....R_...e..~.t.~_.)..:Z...usTY....c..P.^.x......C.........X...W.H..y..)2.N...:Z..0ux.6........k@f...:u.....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-lg.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 112 x 22, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1940
                                                                                                                                                                                                                                                  Entropy (8bit):7.870572433344458
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:XC/6ajsovRkZHy/em1P2FGb2bQ3t/3NJ4BNofx6yRQG4R:SSagovk+emwqQYbJIo0yRYR
                                                                                                                                                                                                                                                  MD5:2E6E7984268E9D344B13491198D160B0
                                                                                                                                                                                                                                                  SHA1:E88EED75E8E8CA8A2458761B561927B6DABB8C00
                                                                                                                                                                                                                                                  SHA-256:3EF3E4739C30F116531F7B40BD0E14D3A487C3F28C27B52C47EB04D8AB0B9C5F
                                                                                                                                                                                                                                                  SHA-512:E60EE5CE3183AEE8C157CFD0922F9310103F0B291254897FE504AC0F10C440F3F7D3A32AED6383E8AD63D4414BD8E27A0C773929B63012D9CEB792445FE5EDC8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...p..........M......pHYs.................sRGB.........gAMA......a....)IDATx..Y.n.G.>3.`T.\..6\d....d...O.y..U.6.5Hq..........^...^d..8i......~gw.....M....I.fg...3.9gFx.R[.5.:......t.J.<...2..V....mT:..N.v....]...,."../Ju..Q...v..k.....kB..$.<..s[.z...?.H.\L..E.bb..6.a2.._-.4{}W..M......._....e..W.q.!...!`H[x8....W.L.7dqD>....R..O.S).!...S.,pR.Pq.....wI.".d.M...bm.X\..y...f..:.`7{.e..*RH*.,.X.R...1.P.*...XD...2...]..{..S.S..V.5/.H*6.2eb..Xg.v....3...b..G.\5.|v;X.7.b..C.....R....LJ]..*...\..{..]:[....^../....Z..x2...M.]....jM..l.I....&4qF.bM.v:L.vE.'.Y.h0.."S...y93...W..;.........s......4C..H.t....n...((p.4k.5/.}V4..HF!8 a.k.........nr.r.j......CY.b.d.....H&.Y3f.$.4.J.Z....w{=6r..l.o.....V_>.?.'...x..b..zY..J....h...Ay/..s....o..*.I..c;s.\^..^4...U9...r$..\....l..m...1..6..q.........+.Y.V ;....|'.d...b.=..]....4Pj...BK..X..&..I......L_.m.`f..iQT... .....&.ou.0.'....c..;.=..t.c|f).....i01&R..7oZx..B.?.}....J3 .KTD..A!O<.....jJ..,cA.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 86 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2238
                                                                                                                                                                                                                                                  Entropy (8bit):7.897965521812157
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:a/3bdLf7SAa7meAyze8p8XMnkL4NpP+Tl1TcVhCx4:qLddUJAyzVZnkLu6lF8hCx4
                                                                                                                                                                                                                                                  MD5:2B2ED7BD7CD047459628DC4AE1728E85
                                                                                                                                                                                                                                                  SHA1:F8F4933BEE5717D3CC67704F863896258EC023E1
                                                                                                                                                                                                                                                  SHA-256:1DB0EC3C7FFD1C9DDEB5F0E4217C1EF38EB02700E4A7F3A557D1F052092D4E42
                                                                                                                                                                                                                                                  SHA-512:B3CE912074BDE9758A93B18C6478AEB689A0AAEBC5F9D228A5C95F045C0BA24963FC7F32EC1E1BC93D50890132D3B1515247C9ED3DEFD99F517752A23BA7EAB5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...V.........G.[#....gAMA......a....uIDATX..X{p.W.....4,y.y.n..S..U.E.I`j....X..-.j..Gk.U..QFl-.p..V.Ne.hU..PBv.yF.....iI..I.$......../,.M........s..{..>vbAa...Tg.1....j-......R..M.?v..Vk..V..<.........y...t..%W|A.v..v..t:.......i........-.xud.!...\A.M.X.e...?0.7.w5..9......=1........~../#.wD(4.d./...-|..V...<f./l.Z..:..j].H.8..P...q....YZ....jsg-..I;'UqBJY....!.L..:......g.,.#W.4..y..f......=..<..B.......|..<..L.....G.uR.z.L..?L..H..al......W...4.3.......La..}.t_.".j.p.;.....'"..]yy5.... ......=.Q....QH.R...TU.I....f.......v{.V...?.{.......D,....}..b2..6.......^....nf""...\|.............w..J.i.W3!j....JCd...e[....$.U.F,OH.8....f.v.....z)z'.../...`8Pb....`xf.........^.7..`.K..}.c.S..7/z..Q..e.!9./..o..`.7.....v.$.'..X.v....v..".B._0Z.F..#......S]O..:.r.N.X..m...........Dx.....]....s"Bt.6.<..F.o+.z......B|..5DC..).,..y.0L.X.5$.Mh+.\].....Xq...~`..8..;YQ..t.{&....H.l.b..3..@(...#r..,......-...,..#..,......C7..6~.h

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 86 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1201
                                                                                                                                                                                                                                                  Entropy (8bit):7.763272753991154
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:8B/659eWA6XuELEiVKshz96Ajxbd/ErBYPwxhYvjtcFpcG69X7VSkHVs6Lb:8B/63VXuELESZPxbSVYPwUvBcFpc1Dpb
                                                                                                                                                                                                                                                  MD5:A624A806CD38AA64130A0C228271DE75
                                                                                                                                                                                                                                                  SHA1:118201F6A512D67C5EE112CD0A0C4EBD5C66FAD5
                                                                                                                                                                                                                                                  SHA-256:A6E96121FE3D151FAFF5B247F926F93D27790250F9E2A27BAAF841DF5D82B6E1
                                                                                                                                                                                                                                                  SHA-512:D8C08C245A6F68FFC058D2571567034229EBB96A595B17469FC7B6E26F6BF47FDF34C2527B5800667790F88648CAE8C7F262677E53CCB713968A6C03B0D54FE8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...V..........W......pHYs.................sRGB.........gAMA......a....FIDATx..X.Q.J.n..b}["x"....dNr.."@....$"."...8.t.]>`G.2.n..w..t.j....v.@W.4......L.]..,......&.'TUGdL.|.r.....N@.XJ'.BL).&(........A...L. ...,...d|...`0,...8T...EQl.PU?.A...!..aZCL.w....^.....v ...xUuI,3.1......s.1....g.uj.#Z..A.Q...^.9ww).....Jz.....-..d....k...C.m.=3(....rc.'.avwKM.u!........%.._..;4,X.}vbh.r..s.W.4..o.3*.n.B...i{_..Z...7..}e.Q.\n.j2j}.T@"O....Z.B.....b/..l.[.....G..3d...&....AS.UG5..Q..)e..<.5....|...O....g..b#..Mb.B.s.t.........R..;.1o..`..[.a.,d`E.....9.oT.........9..}....Y....Vf. i.3.. .....]..&.)...S8..u.(u0.N|.....+.(........:.0.m<p(.[...X.P....`Hu....!..c...).Bw..|.F<".7..;..........fT.......|..P.........|..-l.E.Y....E....L....e........V.W.]....~\...j.a..8...G4J..uC....(.....W6.....\..FDk..1...n.. Z...:....C;.F...jvbp.).....n...r...w<.j.Z....Q..|...u....8e.(.M.,B...E'&1............._`..../....6'...VU.....amZ....E..;...Y....S..(..B.m..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 67 x 57, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2052
                                                                                                                                                                                                                                                  Entropy (8bit):7.890065571351557
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CHjblGYXQQEZZyIOrNK6rC4lWVkOjKpgOojQ9dCe2LfmC:PYgNZKJKSC4YF+WjyOZ
                                                                                                                                                                                                                                                  MD5:18344204EC04F1E95E086D3BC94FA0FD
                                                                                                                                                                                                                                                  SHA1:87CA3ED8948774091B451F7CB2F95139E56D351B
                                                                                                                                                                                                                                                  SHA-256:30ADF46FD9311E5C6DFEA8A2AB2176EBAF83E7019EE341896FC3AAA5F498D2BA
                                                                                                                                                                                                                                                  SHA-512:13757DC62505D01E44523823F38001D28A2FB9CBA5ACBF9CB7D9BDD8D0F19583D814E5A47B2DB255E18CCC05C34D43A02C387B60D05D1E802F9AF527D3633C5E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...C...9.....ms......gAMA......a.....IDATh...l.........|u...4q....T$....IHK.u.h...lS..{.....i.6..h....@PX[.&...AH.&.($E.(.R..).......M..:..}.g.M.8.c3.'........{....}.``....q.. 0..b.=B..?.:t......1..P_f5.......).7\..e..Y.gA.......XPL...Hss. .ks..... ..aPx;|VO..{{{).`"...VAb....u.|..>_..#......2>V......9.g ....<Bss.T....LFI[[..+%.Y.....N...~X.!......h.q.J.l...A.s...p8,.|.K2..'.{.j..c.<.|m..<.....'.K....zF...nu..<...\.a#U.Q.a#`..ZF%`...6..=j{ta...ax.....\.<.H....<>.'...x......./n..g..'G.z.E.|.....(H~)2...U..O.?w...u.X{..j.v.D.M...z.9.|.a.......\v..f..0....0..1Xs..p&5.C.?....XY.~...K...p.._.+.*...KEF......5V.f....l.u...N..../o....t....b.......z.).....v............f......L.:.n+..s>.r0l.i..&.u...1.J)..sk0l.j0j0l.l....C.......*3Q#..7.......f.[..&).r.z..0..^Xs...z.-`....3..........{N.e...g...O..~[A.F...."....E.d|..?.8S.........}.|;.......>u..B.....Y Z.w.....W..:...Z+.r....+...7..._..b..........~.a..w..o........0.J...[.d...W..>...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7205
                                                                                                                                                                                                                                                  Entropy (8bit):7.9471260512499375
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:KS4Do1RyFyKSZ4pTSumpAO/Ap6CQU9Uw/JLO/xvifnL:F4E1RCFpWumX/Ap2UeMq/xGL
                                                                                                                                                                                                                                                  MD5:F2E3045621ADE164E9DA40F294BEB00C
                                                                                                                                                                                                                                                  SHA1:36E9D967C679FC898BED1FF6751A73BB863EAF79
                                                                                                                                                                                                                                                  SHA-256:D820CF499FC4A9453771A23209A6C63DDD2CE3439E8B651A98DDF0C36ED2BDA5
                                                                                                                                                                                                                                                  SHA-512:7E515A44BD63B33881EE86E0A911897138F2BA0A6E81925612EAF19E3EDAC5A9FDCEDE30E3AFF3E906A4BBA8AA4570E06308D75783057015C882C7E62A880928
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...`...`......w8....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD..............pHYs.................tIME......'..l.....IDATx..y.\U..?......./.@@....E&..P..GF.Q.F.....#..T..........D4.AC....b. +![w..NuU/.....q.z!.ToI@..SIW.s..}.y..s.U..?g.D?`..._T.(..}.n.I.w"+_..r0}y,.....`&....P......8.,....n.I..c@.4._....]@.J..UL.....A...[K........[.-...A.....g.'.N........#.l`.p'.d..o.@@T.P..tQ.A..........t..q`5.=...B.(Q.).."..`1j..&..n....}..e..].....-...x]..p%d.(,............g....o.C......p.j ..W~tW.3.]mq ...H.Q.P..-...Q2...v..O(..`...8....?.4...A..}#K...m......|-.....w.2.m..lwL....Ys..y.;..\.Q ..p..e....B'p..........^@m.c\..[..Z!v....*a5...T#R..B8YH|.....iw...8......,f.v......i`..:T.!F.\....t"5....0..._..K ...M.`.8d.5.9.x.c.v.A...Ug...Va.d.?..M]B.U..E.E.....: . .B5.B.1."......>...w7.-....@.P.;.d.LUp.D.0..R..TE......k..K[.>o...?.~....i..}bu...6......Pj.g.U..~'..+.|.F'......y..t.p..0.6 ........E.).n`...3\-D.......^~6..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafeeicon.ico

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):285478
                                                                                                                                                                                                                                                  Entropy (8bit):2.4849077310090886
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:gtOQaZJ9Lhsvel7gsxdrTr8M4JnGirZTiAF9EOoRoQoPEgyY7oooxro:SOQaZJsvel7gaWNVx4AF9EOg5O7BAro
                                                                                                                                                                                                                                                  MD5:F7D9142AC3C0C7228507E927D05F9727
                                                                                                                                                                                                                                                  SHA1:7B8C9829534DF5B2BAAC806141F72B0AFDCB03A3
                                                                                                                                                                                                                                                  SHA-256:F91461D2F81839CB58DA4A9FACA47C51352558BB636C522F9272519F7D910E61
                                                                                                                                                                                                                                                  SHA-512:5C53D7B6496CFC4A855A7CA9F95D2F127139CCB812610F74790867F056EC48A4F3A6F2CB95574FCF0AE027B9B3497F0D80B1FF235828EA66C92D18603081E725
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:............ .h...F... .... .........00.... ..%..V......... .( ...:..(....... ..... ....................................................B......t...t:...........................................V..............u...t...t...tN..t........................j......................u...u...u...u...t...t`..t....................................h..tp..t...u...u...u...u...t............................T..............t...t^..t...u...u...t...................................................t...t...u...t.......................................................t...u...t.......................................................t...u...t.......................................................t...u...t...................................."..t...............t...u...t............................2..........t...t...t*......t...u...t.......................................u...u...t...t...t...u...t.......................................t...u...u...u...u...u...t................................z......t...t...t...u...u...u...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\minimize.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):195
                                                                                                                                                                                                                                                  Entropy (8bit):6.068066723651005
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:yionv//thPlJlawvlkV42/uDlhlp8Lts7CX9/Bxdzo1i9MsN2ocx1PmnCCj1vkxz:6v/lhP70wS7/6TsR/Dvo1oiPOnuMwkup
                                                                                                                                                                                                                                                  MD5:DC1EB36132B94A110553E31FB69B06C3
                                                                                                                                                                                                                                                  SHA1:B5E281F185E2A7159B4E1EE74C27FA31E00EDA03
                                                                                                                                                                                                                                                  SHA-256:237B2E4C1D42366B7EC89852F5C43C7D12C961D2A8990A87FE5CAC827C6C2FC2
                                                                                                                                                                                                                                                  SHA-512:3E51E41E82D903AC06A911CEB70861F49F682E6F22AB6EE07DE8FE4B351CF255F9D95FAAE7282C516C9226E56C6B7C8DF87135F0E7AC699F7179B4D176234E29
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............;.J....pHYs.................sRGB.........gAMA......a....XIDATx.....0.......A..9.....Y. .Kr..T..[W|@.]C>.q...bE.I.s..........TL*..V,.E.q......X......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\msac.ico

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:MS Windows icon resource - 9 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):334740
                                                                                                                                                                                                                                                  Entropy (8bit):5.49770045405099
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:vYW4/fFn7A4xnC0IzntmbG8B7doDbtYdLVYRWns6yC:vJCffC0Izntm6S7QbKDYInKC
                                                                                                                                                                                                                                                  MD5:83923FAC3D4E58231B7527BDFACA2794
                                                                                                                                                                                                                                                  SHA1:492C8D0F08203EB28A2999895B1B5994F51F630B
                                                                                                                                                                                                                                                  SHA-256:B6E7BDFA89B2445E120C0583BF97EFA915DFD43BB02CB129C2D9267AAF3BA618
                                                                                                                                                                                                                                                  SHA-512:A8A5B976417B19313C2939BD2BAFD9FB918A1F413713259C120A296BEA00B49D36CFFA1DE25A9C58D2987007FC9BBD4AE8D198C7D37448080C8E34D8EEDEFE54
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:............ .h............. ......... .... .........00.... ..%......@@.... .(B...D..``.... ............... .(............. .(R...#........ ......u..(....... ..... ........................................../C..0D.*@T7,AS..$-../<......................................-@......:Ri5Qk.=Yq.<Vm.:RgS5K^.(9F.3HZ......................-?.Gu..!<UT&D`.>]x.Ig..Jh..If..Gc|.C^u.>Wmd:Pd.;Rf..........#3.0Pn."=U@)Gc.,Li.Cb}.Rq..Rp..Qo..Rq..Qo..Kg..@YoeD^u.........%@X.$?V$2Oj./Nk.-Nk.Ji..i...j...e...^}..Xw..Om..B\rqHd}....._|..:Zx.Cc._Qs..Gg..1Qn.Uv..p...q...r...q...n...d..._{..........^...]~.,\...[~..^...Qq..Wu..n...v...x...v...t...o...j...m..v]...Yz.'\~..a...d...b...?O..&*..1;..CU..Vo..h...r...o...f...c..;d...Yz..^...f...g...GX..%%........R...P...i.."w.+;{.:Wx.Pr..i...`...Z|.D`...b...:Sr.,1..--..."a...0...1...D...x...j..,R.Op..^..Fd...a...f...<Yu..2Y./2..01...!U...4...7...:...~...w.Jh..a...`...\~.89Zz.:Z{.9Zy.9R.../..-....'...$....z...Q......!}.Vw..`...c...b...;\}.;\}#;\z.9O..#$..$$..&&..&'........s...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\open_sideloaded_ext_alert_guide.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 176 x 189, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20549
                                                                                                                                                                                                                                                  Entropy (8bit):7.986108821429097
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ekwMaIBryFTsB7sckuOrzdqL+0ZgDdNiC+Pjo0eiTGhXDEi0t+XKWDt:TwMaINyFQhLRizdy+06DOLjBemmzEFWh
                                                                                                                                                                                                                                                  MD5:0050197C4E3C6801D783762609EF6226
                                                                                                                                                                                                                                                  SHA1:5B1E4016652C53EE3729D3125EB3F231DD69A206
                                                                                                                                                                                                                                                  SHA-256:F42ECF07D3EAD5B48C1125B19F101FA4B3C6271F4FB43196876003615C31F31C
                                                                                                                                                                                                                                                  SHA-512:B527E6A611394798E8467D797251A094FD9E06686CFDD95C40545697E79308246C51C007D9EBCF8B6A5B56BF810A851A10DAED9AE1DE9995B757558DFDCE0F73
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............)......pHYs.................sRGB.........gAMA......a...O.IDATx..k.e.u.......0......`.....H..IP$ER.c1J"G.Rq.J?.r.........B....-+....T"..-3$%.,.!>.........<f...}..{...k.^.....pa.u..w?V...z....q?z...5m .D{..K.....hC..c.|\F]V..]u...O_.nK..*..N%~V.#oW..........5....".....D}.%_.....MHS}..._/.G......Z).c..J....>..zsz.6..z...*...^[...Xy.h...l2..IT...\..R=.}..0.P].8.N..6..V.i.|...O.ur.|..u=.....2.x..>...K...>.....GP.<.3...6.R..78..G)..x........6(. .3...Q......r.^.....x.......q..@...]/~......F.v.W...IJ.3}......n>....l.-_I.0.;u..j.B=.9.y.?.d.].lB.C.....xQ(..2..dr..'C...B.]._.(e.k..O....9..2..p...=...y2.".V..&.lk..P=.x..K....J4..%1R...&:.%ax........B.k.q)....p..$...B+..:Y.s|.B,hR...j.K......-...G.1....-x.(G..1....+5..?..#.......P_.....$/.>.e..l..c...... ......@.p...Z`I...5R..BV.8c.L#.\.... %..B....)AS.,.>..296...B...y.l.b.r0.O.D0...^e.iDL.5Xyb.RPf...a...MTL.4.x.t....\uf2).J.6@r.../....$gQ.X.r0hvrV.|J.%...d+..#o..._.....G..a....+,v@

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_1.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):942
                                                                                                                                                                                                                                                  Entropy (8bit):7.531868737958494
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:9s/6Hwf01d5/znYDjqWy8Yi5x7fzO/eoTMO/0T3hQ:9s/6Hw81fzYHqWyyDzD2h
                                                                                                                                                                                                                                                  MD5:50A8EBBBE54E38389C31C82D126B414D
                                                                                                                                                                                                                                                  SHA1:C93D3B7CB702DE03C6AB2C8CF7C6520F45613FCE
                                                                                                                                                                                                                                                  SHA-256:B5750D21ABAD17B37896862D5B6598FABEEC4B45EB1C327ECFE4056CC2E890D0
                                                                                                                                                                                                                                                  SHA-512:E67712C56B2B5465BF9481DEFB814A98439EA9656A6F65A0F6A7355D30979C65093FA5325751F5753EC615E8EDD7BA604B9E3E7A5BD46F95179C6DA56012002A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....CIDATx...MN.@.......7.9A.B.r........i.u.m@..r..P.mo..u....]...:...i>....q.?..q...../D.........}...V...bzA".z....ZH.$...z................$^.HVi.Po.@......<.q+.N.>..o3...u;..:;zO.%.<..l.a..2.....$"A...Jd$..7....d.r....(RO..5.s.w....%d;.CCp...=.Z.<8~u...w.p.H.DN.............+..(."..W.t....$.;......pE6......Z.id`...Ob..O...C.yP..M.6o.......p.P..PB%..f........'...WT......%Jd...6...F....V(>N>#...P.....Y..Dw....&.Q._SN...G..?.../L.l.!Y?....:......d.g.]......c.8.O.l.B.1....Q.{,......|.=..,...-$..&L.6.~zL9m.>.F...(.0Y....$....!.M....A.uk.....X.....<..P..d..^...e.....Ku......#..8..<...%....\).(......F...eubo....<..........]..,..p.<.ZV....w.amk.V...%PT.Ff.<?9.2T.'.S..Z...$..!4.....t.g......"t....<@.....?I3`.\......p........?Hgj..>.?.....TQ.........<<.r.9...!..L..P....b).Q.......B.......f..#<a.\.X....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):936
                                                                                                                                                                                                                                                  Entropy (8bit):7.559903053416362
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:9s/6BsT2qpwH99jdztSFrR1SZ5id3SBMKSb6b0oqqR:9s/6BsOjxQFr88SBTBYoq+
                                                                                                                                                                                                                                                  MD5:1380B82254D9056AE17D2C9C333BCD5B
                                                                                                                                                                                                                                                  SHA1:FD419D0EDF583E313F7F7F1BE565E7EB3F2519B8
                                                                                                                                                                                                                                                  SHA-256:FEECF9909347B956549A39AB182F367F78E9C1306CA2DA146638CBDD3BFBA285
                                                                                                                                                                                                                                                  SHA-512:9FC77FA74EA43F15ECC787FBC6299492196E8218FFCA1A6A4D750EBAF2A588FC14399D498FAD9B1DE5A3E0A316F3DD57350A1B2B0D67309CCA699BC96ACE89F5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....=IDATx...AN.@...7v.`...NP..h...z..9.,.v.d...J..$..n{...knP.........M...#.......v....L./".....X..^\n.f......kQ..7....=S......Z.%.#@..'.<.-@...WE......x.:..$#...W..A...v..z.G8.U..Xs.p....<.N.y.+@vG...T..0`...........~.....;c...{..P.......!5..x...J..DoN..!@........]n.Uj.....]{.5cd...V.n....r.E.3.~x17.. ....C<..;]..43...h.1.g.<x..=4l.Kk..........O.......Q....<K.W.T...S].......`..eDo.U....y(%NZ......J<\S.`...<....0..$.R$...J.8.....Q3/..,@....~U>d.@G.j0.\%.0vvy...5..|.>.@....]...........<.....z3l.<$.!.!..@E..P`...]_U$#....\.zSp..c...B+..B..l.ly.....(7......os.Y..u%..!5..Z.$....M.E..~.J@.A...I.AgC.z..g.?c.O.sh:....fQ.yh..h]..#..3 ........;..x..L.......9...wS.{2.M.N.5.&.y...y...-.{..._4..'%o]U........~.F.....|..@@.....3.........M.=7..yA/......<.N^y...8.F*........3.9../Zt..cA...<........V..c.iK4....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\progress_tooltip_3.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 416 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):664
                                                                                                                                                                                                                                                  Entropy (8bit):7.3611901561562005
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/705s/6Ts/vZBGTY1vFn4D3brB0lG92JFFC/aE8Eq3b8jd7sNksCjz:9s/6EZBGV0A8A08WNksCn
                                                                                                                                                                                                                                                  MD5:FF3D7C0157D5D1D9A28E91FB2A0E6662
                                                                                                                                                                                                                                                  SHA1:F6B73B87D42B63F7BAA5A6CDE25961B6314CA913
                                                                                                                                                                                                                                                  SHA-256:D55C2405879639524333F7262828C370B5331C8A39BE070CCDB888BFB4F715B5
                                                                                                                                                                                                                                                  SHA-512:698830E86647EBA52042F0CCADA114B64C4462DDA153B563662AC6E91AE502A275B498649E3154C7A90CE1BE883C29DDC9AB8445F580562741A2E1C8DD4B309C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...............).....pHYs.................sRGB.........gAMA......a....-IDATx...1R.Q.....Ha...x.z.3....0..h%....T...!.0v..b...VO@G.$.w.d_.. .Vg7.O..,..;....E.....U.......=....l#9U.....).e...^_.........hs.)..$[.rqr.!.....B......i.X.}...S.d........D...........{pr...P...x.{.2.6O.v.i.<......P@.......%8... Y.L?..Pz..x.{....t.|.!.+...Pb..xE... ..V .YC@......C......wgnC...'..v....; ........"....,..X...(Ym....B.X....d?......w.j.T..f/,..^.uT.c.A.(..=8..E.5].e.\yY...........!.@_.sM'm...P@.........F....NtOflC....+.....~.?.z.|......O.....P!..x.{........$W....`4i../..../T.K..{.B.h[nZ_.-!6..Igk...l}.X...x......w..F6y....5....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\spinner_large.gif

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 100 x 100
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15416
                                                                                                                                                                                                                                                  Entropy (8bit):7.756586242434715
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:eK1L3Lk1UyxwO8tIZrkr+8t4vR8O8t4vWn2x8t4yLO8iDd3TCqM1oOiOvL:P1nkKO8+pT8amO8aenQ8auO8iDd3TVMD
                                                                                                                                                                                                                                                  MD5:365D3E659634DF5D5289F14E1855E714
                                                                                                                                                                                                                                                  SHA1:51010713312E23DD9ECBCA17A57FE944A678576F
                                                                                                                                                                                                                                                  SHA-256:651598C518BC9F405F1DBDBACF89343D87B70DD2DFF93A01FD20F96C524E78CF
                                                                                                                                                                                                                                                  SHA-512:2243FEFAC77C3CDC1CAA5E17BB01057A6A343D1852B58B48F7F34610814CE8BFDD47E9E2D3D3D12C8ABA543786E1CEF8E22E42D6159F222F49534C03845F4D06
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:GIF89ad.d..?....)))............................................www...................eee...XXX.............................................DDD....................................................!..NETSCAPE2.0.....!.....?.,....d.d......pH,...r.l:..tJ.Z..v..:Y..x<..(.....r..@{...DL8...=..t[.....6JzhaG5#.....W....kI...E......V........C8...&.U....z.B,..$.T67..;H..?*.)>.T....F....T<.'.F!....G.J...G.F...K.t8..9J"..............c.....x.8..!Z..CV.r.CI..),........t.H...?x.....%L."..0..J.$.2E.7.&5Q.H".qS..1<{.4.a..aD0.h...:#Ls..8..X.G......F..j....E..g...0...!g....a...E..@...\h...em..=...x1..\.By.z,....X... ....U3Y.+D....+...y..H..<9.!....Ac.=lw..?.E@......h\[....c...q..Dpx..M...=..^.;...J...K....P.@......s......)Q...!@T..........Hr..w].0B..|P..,l..mK08....G...`...8.`....w....u..6.v.."LHD...1..C..X.l...T....'.GD.#d.I..*...l........h..X.".)....W..T.d...0...uc.Tn..BV.@.w...b%.e..v^T.U.).h...f.....8..........'&..X&......P.bC...`...$.f:.zi..&.,......B[.V...l.l........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_ext_on_guide.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 176 x 134, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15075
                                                                                                                                                                                                                                                  Entropy (8bit):7.979399641440617
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:B80mK0kjvC93yIZ97t991dRVGJyjz4poyVIor28Z2ci:TmRkjkRr7z9lwJyOoyVIuy
                                                                                                                                                                                                                                                  MD5:2B183B9A55E2A55A566E6DF71751FBE8
                                                                                                                                                                                                                                                  SHA1:F5EDBACF9DEF16D0DF52888EA7C398BF51601AD9
                                                                                                                                                                                                                                                  SHA-256:6965355533AA0487DAC22F5D44CBD72BCA2C2ED2A75558DE725CCF5B8D1156D1
                                                                                                                                                                                                                                                  SHA-512:47FB4AE6DCE69854D78190797DA2536C21C04E34F47CC4CADDF4746CA6B86EC522A6ABD2BCB01D2EF26E378513AB49E97AD470EB2503B345A15A80475768DC86
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............}.......pHYs.................sRGB.........gAMA......a...:xIDATx..}i.].u..o..`..X.....I.+H.H*.Hj1Iy..E......e;q.8.r*..8.b.J.J~D.....r..Zh.2m.&ER....H,\.....`......>.t.}o@,#.g.......>}.t...s/.N..!c...sY..EgR.s..-^.#JK.3!s..Rt6."...zn:...f6%..:6.....g.jU=Z../. 0..,...L.."..K.W..9..:.|...j3.&.........Q....^<g3$.i.<..S..`.Z..?VA(..*-...__.0R.9..|..`$......$.5).T.....7.l ..>.i.x...|t...wMx.w:]..@:i(Hw...N[.l.K...4...8]...7..Ho/..@....T..x.o'.+.....Q|..2....&..u....P.......uC;......,..kh..mHDI......l.....^..C.OH...Hh.$..ei.C..3d...U...S\..V:.t..qH.d...2..A.&X...._\.P?/.......C} ...M.e3..3B >..v..0.._@R.4&.GB.(.<.%....P.y...I.'.T.].%..4..4....ZW.<. g.......H..H.........(...k$o...]...9.d..]7bna.....0= }=....4..NQ..$2../...y....XS.^..l...O.].:.)...E.iKH..S.....%...&"5.4..@M".N...X.(~-g......&..l.......Q[.....*.3.....M.....h.Q..r...0..G.M%.Z._...S.4F...x%4CLJ.d.y.........).V.(.<t.a.J..&=hSi..'.Q.d.l[.).. G:M...)N....l............

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_off.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 41 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):617
                                                                                                                                                                                                                                                  Entropy (8bit):7.439754348378905
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7T2/6Ts/V3SPmQjbXnqipYBFQAztUBU7oMDyREhY15wNpwtgLulRlO7:k2/65XjbXnQkAOm7oxkYqWiLGO7
                                                                                                                                                                                                                                                  MD5:EB828ABEE8EA1DEE90FE34A41FD2970B
                                                                                                                                                                                                                                                  SHA1:9F2C18E1765BB8953F9521FAB6446F730BD9B56D
                                                                                                                                                                                                                                                  SHA-256:9CA1BDAD0200BA81AFC1DEB29782AFEB29D2E519AD267DB90D115BD6136952F1
                                                                                                                                                                                                                                                  SHA-512:E0F40F67C78BF8DC3BE4CDAE824BC9E453977D79713FEC704F25567AC1E23A407C542D9D7B8F6AA9ED9811F829984DD6724784B82F1E658D8B7A4D635E3D3E1C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...).................pHYs.................sRGB.........gAMA......a.....IDATx..Mj.@.._...FA.n....Kw.@....A....jO.z.TO...Bp#M..B6....#cj4..K.0..|$..y.....i.P(t...j...... .:..B.P.5@p74....=....C..;..-.(..........%0.J.%......f3......a8..)..k.*.GvD$..Y.!..{...v:.[8...U:zG..0....r9..b4.A...NX...BZ...d.YH$....,.\..g..."V..G.....d`.\..0..I..6&.I.J8...?...%.L..~.p....AZ....4..t..0.L........}A..Q(..^.w...6R`..'1M../.@.$M.`..u...u...[...n..H..8b.T..^a{h7[..A......&..x@...M.Q....n.A..[...CZ.._..-. ......(JyK..PG.S.I(.)<`.~.I`V......l...O..7.e!..?*..+|<.~.x"oh_..y..{.....M4n......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\toggle_on.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 41 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):675
                                                                                                                                                                                                                                                  Entropy (8bit):7.562211970325794
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7T2/6Ts/bVSd/4kRfv0fBejGezIcHU1xJe4p9HU1VtRPmmgWonwKvSa+BEMR/:k2/6uk/5vu1xJH30rL6vnzvSa+l7
                                                                                                                                                                                                                                                  MD5:D227EFCE741CD468570862CBA8A7E594
                                                                                                                                                                                                                                                  SHA1:BEE60BB46694FBD91CEF1588C8EF22EFBB35A725
                                                                                                                                                                                                                                                  SHA-256:F18F4F91B5C4A6A6C1BF94B84329F7473DD9DB3E3507DCFC5BEE49034DB95FD9
                                                                                                                                                                                                                                                  SHA-512:56E060EB9A6F81BB2662DC6F31364C18B72B4255460F03BC5F8C39EAB29F4EA7CDFDBD082C5AAAFE4A0AC2C8A5C70E0190D536C84960754DEEB487EC81EA51DA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...).................pHYs.................sRGB.........gAMA......a....8IDATx..MOSA...3.XI(i.+>"...F..\ado....d#...].Z........H..1*.@.!.+L.V....L..-..v1...igz2....w..@...x.....z..5:`.....U.W.}..5...^?Oh..B#.#F.I..jY.....,.....F.n.......l.D1.~..-..v2f.2..!....OX..G-Q#i.X.$,.h......c. r..M.}.]V..iB.. 9=....!../..U;.8........Tf.-..5.....>.6;..=:.q..J;..,1.Y{...}+3.z.A..........+.LRtU...S..V.".2...)....<,q .B..m...4h......z.p..".._......d^..:,R;..Q..HM)7...YX ..`|.s..1....Sj.R..Vn....a....F.f..Q.....s,V...w....Qn<.%Z.M|..0...+D..V./7.Z.C....r..}..L.$.B. AmrP..O.....H.r..G6C.&...<..[.....u}.....z....".v.hZ....;..........IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_1_3.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3245
                                                                                                                                                                                                                                                  Entropy (8bit):7.9134385325834735
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:5Sxtw6uF4h1IoiShJRcX3/okKqShNmdXXs8oG0S6Fc:5S3w6X+0XZcsFNS6Fc
                                                                                                                                                                                                                                                  MD5:42B15F32E9F2B2FE7874BC8B5CEC3FD9
                                                                                                                                                                                                                                                  SHA1:0095AEB7A50DAD717D5C831DA04FB692ADCED9F9
                                                                                                                                                                                                                                                  SHA-256:0AA2F6F56226AA14901D0FC02DCC9FE7B45A86F49725C1B638252F90117181B5
                                                                                                                                                                                                                                                  SHA-512:2113BDE6D0E5F0D96F55C1DC07A1351A697B0C1193FDCA41C5E452DFAE38B96E53D717C74A840793E53696D0C3503D8693B403639C30D56955B47DA0787C7866
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a....BIDATx..._l.G......;.v.Z.%.I.(U+..mihCs..@....T...P....."......H..!!.#Q.}JC.<..VT....RKJsvZ..N.R......;g..8N......}$.......o~;.3..B.!..B.!..B.!..B...YQ>;.\.S$..g.3Q.r,...F..Kf/..h.@O$.-R.$$.>..>...e....{.).q...D.-.5...0.Z.R{.a`......$\.rV.FLS.....%6.. B..|v2eD.G...M.V.r`2-Lq.0..m. .B....DOK..#..k.....)N..]C....k>;......).N.G.BV..K..t.T.T.t..BuZ+...Y=...c..V.....0).......8s..41..@-.P..7D.&X...s~..Gw.c..5..cA.......~..}hx,#.9...H_.k>{..<r.Q...Z><......h.1....X/..k..{Q'.>T.R....')T..T.8o.VS,..@R.....0.uPs..SS......E......Y........;_?5.i.g_}.....>.z.U.*.L.^.g..A.C.9.[...\$..>.`Y....!..j76?.....#.^.F.....h.U?%.....{.<...>*.3W.Eu.X..'P'u.T.^2:T..@l......hR.TU*..._.y1.:.[...w.K...U..q.k.k.|../..y.uR...BU..........1%..L.G..%X.L.q...TCu.....kU..0....L|J..........?.x..X-.......Gx...._..B.'.-..l.. .z...~3.f.V.>E_.^.=shk.k.^.@....[.y.(.dU.k.Rajm-......Tk.H.d....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\tooltip_img_2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4647
                                                                                                                                                                                                                                                  Entropy (8bit):7.934941782690532
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:5SrHsLRJGNY3SJ7+U/I+TWVdFP8FFYTq3+Nas4YCiuSuWozqB1phz:5SrHaZ3k+UDiV7P8FFY6o4S/oO1x
                                                                                                                                                                                                                                                  MD5:06438B94B66EEB804C86F363C62BFBC6
                                                                                                                                                                                                                                                  SHA1:CF3D09AC9D952D6FF0A85D0AC9BEEBDA22CE0EDA
                                                                                                                                                                                                                                                  SHA-256:C879FAFA5892DA6841E0EA09F2EFC9F68762E5A4752D62ACA8C9B95828B6FEAA
                                                                                                                                                                                                                                                  SHA-512:38328E330AE12BC31EDEABAD908C86A1C486CEB0D14E9FF946E459D0E88243F3DE0EB603CDB6E31B4CA2EF6BF70428DB5EC54B3C705E3043C9FB0A649E11FDA5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a.....IDATx...l[.y...^.zX..Fvl..:Mj.[`...m..y...Yn.>....(..N.n..`..tK..v.4.....k..c$..Hj.(..nk.A.;.`Z.dG.P.eQ"y....EG.. /....`..i>t.....w.s..P(...B.P(...B.P(...B.P(.#..YI%..r?.b...l...#.~...7.h.......i.@K(.....8k.wE....,......1.~F......./.."e..+'..6].]BD.....F....w._:..ub.P..J%.[...sSksGH..F.x.i...C.me.eJ..k,1.R...&..>...c.4..pU..C(3.FX...6.c..hE.r4!...rq.@...l.nO..P....9...c..V9.j&.0...U`..Vzlx.7..\.5..../D.FX4..4....;.a.;hd.O.E`......^{...X...i...0....&..A.u,..W(3..]....0.t.k.Z.E..h......X...>.M?.Du#...i..Tb...7.......A.aXSS......8h0.g.U8..h8.I..........._.......^.+........5A..i.}.s.n.E7.G.FX..0pH........-..o....m(.E.N..7..P..o.vY.:c#....l.z.ZD.^...4.$=......n....a..\*...?..b'<.3.D.....-P,..q.K........k8...$.R.*..a.{..........C.....KT.;...#/...::.[R.cI\.j]....'.'.l..j`(.1..r%.{..E......2..XTR.....r.t.O.........i...8.7..=.5......k.E..JT..[.Eu5.....0.J..LS@<.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-checklist.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):37458
                                                                                                                                                                                                                                                  Entropy (8bit):6.111535768912929
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:h9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZT:h9DDI6thXjez1jtnA
                                                                                                                                                                                                                                                  MD5:852058901C74A64253F8A30307342E99
                                                                                                                                                                                                                                                  SHA1:43713FAD9753DC649C6203091187371FDF30EBB1
                                                                                                                                                                                                                                                  SHA-256:110D789973B78ACCC07EABA2FBA8BC9732223935570DD607ADB0765C54D39BF6
                                                                                                                                                                                                                                                  SHA-512:2E7803BC7DEF0B614A6C8ACDDFA75FF7BA37B31227E4174549AF8C7782739A6D1B669A9AAEDC1178E0C6A031B1742D2849F3C3713FC8BCDA878D46A7D3A24C88
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Open Sans Regular */..@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXhv4

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-common.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):34216
                                                                                                                                                                                                                                                  Entropy (8bit):6.048936621948461
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:E9DDI1HkcKGBrgXjhvgVfk4rcB7uGzQtn4rZq:E9DDI6thXjez1jtnJ
                                                                                                                                                                                                                                                  MD5:B66C073D57FA28ADB8AC3B4179DB653D
                                                                                                                                                                                                                                                  SHA1:552B48197375DBB8CF21CF946C7E79459B226101
                                                                                                                                                                                                                                                  SHA-256:31DEEB6D972CB0FC43CE887AAB0F8DE07C0871F84D9B5E37A1FE4EFDA871702E
                                                                                                                                                                                                                                                  SHA-512:EACC937F48503FC6BB88D96D2BB7D31EC97EB44228C6F85EB84E952ADF4391A536DA9A2806C113094B2BE7DF582D213AEBDBAABA79922690A917ECF37366F8B3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-core.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26093
                                                                                                                                                                                                                                                  Entropy (8bit):4.77525155455544
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:J+6T4vNmgN8k0+yycVCI6z0jG7RXDX43UMRmvm/I:aDIpQ
                                                                                                                                                                                                                                                  MD5:88AAD1628908702DC40728E4B844DF2F
                                                                                                                                                                                                                                                  SHA1:214B674B1C41884C60BC038B91494CCB4B76A2CB
                                                                                                                                                                                                                                                  SHA-256:841908E604B67209B61219433FAFFF57B5F13DD053A76857D86B0CB424754A4B
                                                                                                                                                                                                                                                  SHA-512:A47D16ABEEBCA23BA2F8476C2639C0CAC2908B5D53A1A416BF276512003FAD9737E45D63F27604A351E75D4AE4F29C2BD3FFDC65BBACAED288C16A31D307675A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Core */..(function (wa) {.. var core = wa.Core = wa.Core || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... //Component.. core.Component = function (name, status, key) {.. this.name = name;.. this.status = status;.. this.key = key;.... this.isIgnored = function (key) {.. var isIgnored = false;.. var startIgnore = this.settings.get("startIgnoreDate" + (key || this.key));.. var ignoreDuration = parseInt(this.settings.get("ignoreDuration"));.... if (startIgnore && ignoreDuration) {.. var today = this.settings.getToday();.. var startIgnoreDate = startIgnore.parseBasicDate();.. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);.. }.... return isIgnored;.. };.... this.isInFixGracePeriod = function (key) {.. var inGracePeriod = false;..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step1.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 162 x 163, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6397
                                                                                                                                                                                                                                                  Entropy (8bit):7.947947094706784
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:GSzkZH+IG8+1lqPrujYGCbSDp98cti4FSwgfYf3:poZHw1lNj9f98trfS3
                                                                                                                                                                                                                                                  MD5:4538CF17F5E72D4AB6748D921AAF47C3
                                                                                                                                                                                                                                                  SHA1:0721FB317398B3F389FC85B57D7BBBB5A5C8EAFA
                                                                                                                                                                                                                                                  SHA-256:CD03355615D11022E11EE57F35A0E994F42F60A03CF9063FFA7AC0321276129C
                                                                                                                                                                                                                                                  SHA-512:D9DC3ADB291EEC7CFCD317DB6D9BE5C662BB25DE22AC8056CEE7B16F710F119392A46CCE4250900DFF59DB4313A6B23FEBDE30240DB9A3244C3B008A49ACC422
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR....................pHYs.................sRGB.........gAMA......a.....IDATx...tT......I2I.....B..-..[.GKJ...+.+.(.j[{..t......O...n..Zc=.........Z8TA..=U."2...7I..w..M.'3o...wf.{.>.h..L2.......K.....V.....S..N...9ts.>B.....Z.G::..e..\.....c.i ..`.....k.J...[.*v.v>.D<.?}..C..p./.@k::.@.S.B..No./.\...PZ/.X....7.[...?.....x.-..U..]PF...Qx:..Bts..\.It.............l.).I....LY..P.D.....G8.....#....th..JE\..^.:1.t..Q|^Mk...ek.2Q.}V.o;..E.IR.#........u..`..!.....n......`=.)..N..2..ex?.. ~......y.......`M.0..a...m].J..k,ik...W.....Q.......O..0.m'H[..X.LP../.z.......y.F.6.E..l....`......K.H..1.6.......o.....9W...-,"&!..[9.....w.......=.f.......(......2Jy.l.F..7.U?.......>.u...WY.][V.F..j7.:`.X..g6.[.Z.Z|E.....)kk._..X.....nx2.2.....6v..V....b...\.Fn....W....[.::.%.?H.5.H.C.....X..h..1.d..3...gPb,#D......I....K....#~..*.....>\..=R.9~l..D......w..2P[..%..B4\1..+.... ..@..c.9@.....iG!........d..'}..F.D....m.(.....=v.lz.:..N...F....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-step2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 162 x 163, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5418
                                                                                                                                                                                                                                                  Entropy (8bit):7.941310197666969
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:GSscx0y/nkoEVlqHdvygby9KULounF17qTN/Sxgn7ylwgwIMyce:GSscKy/koGlCdv29hLJqxiEybYyv
                                                                                                                                                                                                                                                  MD5:A1373F9C03567C27AF0DE96E770E45B7
                                                                                                                                                                                                                                                  SHA1:A97E90B04460E4AF1D8425A9D9716782739C79B5
                                                                                                                                                                                                                                                  SHA-256:EE56D3790702A7A91CF1BBD73326E6852CDF648C77249876D8D4410D5E1DD52E
                                                                                                                                                                                                                                                  SHA-512:D65BA6F131F7EBAD0267FEF9BD555121429852DDB58F1D51CF3CBC800114C93BD8BC50CB06437BA999B7B585E943930CF7AB8A65632C1B9BBACBE5627027BE3C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR....................pHYs.................sRGB.........gAMA......a.....IDATx...S.Y..3.........A...6,.{...{",..a.=Ll.,.....8b.....=..r.eo....o{..........U..R.T.{U.*.O.m\.!.2_.x..4#.._Z8......C...U.M(.4=....St...S..<!, ."".....-..6.#P..j@X..*.QG....sU-V....+:h.../....F~8.."..NU....|......L..'D...t.....Wt..V.&...@.v..$.s".8w..d.E.{....A.p.G6..2.Bt.....O.h.F....4..f)3%D.d.7..,...d.a)..r....r2!...El:....)...wMi@9.V2.Bl...L....r....c+m.L.....#..J...*!j.....\%.L..9.iNSYT%..fh.k.$.5.....5QZ+Mb........D.X!zIhsWX.E.(..:]y^...8!j7..I...$......k.F...s..*<O..@b,bZ....u._.M...k=+.M4..i...D...t..o..$......E5Q6.....3].i..o...}.3...3...1......;.(..|./.U#.b.h.......Jy..XT..0f.....Sm87..?l|..Y._.k../....?.AY.,.x....q...=Bc...X.... .2/...pQ3.j.........N.n.C..E.s..e.O......Tr.'. . f.(-":..&J.n.]..........K.h....$./...B.E!.".H.).X.8..Q.?.c.....|.h.-d...?.5........K...1....<..:_...d..d....h... ..c.BlUJ.c)........... .T..1Q.1R!.'.l..ai...Q.1R!.&..R...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-oem-ss-toast-variants-woman.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 261 x 265, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32309
                                                                                                                                                                                                                                                  Entropy (8bit):7.9804976554334655
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:7NFP/8lSUsE2h18x4Su69ZU+VJpszMXneyg5PTg:fP/8lSkLd9jpszGneyg5U
                                                                                                                                                                                                                                                  MD5:FFEBD5099333A2223979DDC7AD6E75E4
                                                                                                                                                                                                                                                  SHA1:5BE640F0A871C4B1C9B2858ACDB8795B96F44586
                                                                                                                                                                                                                                                  SHA-256:4F80FA15BA8934B3E4612BAF88F1DD2A633A1368A18F4F592D17FBBFCB635851
                                                                                                                                                                                                                                                  SHA-512:359A50BDF3CAC8AA7B4D8CE42CB83F52CFB61AA969EB8B258F09B9BF1311C0B7FB3B974CEDEA72A0B94FDB0055CDF1F7489390E492F07547DEBE75B2EE5FC728
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............T2.....pHYs.................sRGB.........gAMA......a...}.IDATx....\e.6~.[.^.g%...t ..H*.#::iFG.uh..7..3.gQ.HG....F...g.q!......."J.i...v.$.....{..9oUu.;.Iw...._..[.}....lD...0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.......0`.!..9.e..."O.B'..6M.."(.rQ8..E..9.....\.*.........:.$.Q...C...{C!2p.. .9.....o.I..D!(.k.A.L;....&.s..).Q.-.}+....B.....m!.s..).1..A.;.o....T..)b.a5.M.....\.fKA......Z..M../X..?/p..H..%...R.#`w...3\.G....t.L...Kkz..!20'`....[....U;M?.p'.....{.....T=.R.rp.....!......07`..U....)}.F........k.j(d.j.LR.l".."..d..aX.U..6.z'.B..Bu....&...,. }#..Z..B....D..f/"..X..0......P....N..~....@U. ...>u)..!.J2P.0H.....c({.q.......A.U.].z....z.202.R.>....).A.U..0..L1.R.:..2``.a.B...9h......)T.2...:|.........t.&.U........H. .._....7.........3.6\&..[.^;.....d.*a&..FA%!0V_.,].x<q....w..[7..%3S!Py.9c....0H....m.#.....v!......xa....... ..z!..@Z........F......w.&.....K$Q.U......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-bg.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 300 x 584, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32345
                                                                                                                                                                                                                                                  Entropy (8bit):7.970403798736529
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:b4L2222222222gBS2222jbjKQiIlGtteBfKZiPb6++0SqnQcI:bybjbBlGzCCI0qnDI
                                                                                                                                                                                                                                                  MD5:EBE97C44DDCD9F77F1BBA3B2438385D5
                                                                                                                                                                                                                                                  SHA1:42648E15E7B62FCEE58CA5EAAF0CBD81A63E35C2
                                                                                                                                                                                                                                                  SHA-256:26EF082565402F86EB018C87E41473F4FB2D52EEAC73B9CFD8FE81D51931AFE6
                                                                                                                                                                                                                                                  SHA-512:552D36347A3943830B04A4DE2D0E4E2032A9A108203E824ABBF16595781A2A19CAF36FC813422AA6F4FE74F4B219ED376305D424E0CF17332397969E26DFC5D2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...,...H............pHYs...%...%.IR$.....sRGB.........gAMA......a...}.IDATx....-.f..k.c.........l................RO...x.@..A.R.......Q....\.*......j>.HYVdCuv.1.#;.y..W.zg......De....|.gE.,+..:-.......<g.e...>..._._a...V...+.@F...6hJD..+.H......m..+.H......m..+.H......m..+.H......m..+.H......m..a...U......l..6fW..~.T.J...zy.]zX..(...!.*.g./ _.9#......GPH.#.....(?#..c...k.6o.-..e._tO.Mk...'.B..W...V+.. ].N5xW![.y...~.vx$....U^K.....~.I..GQ&.w.{ye.l.6.hug.ff<V.HD&....e..r..Y..L.F.j.....I..9..+u..@...._..lGWN..l..J.H$.F>%L$..A:.D"q...J$..A:.D"q...J$V.O......wbm7...g..\..5............a...QS...*..k..4....3Y.:..ioq...VN./K.b.S.../...r.o.]Z.(f........(.........p.#...E'...J......j.&.......AG+....X.}%,_.t5.......T_.C.<...!...C<.>! .._..#....3./K...#.Q.@.b.iz@..U...h....&.5nD..UEFQn<.nu..qVz....k.-......)q..+..0..V.E.....h/.....w..+.xu...t.D.Y...5.(._f..Jg.......;.8..".....C.j.f.U$...tw........0.H......m..+.H......m..+.H......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-checkbox-checked.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 26 x 26, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):550
                                                                                                                                                                                                                                                  Entropy (8bit):7.365785777829338
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7X/6Ts/Zxu2I2vTmxfqMm1xZjwZh+YVZofYnTZZg2DDb7:O/6UxZvmtmFQ+YVWwFZg2v
                                                                                                                                                                                                                                                  MD5:CFFD59876BEA5DA102DFE5C50782E14A
                                                                                                                                                                                                                                                  SHA1:7A595D0A3E0173AA809662B0A5F83D3287DD31DE
                                                                                                                                                                                                                                                  SHA-256:22AC71BF547FBEFC2283435A497C80A69156A11C891833DDBCF417C101504D6A
                                                                                                                                                                                                                                                  SHA-512:3E7167EB0C6A61FE607DB78981B4DDAC4F791F7763428EA68062B5C93B7ACCE205595881CEDBA1E6D415237F0954341FA2D947A5D3D9FC784B9BB9FB096FE41F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............JL.....pHYs.................sRGB.........gAMA......a.....IDATx...=O.P.._*:.+.M.8..@G...uq......!:I...+..(....N$.ap.V./.k../..$Mii..{.7.-.....@......|..\....Q....-"....u ........<...p...;........pP.....Y..c.V.......4..Q.... ..!R7...dB..#.(jB....u.".....HD./Fy...=t".1T.k.z9...C.Q.P.v...N...kn.Y.|4.....\T.t....7....!!..'....F..b3..T7!l]..\......%..y.e<3i..x.V....Y.6..NA..^qL.i..).}..dni.[d.q.sKc;.^.....M.CalH.a...8..y..y|.g.\+...52...8.Z:.......<....5.-.6.,F...%!.=.($B....~.].../{......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-checkbox-unchecked.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):296
                                                                                                                                                                                                                                                  Entropy (8bit):6.650770439855377
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPZ2/6TsR/fQjojnzBBtSuJ6arOa04YiAoYNvuuzsVc/jp:6v/74/6Ts/fZjnzBGuJBia04Cu4/N
                                                                                                                                                                                                                                                  MD5:B0965466603DFB1A6A7009873BB14424
                                                                                                                                                                                                                                                  SHA1:098819CAC978EB75AE5962D17009A8E0F88BF0D3
                                                                                                                                                                                                                                                  SHA-256:C842640AAAA593064CE50946E600B6D18D320B9B728F4E26D9C634761D88F622
                                                                                                                                                                                                                                                  SHA-512:6F859EB75FD3CCEAE302C16FC29B25052AE91C28E3D3306AFD10323AE6618122C2CE43D45215EFB2108D8FFAEA04B7B93AFAD976A9CF6A1D410F0CE589CE08DB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a.....IDATx..... .E....A7.Q...t..@70N.e.'...@.......?n....s....q..a.a..1R.G..h.....j... .....s........_Xk}VJ.....m.O.........|..>..-.-.........Z...n..4.[...9....E..mv..../}..Q.+..I...ZP........IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-green-pc.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4352
                                                                                                                                                                                                                                                  Entropy (8bit):7.936868086263868
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:5SztgGRFF3naAmb6OcDu2Y+rOdlyhreiigpekbx8b:5SBj93naAmWOcDuHuhSiZDa
                                                                                                                                                                                                                                                  MD5:08D943758F483C9EE8BFBF0640CD101C
                                                                                                                                                                                                                                                  SHA1:0000FF8475A54933618D517B45765FDC893E97CF
                                                                                                                                                                                                                                                  SHA-256:E8212768A46B73CFA917727B1B01649F4D57748A4DA3D237902E1639C1E71DA9
                                                                                                                                                                                                                                                  SHA-512:5A981900ED3D49B86EAA1CE1EBD9B8A380CE3EF4AA055E4C6395B957AE3C457E1D64C936573C8F105656A14C4DAB3D5356A4C37EE2295BB7B3874EBB37192910
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............<.q.....pHYs.................sRGB.........gAMA......a.....IDATx..ml[.y....II.DKT$[vh.N.tq.$kltk..6.X..[1`.el.......t@./.}..a.Pl...K...S.E..V.4M...&}...v].HI.H..==.h..I......3.x.b.\..<.y.s..(...B.P(...B.P(...B.P(..N.A....6P@l...@.l......O.f..F......D.<....l\.<...h..2.<#.r...j`.%....<:...V>{+......)......u./..=.O...!.ZX.....>.4.$..yOFls.q1...E....$.S3rb..u~!..,..x)..)..O3........@e.(.._.......b...N.0..i.........k..JX.".G...^>.7..FX..k.{]..y.1X<9<.. ...+....w:.....z.e?X/..S.......j.qM.\+.,....b..*i}..j,.h.H..U*.S.Z/.ES/.Wy...K.....)...R....BT..D.[..]..5Jc............O..I.BX.+K..x.:.l>.k'X2...x.,!........w.Nx.."....W.C.......'G...(le.W2.s...S......./;n......>.B....8....E.O;)0.u..|.1..K.....Q...H.AX....;..&0.....c.bw..p.G..4.,......p...<~....{.=..&..'...c...j.O..$..8.3.R.}...9.O...!..]..~M`.m.>c..).r4..p........f._..Z)....X..e\.WC./.~....r.qKW..V}\.......=x7.P....@....?.=9-u..y.+..P..=..f..Jy(...X....]X.....F.B.#

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-logo.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 200 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3472
                                                                                                                                                                                                                                                  Entropy (8bit):7.914294719380596
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:0BOO0xiRfpQu8pTvaIyE0E+y2Y5NTIMDBoY9I6ZDS9vH8C9SHZ/R0Jjnjc7xa0Dx:CryTvkE75NTLOY9IuS9vcCnU/DW2
                                                                                                                                                                                                                                                  MD5:DAB5B1667C76E51B013C1C4AD2F7D532
                                                                                                                                                                                                                                                  SHA1:49375ECB91B075E06624BFB5FEDB3A0DC4F1935A
                                                                                                                                                                                                                                                  SHA-256:A4B95F7D7A776BBC6A84997A601993D3D4E0EC66B48F7D1DBB816497A248A24E
                                                                                                                                                                                                                                                  SHA-512:843E8852408E5962C9FE62EE2441E3A41622CC929CC22AC9C692B5B9C8CA9D912AB143BBAF274899C59132A429B9032BDFADA51392E221F6F98E25C3DF0119B0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.......(.............pHYs...%...%.IR$.....sRGB.........gAMA......a....%IDATx..]Mo...~g).,..]... . ..(P;..T/..R..z.....Ut.n*..\b.?.q......-P.P..P...X{..@.AW.Lq..;;kQ..~S.e>......pv.y?g......^...=.Gc#%..v{.>...pbb.n4V.{{{.E...2gl...iA...I..Z3L..O\.|....9..^..Y..ax.....'o.g....1........-0$...-..i.e!......6....u.u.I}."..A.....xI.......~5...~....|......L......y..iBB...w.^...]R(.y.q..T...}.3.4.pf.Q.A.)...../..kmp..$9.Bg.?....."...=....G..W_..?.._M....;H........g5....r..g..... .....jA.($.o.y...7*)......c..)..T7.h....W I.{.5#I...|. .].p....Op...\.q.,.@.@.r7.Q>......5{....O....."...#.L....]..-.U..\,iZC...|.......i.s..-d.R.....4...(B."51.MB."..g*.'.<....e....8..'...!Ks,....i",A\.D.............{.U.0......:..x........~.P3.x....x..o...,..-....3-.{..Q.+y..+m..!...m.$..|..U...H...O@...8..rQ'.J......@....^..P.vvJ.....L.......m_..s.$[...dK.}...L...~8...../^|..U...x.De........>..jk.r.saK..\.:..".....3......S. &:...}....T(..?......k....Q".....^.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ss-toast-variants-window.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 227 x 301, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6759
                                                                                                                                                                                                                                                  Entropy (8bit):7.889394285207192
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:ZgNNLlmxVJnzXmgYshy0/MMA+SJ3zjaVDRL3Y9M8jX10ZYUQhyG:Zg/lmrVXnPVkzJ38dL30M8X14G
                                                                                                                                                                                                                                                  MD5:F17683FB6249E0FD8188AB2844EBA5D2
                                                                                                                                                                                                                                                  SHA1:A084098F96F87604F96737B202935BB1AD023F71
                                                                                                                                                                                                                                                  SHA-256:A0977CF048480EC62B8CF0BE174466A31612C21CD57C20A28DF69EC7A465E8B2
                                                                                                                                                                                                                                                  SHA-512:3E2406EE7F4BC41059D4F5ECEDAEBDD0377906EDBA31423AFF86163C217DE47181201272641688AF52FCD00F10BC3F0D90A819D5F48868F598941A4B8BED32DD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.......-........<....pHYs...%...%.IR$.....sRGB.........gAMA......a.....IDATx...{.T.....~.L......pI"B...M...j.+HRV...T6Q....M%Z...U1.....q.&fAQ.a)...DA....0.# ....=.......3w.=..{...p...L.t.4...9..;.^"....:u.Ot...D...[Hy.\..<.!...R.~.#...;wP.j........P.....Cy#.#..m...y..o..F....w..]..uS..u-.,.Fs:.;.|~=..].R>w...g=Z..%....4.....x..9y2.....sC....q<.......P6.Ea...k. .4.:...r|..._..~.0..`..@3.y......,..u.#.O|].....ty7.7.SU.^......... ._....~!B...S.p...].~...y.^.s..$D.......O.g..z%]...............~.n.t.^:0Ju.X..n....sd....0H..:6../.q........?T!. ..8s.~..HM?.......)?.....dB...xt..i..;. ....A.d.|...........)A.^..?.1G.j.R..&.........w|..0.O...._...8..9..0....x.(.:..^=.....3.5|..B./..`......@..vT:F.k...!..}..... X.P.<6,......S...t.d..P..J.;..W...|.."P.....S........~k.........._..W..T.fr ..z.=...^T...T.u.}.qEu...=.}.w..~.&.x..jm.VD=A,..V!.G..g..".~..}^R#.Su..S...8.z'..0.....@...@....8.. ..6..@...@.^..r.....Um...~2.....1M...a...a...a...a...a

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-sstoast-toggle-rebranding-grass-lg.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 262 x 206, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):14880
                                                                                                                                                                                                                                                  Entropy (8bit):7.950282493364645
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:LA1gTOQhDAZ8uuVkJ/2hWTEGdjzZkPZa9HS0SI30pNceqnUk0d:SgxVu8kJ/TEGdjtAQ9HOWeqnUk0d
                                                                                                                                                                                                                                                  MD5:FD7583B7091CC8A4BC321D3CD9CA4986
                                                                                                                                                                                                                                                  SHA1:DE974AA0EB8A39AFF09AF8C9E4971EBC26D35ABA
                                                                                                                                                                                                                                                  SHA-256:D0CC78D7C65ABCF0A5956AE2CF63DFD1CD8B3F9C3543D6EA307B20E218B58D6D
                                                                                                                                                                                                                                                  SHA-512:9067272C7F83C83A3079069AACCD181AB8D06923F98035C1A64FD06140AF23CBDF010927E1E7BB907267769D9FB832FC0053A4BEE8C6FFE2432DCC9CCC0ADB75
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR................Q....pHYs.................sRGB.........gAMA......a...9.IDATx..{p[.}....A.!........?.8..4..i.m.X.6.v...m....a..v.v..:..ifkgg.z..X..nwvv,wg..d[..&..t.glY.C.$."H...{.....^\^......x>..I..!..{....w~.@.P(...B.P(....y.(..f../O..N2...`..%....,3..4..a(73}..(|A..".|./...p8z*..u.....7...o|..(.B.."..../..?.G.....)..M.^.>..;...........E.a.~z7.i......J..'8...{...r...Q.."........B....2.n.....E...=.GE...1..'.n'..D......L......+....J..]....|...G.87..%..P.......w...C...`ya..@..Q,...&J...#jhu.....h.R.;x.q.....\}.....EW#.a...a.X.;...(aPt=...C.aX.|..c8...EU.0(z.........W^Cu.0(.G^3...@..%.`\...#J...#.....%....db..}.3&@...E..>..Y4....2$..(...9p.F@.H.....4......c.."j ..(..{0^7..e.........5.`6.o...[.."...K.r.....#bo.U,..\...X9.B_..@.W..`.:..X...?8._..q......Y.r.0(....i|.t.r_.L..}.A...l.~[Y.8L.^..AD7...v.o}%..?.....qK.T...G...Z.<....P....Bmc.{.....~.O...x..D.3.(..|T......x.|....F$?m...6........;.ms!T..,..8{.|..H..JTD.S.....x....2..........i.V(..F

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-sstoast-toggle-rebranding-grass.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 276 x 275, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):19622
                                                                                                                                                                                                                                                  Entropy (8bit):7.964460896615546
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ZCSTirkma9GdgvgI1QZB22IVMEyndB+cGthWFRi7dlQYNx:firkmawGYKzVc+ptA0dlhNx
                                                                                                                                                                                                                                                  MD5:D1592D005A64FA7F6D7BCE9399A21535
                                                                                                                                                                                                                                                  SHA1:571F4B18460FF47A95A77B8B4CFFC43665132586
                                                                                                                                                                                                                                                  SHA-256:B3FE3FA9475C41A88F736AD8313228DDF33412CDB55032AB66E0C40267B4E7D6
                                                                                                                                                                                                                                                  SHA-512:D5700F93B24614B6C11CCAABE300AF02AE8075380EEE7B596624F77A80B32D648D203DA006D63EB9AD35AEC3E185DCCCC545EB812D47D777FCE4D17DF3788FB7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............u......pHYs.................sRGB.........gAMA......a...L;IDATx....\..}.{.Y.&..J{i....$@.-..6n..,.k3Lw.H........t{........7..........1=..Xt..L.%.L.1X.-@...v.J..5+....s_..Y/.-y_..G..eeU.....9.....d...N.....H7..}.,.4....7M.F..W.~u...".P4..;....f......8.:b....p...~.,(.6..4..?..MB.,......(f.E/.T..(Ai...<5h...t2.=q..D.b.t.H. e..+{.r.......a...2O.Q..T|......]..X.d!..W.~. (..%(.....3N...t....X...dBY..1.^..5..(...Wr..]1..K{....!.J.,.3.p....C.<1|`...FQ.(Ai..F..}....6.....~.*........$P.=JP.....r3..\9sNj...A.Vv...>P.5JP.9`..l.J...L[.h..,.@..[..(...:,._..S..@JT..%(...t.....J[w'._..2AQQ.O}..EQ....h...i. ....xj..u....+.,e.....5r@....%(..Y.%..20...?c.D.U.2.R.:B...3h...^..c..D...E....JP...6}y.B.U.R?(AQ.B........@.JC@...(*c.....a._.(Ai......T..r.%eM/|.QQ;(AQ..e...s...4.C..y..4..8.B........Q.~..P.<JP..b..!d.O...=..h...(..%(...8.e....<T.hL..4...GP.<P87..;OEQ3D@Q....5t(.8...3i....5f@...l3.4Dum....(.$D..[\&8.....3....@..f.PC...]/<3^."..L{p@.F,^.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-sstoast-toggle-rebranding-step1.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6756
                                                                                                                                                                                                                                                  Entropy (8bit):7.951030240191849
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:pS+9td5bblCdVjUvfClRVD5BOj8vdEH0x:Q+9tzl0UnKp5BViUx
                                                                                                                                                                                                                                                  MD5:D06A434769F945571023E8769557B8F6
                                                                                                                                                                                                                                                  SHA1:BDBEFB036EA02A0CFCA1F2A508097D0AE90AA7A0
                                                                                                                                                                                                                                                  SHA-256:0BCE929EC4011A5D69B37DEEFC5D197A6934B0B3FD369B7E94B48AE3EBD924A3
                                                                                                                                                                                                                                                  SHA-512:C8D9857187F5EE14B2E57EECAA158715A0CC750E063DF1ADAC33AFC4A12CE86E905E2633FBF51C489E5318763C5347A5AE1BAA3EC6CB4D4281625E61A215EC8E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............B......pHYs.................sRGB.........gAMA......a.....IDATx..Ml....g).u,.Y..j.....i...b'...^.\....Shs.|........l..zJ`..].zI.%..:........a.u,...B.....]......V......}........w.^3...Z....SSS..m..&....a..O>...!..q...v....'.w....y.0jx....U.....H..r......{...}.W....}..$*...k...I4w^..g...W.....I@..q.....+..B..8..{.3....Z.......C..eX$.H....0:X(..A"....e8t..$.mW...W.?|..?..2??_.f ,.>.0fff.....*@.H!..,J..I.4+SO..f.b<~\...,0.>aX...<..f.^...`A6...c...`:..Hr..]+..^.........U..F........_.Z..f"E.F....E.1....]$...p..R......._...2Q"I:j..c...~Ke.:>.....#....2;;[...v>.w.i4..@.V+....b.........o......v.&...I..p.p..b.b..5.......L.R..y...]p8..Qy1;{c.R...I\.pEq..U....!..;......`.C.8y.I{D..6-.0...Ht...x\..]..GigW4..E..iP,........S.....Nqx....`...d..N..l.X..E~.4..\.<Y.'.?."q........Ac.....c.....".0h.....6."...>.q)z...P.@q\.(.<I...SQk6K@b..a0..9v....m.F....{.h....!.....Q..........b..B..<?.Qe.D.6.)r,BH.k`j...P.1..."^.QR...K0b..H(z..f.......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-sstoast-toggle-rebranding-step2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 201 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7617
                                                                                                                                                                                                                                                  Entropy (8bit):7.944155200733493
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:pSsseu8KqDq779ZHPEKV0CHg8InzYJsFMOr85A3+YqtSfw:QWuZVpZH8eBHgDzKsFTr4AMSw
                                                                                                                                                                                                                                                  MD5:94EA6CDA5A520897E4D0ACF2A78AA7E3
                                                                                                                                                                                                                                                  SHA1:E15726ABF5DF7E9E0886C818ECAC8224ED745649
                                                                                                                                                                                                                                                  SHA-256:CCF6F60DD727767420FDDA34154F9338E8EB1237CFD43B66D55939AE28DCDEEF
                                                                                                                                                                                                                                                  SHA-512:443881E06CCA839A38244ABCBBCD122B4E1F9E81F249956007E935457414390190E431A89F8A5B89E47989757724871D7A2069F98441712F21E4A4CC92D34A69
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............B......pHYs.................sRGB.........gAMA......a....VIDATx.....}..g..]I....-...........A`...F]...z..4.....<h.....WK......A.P`W.CZ[.RI].q......j.&F`..Z.83'.7.....9s.......p..........H.../..~.VI/j..Y%nA.3...l.cn...r.^........u...:\|0.1.......:...V..D`@D......2.Z.2YE........~R..g........w.~..h.x.C".Hy.l.3..,^......6.nY..K.m.(..X..{>....6..!.(@Q|.T.^....g..3u.r.k....g....?h.<x...HH$..0......q@%.."....f....iB...6.C.H....U.^.k.I0.L.H..v.*RH'.h..-...."5.6..s?Z.F......m5....n-O.+..".........use...T.........*...u.....%2K..6....6..f...W..2~..z)e.4Qc1.keQ+..J.......].....}..=..&L.S!..K.I..}1..^cB.....w...GS....u46+..#..x. 9...w.2...D.$1q.Qp..1....Y...x.....*X..4.h.ENt...+W.9..e"E..88. f..B.h..4(.C.>.../.I.&...I..@.JT.....6.........E.#.`........[G')....`..w..S.Zw.@T..ah...(.Q.............^$._..r.zD.....i.0wj..1.G..E1..b.....{...?Y..).1....[k....B..P....&...x.L-.uA.....W..;.`k.7o.{.7..e...#08)..-s`.]Z...?..9#W".7....+

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-checklist.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9632
                                                                                                                                                                                                                                                  Entropy (8bit):4.045654384803325
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:jUSSVnGzSsn2hwPYeTZK+GzoulH8OJo6Jbtyxo9+jRusFRLLDeWn4e:ASSVGzSoJweTZb6JbwkEukZB
                                                                                                                                                                                                                                                  MD5:AD9F6D74C87EA1132769CD664291BA96
                                                                                                                                                                                                                                                  SHA1:CE0EE3C4BFD3327C6ED6F19D50252619EC78CE06
                                                                                                                                                                                                                                                  SHA-256:ED584F3EAA82F35F195C7ABF92E8D211BB76512654F3CE76DEF554BDD211C27D
                                                                                                                                                                                                                                                  SHA-512:91DCF88B39DE827047356B2B72380B3866E13301E2A6BE15B53793933014CBA567D3A051A81BCA39CEBADFD641755BAE1A5C09DA4616F1B842BB3B3E6201CEE2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* CheckList UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.closeDelayTimer;.. ui.CheckList = function (options) {.. var el = {.. $checkListWrapper: $("#wa-checklist-wrapper"),.. $checkList: $("#wa-checklist"),.. $messageWrapper: $("#wa-message-wrapper"),.. $message: $("#wa-message"),.. $messageImage: $("#wa-message-img"),.. $closeWrapper: $("#wa-column-four"),.. $close: $("#wa-close"),.. $logo: $("#wa-column-one"),.. $state: $("#wa-column-three").. },.. checkDomLoadedInterval,.. animateDurationInMs = 400,.. self = this,.... setState = function (options) {.. el.$state.. .html(options.state.template).. .addClass(options.state.css);.. },.... setMessage = function (options) {.. el.$message.. .html(op

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-dialog.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4238
                                                                                                                                                                                                                                                  Entropy (8bit):3.7823688858786118
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:kZ2B5nzQw2n95lN1i1BMHiKHzReZDeVBvwCh:kZEe0fIpHNeZDQBwCh
                                                                                                                                                                                                                                                  MD5:6511C984D3369BE3BD0F02FE28DBDC57
                                                                                                                                                                                                                                                  SHA1:B1486826379412D50840282F708D08D85B30C35D
                                                                                                                                                                                                                                                  SHA-256:C6BE3E68BA49079B739CE7A26C31862B10B00D129092935FB31CA7D17727DF91
                                                                                                                                                                                                                                                  SHA-512:D94B0A67C069B12B307B8B6249848A48029C8F7C85FBCBFD133B6C22990E1FFDF05A93D3EC2AB29DA3461F634C1EF9F82EDFBBB8E50D92CD9B52A859806AA40B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Dialog UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.CheckListDialog = function (options) {.. var animateDuration = 400,.. el = {.. $dialog: $("#wa-dialog").. },.... create = function () {.. clearDialog();.. createHeader();.. createContent();.. createButtons();.. },.... createHeader = function () {.. if (options.header) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-header",.. html: options.header.html.. }).addClass(options.header.css));.. }.. },.... createContent = function () {.. if (options.content) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-content"

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-uninstall-icon.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3395
                                                                                                                                                                                                                                                  Entropy (8bit):7.880811480479431
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:WS0DKX8AWw5a9tRVEGCtbiHX+VGIGW09iYl1Avo:WS0DnAH5YRVItSLjIYDco
                                                                                                                                                                                                                                                  MD5:E423607709409638253C24C3688A88D9
                                                                                                                                                                                                                                                  SHA1:8ABC653F71614F6B707B01862449FC800D27EC61
                                                                                                                                                                                                                                                  SHA-256:3B7849200BA0C2EAF22C3D111DAB6A630A00EA4A6EA968344EFB900E79084E4C
                                                                                                                                                                                                                                                  SHA-512:BF70D4EE71BB441C7C36D0AADBB73C68B089D7E431694E54FC1606FB5CEEB8A30FB50F28FB5BDF5815EEC600364B0AEF98F57C23C8C160FCC704728918886259
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............>a.....pHYs.................sRGB.........gAMA......a.....IDATx...r.G..O.H.!..6..@Y.[..[./r..\lQ[......x..'`.....r...T..\d..m....X....56..K..9c..}.4.fF..U.I3...........B...b...3..%....c1.<.....x.7r..s...`./..<...WK&.......0v>?.2.%..4..y.....9. S..{y].9s&..#...>|.......\.Ry.4.G.3..9.=66....F........c)..Y.o.......b.....w@..-....q.....]....`,.bH...A.&.)....\7....79]...b..(....5.W.u}v4....!........:*....."..]c.*(`.)..u2F...).m.+x.f@BF..67.&&&4....@..;mn..+'...."..~.....T....[.......5.._.@u}o4..,..Ao.!.?.Gl...,f.......[..Uo$...'.{KO=.............,x.'...~p`.&...I.Psqcss.V...0..H$.O.A.......@.{...\..4.O.,.W. ..3...m.H.w..D.H..T*..6LQj.....UE...w..|f]..Z.q].Q3...rN>.....J]RU.F....q...~......./p...c3......{......L.+..............9v._..:..h..@o_....p..9.3......p...?....G..F=z.X.....#.1..A.?Rz}..I:....T}7..V.?.R.....X...Z.....H.C..OU...Fl.....a..?.......n<.VWA-.~....x.......{$..I..V..X.AU...^.|Ys....T...c.`...hg.......vy...{.v.......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-utils.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16591
                                                                                                                                                                                                                                                  Entropy (8bit):4.4196633349386865
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:BZwBjFVz+j5csy4h11lidEaCaNz4UcEm7damvbat2RSFZC9On/P:WBQj5csy4DIE3oUUmMmvbaHH
                                                                                                                                                                                                                                                  MD5:DB8946366F7FE015D78D693B641E9BB6
                                                                                                                                                                                                                                                  SHA1:977C2A6228E318AC970A149FFD1EDF22D2117C9E
                                                                                                                                                                                                                                                  SHA-256:5534A02FF547945751DD3509DE7A4D5A651C0B15AD22E0F45877E7FA1DD14676
                                                                                                                                                                                                                                                  SHA-512:50F4C324B026749E6125DFAA0E0505237B283B6162FB1912A222F85FC3865B2524F2AD3798237154C83FE0807523318E1DF89EC074A7A17DD8CBE24DE259926C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_)..};....(function (wa, lr) {.. var util = wa.Utils = wa.Utils || {}

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):558
                                                                                                                                                                                                                                                  Entropy (8bit):7.494810764492959
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7iIHftwTmWkW3O+xbR/GfmNFycqV7o5jNiXrj0IGDfjo/1:zT5+aVefmORm8bnGD09
                                                                                                                                                                                                                                                  MD5:F8AF1796D709A69C3FBDD16822596FD6
                                                                                                                                                                                                                                                  SHA1:D216CB9A49EF4223138BE20D027B3ABEEFAC7DB0
                                                                                                                                                                                                                                                  SHA-256:055E07F760351C3F33E708E4720D5A34A60ABD8D13F2FE05A473DFD5ED9714C2
                                                                                                                                                                                                                                                  SHA-512:FBD9C93490B818798F4614E6EEA7EF9FA05D535F50071806E763CD9EBEE478559F614EAC90720E4B5F88D803DB0AD459F1D1C67954C2C379B1BB435CCA74390A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............H-.....gAMA......a.....IDAT(.u..k.Q....1&.k..T..bO.K...DP....I..{.PRA..............QA..J/....eM.tS..7..v...y.7.7.f..R?......W.......N.....G...z.N.a._.X=.sg.5..r.k....Z...R....[..X..W....N....v...H.1x......L......R..@:v.w.....W........v.lc/F..b .C\.:.[Q.`..E`.L.J..!....<..m.q....R.&...""%F(^M.`..e.,N..q..y<.../.O:.mP..,A.QrZ}[u0..,3...S.K.\.EM5.!mH......}N.+j....p.O.E.......[..C.\x......nMi...~%.vv...|8...y.xV..v<ZZu.....y]@.1......]..).6.M.'.'.%o.T..5.Rq8..l..;...Ha......5......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 14 x 14, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):785
                                                                                                                                                                                                                                                  Entropy (8bit):6.380231936591206
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:nmwBSRPy8iSvgv+aYS0NFVO/6cgDHNUPZ7SCOr2zhxNoEMBxNB:mwBSRVL4v+/jNFVO/6cgDHWhbOKHCEIj
                                                                                                                                                                                                                                                  MD5:5367B11C1B0484E2B64AFFF761DB5B69
                                                                                                                                                                                                                                                  SHA1:CA05EC2A55FAB6A4035920C38B6FF198044DA594
                                                                                                                                                                                                                                                  SHA-256:1CAE0E0663BA559CA8FE7AD3A1E07AB23AB9E3DBADA1AA572AD9C2C5D51D5627
                                                                                                                                                                                                                                                  SHA-512:322DF7AFB16185EB4D39AA4881A27E04B1D310773FCFBB77D0F1C83237A56D100F6567091E30BF0DC6A11EA29A22A52BF091B66C5863823596108C155C031588
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............(.......gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE...#..$..%..$..#..#..$..$..$..#..$..#..%..%..$..#..#..#..#..#..$..#..#..$..$..$..$..$..#..#..$..$..$..$..$..$..$..$..$..#..$..$..$..$..$..$..$..#..$..%..$..$..$..#..$..$..%..$..#..$..$..#..$..$..$..$..$..$..$..$..$..$..#..#..$..$..%..$.....p~.S...NtRNS........................T....L..........K..T...S.....JJ...O....r)1N.T......L...P.....bKGDOnfAI....pHYs.................tIME........l.-....IDAT..-.g..`.F..o.PISC.[.........|..s.@.Jr.PM.3.Ah.&....dI.01..t...v.K.h.o[?..^.....Gc.&..8....A..<..r5...QY.F..n.8..@=A.l.u.....n.C.....>.o.4...&!.KUd.&R$>.e*o..T....:...~g....%tEXtdate:create.2022-02-16T15:21:59+00:00h......%tEXtdate:modify.2022-02-16T15:21:59+00:00..x.....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):327
                                                                                                                                                                                                                                                  Entropy (8bit):7.1140535970703365
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPIcWn2ofLbzmoGGaKdwjXI76l4AXT8ctmzXxNuJpTqAp:6v/7DWn3btahecDAuJp1
                                                                                                                                                                                                                                                  MD5:C0708D1E58F1EF1BAB621620F3B09130
                                                                                                                                                                                                                                                  SHA1:0BEB49A1CC1E71F364BCF42B474890F35CB8CC3A
                                                                                                                                                                                                                                                  SHA-256:834380BD8B6F9BFEF000A555541AEC2BEC01DC46C91DCB7F950D109B81BAE5C2
                                                                                                                                                                                                                                                  SHA-512:241C93BC2677B1F0788C2C0DDD9A7FFCCC7A865DAD427EA8C89E437FC796FD12F80D2A962A8D02B1B2391E10CFF768F17E34BD45502A0E31D6E1C8F443C2AA34
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............Vu\.....gAMA......a.....IDAT(...On.@........=J.&....5....8A..M]{..s......Q#0.7...0.......yr).q8..s....sp.....W.u.q+..;|.5&..n{..{.............>..".^S......#q.6B...4.t....~e.[@B.&...L.o...h..8.......Q....+..b.i..MhxRaG....Y..F....,......G.E....`(....V.v.4.b.$..S.O.....Sh.B....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 12 x 12, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):272
                                                                                                                                                                                                                                                  Entropy (8bit):6.591404605834916
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPIcE/6TsR/nQV32e46OIoiMr6FRK7MhtCxllbp:6v/7DE/6Ts/nnPIcr6+ozCjz
                                                                                                                                                                                                                                                  MD5:F79A1953A8E6CC342847B4B00DDBD736
                                                                                                                                                                                                                                                  SHA1:9AC411CADB6652F4FDBD854300ADCB5C21C04BAA
                                                                                                                                                                                                                                                  SHA-256:4F8EF204C1884F868866D03B4D11DF1237480C1CAA38ADEC1C13444050105B88
                                                                                                                                                                                                                                                  SHA-512:DFB54D3D20FF53B867328945FE3D69B56055D5861EFCE2A069653B1792A5477AB4C3B73A3DEE82DD1377D1573099AB70C2F6C285C694DDBD0B1EE9667CFC4F2A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............Vu\.....pHYs.................sRGB.........gAMA......a.....IDATx.u.... .DW>...>.RRYJq>).>|E...!..3...t...a.?..w.!.P..../l....2....Q..ZS.%'.........y^.Q..H.T.V.D..W]..t.*X4t#9O;......=U%u0...f.......3`...[.S^..m..$..?[...{4.Y....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_error.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 14 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):428
                                                                                                                                                                                                                                                  Entropy (8bit):7.367179920202989
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7iIHbGI9XbxzlcdqzUCOXC5pC38WWn9:eGIrzlcdL4CZW9
                                                                                                                                                                                                                                                  MD5:0EF65600F5A2D01876B6F9EC668C9D2E
                                                                                                                                                                                                                                                  SHA1:31F378D2D6BE62F3A426523B1AA3D61323B2B9AA
                                                                                                                                                                                                                                                  SHA-256:17DC5C3BAA1D35CA60C7DEE7CC70B76446765769960FC5D4852E065478C871C4
                                                                                                                                                                                                                                                  SHA-512:7D9EC74CECF8DF49D4F8E676053573798A029D889E8676CFE90891EB68E49A2FE9AE828F38BB99851888B25A76581EBE2B62694D3C66D193016B4446004A9271
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............H-.....gAMA......a....cIDAT(.uR.J.A..f..&Q..*....h..... ...(.........K...!Vib...B...qf..{.9....|..3C............@..........5..8.b...z`-....s.ID..G....PEQ.;?1...p.h;..z6Z..4.X..c..$E3s.b..ry.|..yVy...0.Rr..W..S.......A.1.....s./".j..g.H{l...Q....d................fE..;..'+.).j.F...J......~.s..Y./...6.v....|......,...m..[m....n......D.E.OvU.n..W<.m..=h#.O..Zm.yj..@.tums.....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 233 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5361
                                                                                                                                                                                                                                                  Entropy (8bit):7.956335361585333
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:tXYxwio7C2guemm5poLpMmjxiN4f7DsCk7RkuxKBaKeVfGJiQmiMQ2qileA2I:toxpo9gKmsMmjwSXgyLBepQblA2I
                                                                                                                                                                                                                                                  MD5:0D8F8EFEB474FC9B2C825D7F2A875471
                                                                                                                                                                                                                                                  SHA1:ADBC30FD0131A01B3150753C7EBFD6EF648F0DE1
                                                                                                                                                                                                                                                  SHA-256:ACC40FDA844EADDF65B9580C484F1FE2E17358B352D99BABC6865BF0C74D9B00
                                                                                                                                                                                                                                                  SHA-512:90FEBC4B2165D37CBB1CF09295CF2F5B5713DD14A02CDC101318426CEB55D35B7C47B254D0F20CCB8297FC69EE77EAA5969FF98A0965D325C94AD81B6A56BA9E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............9B....gAMA......a.....IDATx...xTE....I .D..l,....(....Q.\..ftf...qA..D...?a..o.#.8..<.9:....A..."......KB...?7...M:......}7U..9..N.s.T..hZ"%$..@B...$$..@B...4!.UYY.E].Ln.%Qu.K.8....Z+I..m...m%v.6...K..]ki....W.}.y.%.O.1"dY..5...{...x.ef.X.~a..3K.u.l^.8'..?.z*#%.._.}.yT..Z..k..b..3{.{.>W_.,x,J......LM.T.>.x.....^..c.'...8^..(]...z(..._.......&..w..9..)..W.,s1.>.):.0.4.Y...nq...7....;......7)Xk.a...O...g.l...c.^..)8.%.e...h....U..7.O.'$.....]K.r0.Y5u..K....tH?.NSzwl.o..IG6...........X.(.z-.X....ju.+.Jpd.j......t.>...../?TW.0u..7........@B.. ....yYZ.iZ..:s...}_X2.O.....1kJ..3.*.9+... ].4.Y.2.....r>hM....}..-..|!d..i#U...F...Dr...5....D[..]..u._u....[.>.{5.xX...t.|L........}?........J.H?P.....M.n....-.......d......pQ....3..[...;vT.dg....5.@..0...[.c..1...U....i........a...o..[.PB.....E..^......."|........$..."V....tZ..`W...[...z.1..[~.Buu.[.........]/..x.(.`Z.A....`p...]RR.4u'u.]..u'...p..[sh..w.....g+

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 232 x 23, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2938
                                                                                                                                                                                                                                                  Entropy (8bit):7.909981061900822
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:nv/69bTJ0Ji4hnEhRHzXJH3ndGzDr9zHUeqr7zpiT7efEgo3cRE0+U9sLBCYv2ZG:vSdJN7HziDr3S9i/efLQcRZ9sowGdK
                                                                                                                                                                                                                                                  MD5:65938FC9439B2307513A95D515BCA1F7
                                                                                                                                                                                                                                                  SHA1:DDDFE8D64ED371E973C46B6726B60BB0C0810BF9
                                                                                                                                                                                                                                                  SHA-256:B2703E2E2A404B90EDAB7A67B23037C32BE2780F20CB15FFA6F6E44666B8EFB5
                                                                                                                                                                                                                                                  SHA-512:93F755F5E208CA08955684D7789F6B8AF49F542DD41AFD9D678EC417CB535734C9C8182B87EC2EA8B8AA9FA502AC8BA90E383A9977F7E01BFF393AF0D1F400BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............m......pHYs.................sRGB.........gAMA......a.....IDATx..\]R...o.T.yZ.'.8..y..f_"N.8.....`N.r... '.y...>,{..'.}....n..%[..!U.)..|.t...G..O?.. .~....@.N...a;..e.....1}.?....>.Ma...>.?..u.}L...m.N. ..8.>fe*.z..dr..u.D.1.R<.....T..J.......\.ZP..V}....M?...2..3.....)...T.yG.4...kO....t......b5...-....4F].q%c...-....v.2...O....g0...g.&R.2.n..<?P.q9.....+l3...X&T;...z."L).12..D..a.G3..OQ.Y....%..P.=.....2....%u.}4.(..N.!.)t....w...M.@.0.pt.a%..N...|.|\f+H.Rk.?..G..v.q.7.5.'..F}.....lm....rS[.4..F2..R.-..V......AU....!./.\S;...M/..K`..w...>.f'm..bf..y>..$D@......1....3.>...Cn!.:.........C*..-.PE14....$&}..?..I...._2.m.<....L.<.........92.p......jT....%.~..Q.U...6.4/.U..4L+HK.\i.z...Au.@>Z..Y.....kk...pQ..!....|..1g8...Uc$.....Y......9.....`0t..p..(...R.N....w`......\...<......M....-.95.f..W;xx>.7"..'..._z.REq.=e2..bg.S..r..VKcI.j.....\.O..T...q.>....H..6AE...{'?.....w.X.J...w.d.......O%..-%...1*.53..NPB.O.[M./.:..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 175 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2517
                                                                                                                                                                                                                                                  Entropy (8bit):7.899112131446941
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:/O/6MOvIltQSb2EVW6+mjuOR6aPFUCJou7qDnUa+oNWsYFKaUCBmb:2SrOtQFglR6a9U2f7qDMoEh7UCU
                                                                                                                                                                                                                                                  MD5:C5FFDD4032AA96D998DF4BBE0DFD49D3
                                                                                                                                                                                                                                                  SHA1:46BACEE7C5C587024EE25C2E900C7580B1F12FF9
                                                                                                                                                                                                                                                  SHA-256:010AF7BF170A9355D191C042768D37E4E8559EC4384F27EEA39A79C4BD1C3AE1
                                                                                                                                                                                                                                                  SHA-512:BD89D324B107FC6B7806B3E5C098ED19C7D19DE47430D68C903F632A4471DE2C00B4290F306366C51EE71819AB8E4C9897C4827846EEE604F7F6539DCC38B6EB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............`./.....pHYs.................sRGB.........gAMA......a....jIDATx..Z.o....YJ"...[$r.(P#Fc.\."...^E.....=.:....@.9.....d.^...S4.6.@..D,."Ll.....Y..!.T. z...3o.y.W.....O.yrq....b.l......u.z............O*....uZo.]..A.xu1....M..c.+!6.N{,n.P..{B.<.....9....~.W..z-..#.1..q.7p5.._%ja....w..\.W..H..........By.%.?....CQ.Z...j......bV.f.....c.](..6..d...|)..hTe6.O....X.\.:q....^.I..fZ.y..q......}!.....v........U..x....].e..o...P.]...u&A._........c.<...P..3..cO]...z...:bFh.~....`......1V..&.......4<..{.*..t....S..j.S.s..Q........'../..b.PRn..P......`p.......@...8T.P.Q.R{..A.\.).N.i0...+.=<9...k+K..vz.DL.M.^.7......O.. .o...@... ...wU...m.3....x....l.|u-...2.M.N{^i.d.......s...R.H.`.09.;.....U:..c(.D$.N.(G.P.2.....T......r.W)...@h..1<..CI...<........M...X......$....[S..#.r..C3..y.R.P$z..).n....Gy.W......d..H{.3.q}....q....H..T._~...@..5....U......n.......1.)..'.M.x...Ab...x..=.<...&.x...k.q_.4#...l.6.i9.;.C.9

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo_upsell2.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 175 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2146
                                                                                                                                                                                                                                                  Entropy (8bit):7.878767198815235
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:X/6uYit83CnCOqfU1paiFTeUpKJX9+E+orrs30ocDx4/OcrG1:XSXi6SnChfypRFTBpu+E38kNxKOcrQ
                                                                                                                                                                                                                                                  MD5:39D8F472934136936FF3FEE841245A9C
                                                                                                                                                                                                                                                  SHA1:812281447AAE48A891F8A5FA9CA63C117E5E9ED1
                                                                                                                                                                                                                                                  SHA-256:DA9F72BF2AF97A5A1D5C8884F8D5BFB2CF232A7026CF9123E02F5909AAAD2F70
                                                                                                                                                                                                                                                  SHA-512:7C3791E59F161A31486E36F6FB6A23E0589286342FE4A11D9DCBE975194ED0EC0EF223478072B2360E3CA276D6BA5BE0C4E2FE64FC82BC646945965E03556447
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............-......pHYs.................sRGB.........gAMA......a.....IDATx..Z.Q.J.m-.....G`9...?..".C.^"."@D.D..........8..........>==.HH.k1..v..y..zN?.d.?..nA.?.......L.M.o#...f.GOK|m..O...........KW_.P%...*.k.X.........;.v...|.|..KH.,.@4.....d#+{(WcN....... ......C..).CG~.g..M..*.jQ.y-S.u.}FA....4........b..9.&\.../)=&.3MY6Mc.5.SS.r.rI..NX."Q. .;PH.@..$....3l.(.1.x..|=...CE...*......Q~.J.......r....d.$.9...\\D.x/..;.%>,.p|.EO..].4"r..i......D..Z..%.-..bQ....m .~...k.a..n..lR...>p./(.f:-.k..lU.!.7..]Ut...~\9.....@...L...|...h.W..R..e..PV..vt.x_..I.h.4...]<...G..K.T.V.)...w.....,fv...^..)........)..........Y....@.8.....[..|x.wYYW.9.X..C...p..nP......p+|.-.q.F......>%........FL..s..?.J.%NH....;....b.dy.HN.13^.y.3`.zM.0.....u[-.....A.|e...4..P.3o1r>.y.`.gM}...H.R..;..F...<.zT..T..[.+.P..Q.>QS.Y..aN .>.....vc}.?u}].c6}..y...y[._....Z.@....P..o.S...^...yg......h....>.jB...+.1?.&V..V....<.O.......|uX...m...::..9...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_score_logo.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 100 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1627
                                                                                                                                                                                                                                                  Entropy (8bit):7.826159192497283
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3F/6TZYDTDiZweTZamTAaTJ6r/OIQz5URWkUX:3FSCXi6elamQ/Eb
                                                                                                                                                                                                                                                  MD5:E6797831954D0AEADF1E7CD268F4BE8D
                                                                                                                                                                                                                                                  SHA1:8CDEAC8420271C46DB443A03C58AA2E039EBDE50
                                                                                                                                                                                                                                                  SHA-256:9EE5FC5E12400AE65711B9B664E75EEB3273C051E29FADF4FE2104B59C89437A
                                                                                                                                                                                                                                                  SHA-512:EB53492D4B7BF87E09D049006E8759A87C4062950A9F88A636E7B7469AA5937DAB463DCA22294FE64A09DFDA19BDA711A6160E7762F147E5D2F5A95E3EEDE984
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...d.........{.......pHYs.................sRGB.........gAMA......a.....IDATx..X]n.F..%.@F.V)b[z.OP...O`...O`.H.j..h..>A..X9....A....E.Kv..H....7.%..(J.%...@.........n..DGN.sH......B...w[Y..R.....]..'......3.#...+........q|..).*.....$e.M.d.;..w...*.^C1.Z..h....O.o.X||.,.&A.....>).vF...p..S)e......./.y.pW.Ph.Z_Hy*.h..LG.{..,.b*..4.."~].qg.Q....(dx,..5...sFh/.n.0. ../....y....K*.......\F.R.....R.. 8z+....7 ....[b..dS.^.vQ.X.+.B....W=n.b.m.,..q.?...<....l.H3..V.a....r.V.|?XP..t.E$._?..k..[.x.].E....5....^y...b..6.9.u......e:....<@iV..-C%W.....8..C&M.o....!?KY.\o.6gr.j....../......@p......r&C....D.v:....[k}.X.l.u:..vv...Ve.....:.....J.@.~G...^4.M...4-W%....p.z....[.D.J....0....K.K.Lm...K....@J..vvgd*..Iyf........O''...%....MS....V..2.\2-..O.y.iLe..x....k~~.Z..6.H1.h.@:...;PF...l|...}.|v..)3..q....nw...6{...i3iM......}pe4..\..... ....d.]....D.`.a.C....FD.!/...s.4%.I....|S....-...nK...D....&Ov....a:H..V.&..."|.......:#.S...|..u....H.:..../...a4j

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_check.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 18 x 14, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2902
                                                                                                                                                                                                                                                  Entropy (8bit):7.8683772202551845
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:i/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODW3O1:iSDZ/I09Da01l+gmkyTt6Hk8nTb1
                                                                                                                                                                                                                                                  MD5:E4C0EC02D11F61DA1A702B0EFA2EC744
                                                                                                                                                                                                                                                  SHA1:F4E64300F14D0BEA27129A72BE91A668A9B9FB9E
                                                                                                                                                                                                                                                  SHA-256:2AC30B35B0BC163BC18B3B4B2982A6EE4095202FCF2EF8E35BCD415D8FFE04A8
                                                                                                                                                                                                                                                  SHA-512:6E659358DC715D700E4FB9BED2B8054408D3BD79AF8B492D6197D53038990AA12558957CA9C4BD436D83C2507DF165C55F2F0FB4E93C13480DF932E58E16EED1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............".L.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_downchevron.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 5 x 6, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2816
                                                                                                                                                                                                                                                  Entropy (8bit):7.867254837776759
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:/h/6DocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcODM:/hSDZ/I09Da01l+gmkyTt6Hk8nTM
                                                                                                                                                                                                                                                  MD5:59934A5C534B8372CC2ACAD83B1F55E6
                                                                                                                                                                                                                                                  SHA1:8285F5654E3A077445E73685ABFD638BE7F1F4C6
                                                                                                                                                                                                                                                  SHA-256:130541A07A3D9E2050A6AC15D659E29A21F080F6CB1D7DB2800255FF94FD8310
                                                                                                                                                                                                                                                  SHA-512:37D1BA15D460F33B62FEF40B32DB95F136C268727AEF5ECFDFD3ADA471D26C78FE89438D0BF13FD966E19FBB7A9E06BD3FA27DFC326AA42699330145AD634BCE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...............TK....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_exclamation.gif

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 4 x 18
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):376
                                                                                                                                                                                                                                                  Entropy (8bit):5.513362384873133
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:772Q1kVEn88d0e6FEVU5drwF0cVe6FEVU5drwF0cVe6FEVU5drwF0c4e6FEVU5dH:772LVEnl6FEC5drwns6FEC5drwns6FEM
                                                                                                                                                                                                                                                  MD5:BFE2AF9C7C0433C86314783E61A437BA
                                                                                                                                                                                                                                                  SHA1:4CB221B2CC8ECDE82AA813C3E136DB749BFCE3A1
                                                                                                                                                                                                                                                  SHA-256:0DD3C3D9570BCA1ABC663C5E301B9CC8025F92EC0C12B6781A8A521663A8DB75
                                                                                                                                                                                                                                                  SHA-512:22E3EBE60BCBBFE6B728885CAE1B16BDB8D980B1AA80F931DDAC4020EC13CB7F3AE80CCD0A1A7465FB513D1AC70AEB59B12FB5E88CF6EC809EB178CCA2DB5405
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:GIF89a........2^.q..Aj."Q.a.....Qw................E...!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!...2...,..........#p..$.u24.K2)....0..d<..0.....h;.3..!.......,.............I..8.m#.!.......,..........#p..$.u24.K2)....0..d<..0.....h;.3..;

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_questionmark.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 13 x 17, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):391
                                                                                                                                                                                                                                                  Entropy (8bit):6.968282594262006
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7Y4njM9CusK7SWlR4oPfMrjbi7voD7:0njM94QSWlR4oP0XbVD7
                                                                                                                                                                                                                                                  MD5:A85D5FA023FD935DDA508A42B9DFECC4
                                                                                                                                                                                                                                                  SHA1:2EE82A16CE7120CB2B211A3502E63023DD011C4B
                                                                                                                                                                                                                                                  SHA-256:A47F084F275C50D52E4E74E44E554E4810210029337B13DCE3E98EF29FDDD35E
                                                                                                                                                                                                                                                  SHA-512:1E07CC1A5CB220AE4C3FFE1860DA715C2C9E569B79A61818B4FCC2EDD4C9C6D05EA597DDAAB20B37950A005B642CBBF995AE809C0774D2D8584D87D2C366BADB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...............&.....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6......tEXtCreation Time.10/1/14........IDAT(....DA..._.V.%D.h.(x....(6^.+(<..3H4:...S*..M&...2.w.f.w.sNf"...s....0..6...8.~.`....u..(.0pU.~..X.&Nq_xn".6:..a.......SJ.6("V.u...H..]....\..X....k5z...Z.q..X.NhR..X,f.....Y+0...jhXC)..`0X*..}~..&-..J..>.:@..;.......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_timer.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):449
                                                                                                                                                                                                                                                  Entropy (8bit):7.31532155890383
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/74/6Ts/MYcGVkHcafQ2ueaTxpJz8mbEYST43v9u:x/6C3VkHnQ2vcxputYST43v9u
                                                                                                                                                                                                                                                  MD5:DE0508D8669FC70B4D92B58076D288DF
                                                                                                                                                                                                                                                  SHA1:AE206B763654EEEB4457853BDBD46A510A693ACA
                                                                                                                                                                                                                                                  SHA-256:2ABBD585797B5DCF4CFE7908B5325E51CB5A0A5EEA117723A78444D484C1B269
                                                                                                                                                                                                                                                  SHA-512:212BC0318562BED2CEE66C6BA4855F9F4A6A69125B869859AEE7BDC3F08A02EBAD9C6F5C432E6DDB3C091E4D8796FCF56AE6F2253A0C40DC2DDE7F97F49B3413
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....VIDATx..U=N.0..R.....J`.1...%6...#p....M.'ho.#.7..ea0...*M..8.*..>9...s...=..~....+..1.....R.-...t`$.si=....W2...E..,...$gh..{.j....<.T[..O!A<.?..&<'G...!.M..T..|.@H....N..S...K.8.Z.p@....|M~...(Lc.........).......E.....#....C..]sxlS.}6=....~.._.?.;.K..5..)r7h..nV.E.).=.F5.u3.2i..)`......*.....$@.}..] .9W.7......8w...y?....r.OW../c;.v.^.....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\edge_search\edge_search_events.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2354
                                                                                                                                                                                                                                                  Entropy (8bit):5.633221367466797
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:RRlHOHSm2ejO/XYJ8ZRSLiPcvfkXKGm3kqZQuVQQBKwv:RSHfz6fEcsukvfqm3kquQUwv
                                                                                                                                                                                                                                                  MD5:7169C5E4E176BDBE7D40E69398C96FFF
                                                                                                                                                                                                                                                  SHA1:C3F3A9B8F21C11214E0091F9496207ACE7345749
                                                                                                                                                                                                                                                  SHA-256:4388582267EE6EDBD053B96CBE9747A736BB564B11BE5C2DFC2C60564C3C462D
                                                                                                                                                                                                                                                  SHA-512:0FA589D2D41CF5B40C4C96BD4835287221C8A7524EE843A7A4F465FCC310839EE4F2412841AB971AF15000A27E8A76C9B6BF6EED1D25F42CD44364F0F2A84DD1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6...9...9...9...B.......X...6...9.......9...'...B...)...L...6.......9...+...-...)...B...L......GetOption.settingsPpackages.edge_search.search_ext_popup: web view is not enabled or installed.info.log!is_web_view_installed_and_on.common_utils.utils.corev.......6...9.......9...'...B...1...K.....Cpackages.edge_search.on_search_ext_popup_coachmark_exit called.info.log.core........--.......X...6...9.......9...'...B...K...-...B.......X.......X...6...9.......9...'...B...K...6...9...9...9...B.......X...6...9.......9...'...B...K...5...=...6.......5...B...1...K...........tooltip...balloon_type!edge_search_enablement_guide.ShowUi.EventData....onExit<packages.edge_search.on_search_ext_popup_coachmark_exit.EventData..web_view2_ui_templatecfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.html.UiTemplate..UiType.overlay_uiPpackages.edge_search.search_ext_popup: web view is not enabled or installed!is_web_view_installed_and_on.common_utils.utilsQpa

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\mwbhandler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2200
                                                                                                                                                                                                                                                  Entropy (8bit):5.875568146350153
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:920riK5mljJJVdRquhrp6G5hRCmkasNfK0xxPUCyo:PriKOVJ/RquhrgGHRjstK0xSdo
                                                                                                                                                                                                                                                  MD5:D025A17244204760C0F7D3A9356E62A5
                                                                                                                                                                                                                                                  SHA1:AD60FF86E7CC76584907642E341776CEFD1CEC87
                                                                                                                                                                                                                                                  SHA-256:FB16B671B4A7EDD07CBE8F5D695593F40EEBB30997F8AA1A84BE42375AA4F2EB
                                                                                                                                                                                                                                                  SHA-512:A5F5EE4A01AC1C352BFBFF71F20F422B80FFB37851F7B68F13FAF570505FFAF3BAB08BBA36701F425DC3B71B5E428A0A6F75F50E2828C1BB6784317F9F2EF063
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..:.......6...9...+...=...K....checklist_showing.mwb.packages.........5...=...6.......5...=...B...6...9...+...=...K....checklist_showing.mwb.packages.checklisttype....checklisttype..ShowUi.EventData....UiType.mwbChecklist.web_view2_ui_templateGfile:///[WA_FILES]/mfw\packages_web_view\mwb\wa-mwb-checklist.html.onExit#packages.mwb.update_mwb_status.EventData..UiTemplate2wacore:mfw\packages\mwb\wa-mwb-checklist.html......$...9...6...9...6...9...9.......9.......B...A...6...9...9.......X...+...+...J.......X...9.......X...6...9.......9...'...B...+...+...J.......X.......X...+...+...J...6...9...9.......9...+...'...+...B.......X...+...+...J...'.......X...'.......&...6...9...9.......9...+...'.......&...+...B.......X...+...+...J.......X.-.6.......9.......B...-...8.......X...6...9.......9...'.......&...B...+...+...J.......X...6...9...........)...+...B.......X...6...9...9.......9...+...'.......&...+...B...+...+...J...6...6.......9...+...'.......&...'...B...A.......X...+...-...9. .J...*...6.!.9."

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\stop-video-alert-icon.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 95 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4147
                                                                                                                                                                                                                                                  Entropy (8bit):7.943867399456676
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:rwd191zRv2ElL3+eYGSRCvWC7P4cHALED9gqwptnaO6:rwdXjv2Yz+mbuuZ09qwnaO6
                                                                                                                                                                                                                                                  MD5:96E5352C228F18132282903C3CA79F35
                                                                                                                                                                                                                                                  SHA1:9D7D72FB9134B222D7FFE36811FCC82FAB5FE0B1
                                                                                                                                                                                                                                                  SHA-256:64BDF768575AFA7B3ECB4786F55F67983F5EFA2A8882D1F0131F8C28F646F5EA
                                                                                                                                                                                                                                                  SHA-512:992F49CFAEE0692705D769F906CBCF7479FD87D2506D95DACF198E3457D6AC5A91776C710312405A7B5FF651B8C97CB10DD54B5D86DA202B8A1E9CEFC7D53955
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..._...H.......).....sRGB.........IDATx..\.p.......n...G....D$.b.H).2.tl.Vgj.....L[.N;c.T.vZ:.b[;..C<PK....$*.p.B ....{.....mv..Hv...!.?.....{........i.g....~..hnu:...l.B#....4........6t..........$^..|..l.M1u7$....8u...hYy....#..Z...|.u.N.?$..#...n....<..O..j....d*&......*...^x.?.9}...=..^.... ''...J.;.8....]...Lo.\tvtb....gW.k<....._.c.........2.k....NG.....F...FBBB@A._$se@.?}.c...._{......o.l.5%.F....@..:<......._.'.[...$o.....X.x>./X.}.......M......;.a%zzzQtCA..P.<}....B.#..C.7....*|...a...L.-m8..)....V...|..sf*q.j..RPp.r_s.<..:.am.tZ./.7"7;.{..Bcc..-..7.O......^....Y.i>q#.I.>.[.nG]]..'.I..i.............&..o...uy.::....r.8q..a....1.............y4._C\.nZ..{..7.|..u:-.W.Sz...2...[..G...e.7q...\......]{QT...w.q...q.....<.}..QTT..^..?..If#..{..ErR"j....^..9..9.=..x%.lCFZJDeH...d.....9........p....>.C.......q[i).>:...7....#!.=.....V..N...;.........O...C........W....y.ts..x..188.GC%..q..G..-PDSV.....E...47.lhh..5e..+....N.|..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-controller-mwb-checklist.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (315), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9731
                                                                                                                                                                                                                                                  Entropy (8bit):4.511171296508002
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:b4H4SSJczePaYszA8XnTMAPVwqAc7g4UM+:MYSSJes8XnTDPV4c7g4u
                                                                                                                                                                                                                                                  MD5:718CE1B892CEB6151C1A89B418CE8457
                                                                                                                                                                                                                                                  SHA1:CEA68426F13210D1DE72D0169D6F92D9479272FA
                                                                                                                                                                                                                                                  SHA-256:D90B950687B7B090A7C2D68341B082564E1054ADA60F9854D6305E7807B1FE69
                                                                                                                                                                                                                                                  SHA-512:5B1D79CCF7FF9DF295AAA595DD8EC42660B7470794903E9D6DB23A4983F890126814C5DB7F5A265A7ECD0A636CC533FEC8052DA915B83FB31AC0DA5F9A7682A5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* MWB CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.WEBBOOST).get,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.. var browser = _window.getBrowserType();.. var wbShown = "WBShown";.. var wbLastShown = "WBLastShownDate";.. var installDir = _external.getInstallDir();.. if (browser === "FF") {.. wbShown = wbShown + "_" + browser.toLowerCase();.. wbLastShown = wbLastShown + "_" + browser.toLowerCase();.. }.. this.update = function () {.. _window.ready(function () {.. var args = JSON.parse(_external.get

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-mwb-checklist.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2398
                                                                                                                                                                                                                                                  Entropy (8bit):4.93822260700824
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3OTFbMv26ITWDE5CFqOcqehQORDe2SVXA:EaEIqOcqiQq62X
                                                                                                                                                                                                                                                  MD5:C12300C6B42BAAC68B61C8DD1BCCD123
                                                                                                                                                                                                                                                  SHA1:E0BC246A5783C9B1548FCBCD3973EB73A0020A56
                                                                                                                                                                                                                                                  SHA-256:3ED4AF8DB1B04416E157A1B3D569156F0F43C1E51AF18B59D17523E26FCC2C8D
                                                                                                                                                                                                                                                  SHA-512:9F1E39762811D3E8448502D3C8468AA4F4254FB562F1D91B0982F38AF7C037009A1B15FB0A64B59835C0DDD63B93AFACFA3864BED50624943CF802E97A306781
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-webboost-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:m

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wb-rocket-icon.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 20 x 19, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):435
                                                                                                                                                                                                                                                  Entropy (8bit):7.339595422017506
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7op8DZNN+N/mjoPou/d3mFiRWpK2NV9V6/v7CFmP1:lwwN/fPouV3mkWvn9VSmMP1
                                                                                                                                                                                                                                                  MD5:17F00098D9F726B994583103F81EB7AC
                                                                                                                                                                                                                                                  SHA1:18DF2437F9019ED8A7E111EEE48E1CA17F3BB19A
                                                                                                                                                                                                                                                  SHA-256:71983847EA4F7014741BD89DDF4A33AF884A7636414E55912077CC00959199B9
                                                                                                                                                                                                                                                  SHA-512:2BD4C0C36B43B61E1544C99E4B8B7C46789EDF91206929EF7EB1F7E5E5B810439D2A673E3EDC200BAC295003D544B9B9B94275AA29D3DDE9F5585E550553E6E0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...............-.....sRGB........mIDAT8...=K.A.E.1...&....X..(.....V..h.O.....J.l,l..t.je.."..Z....B.DD..d.f...f/.f.{sov.%.T..a...p....R..6X.O0..;.w....7...,K=V .n..'*C....D[..ds.N.4...W..C..]..}0uM1.. .^...C6..O{.3....8....\...t.#.Fc..eks...x...K.....W..o.}@.N.pH.l..H.E.....ix.....z.1....=....P.SG.y..]CL.p....=.@..`..^..~/.8.,k..5(B.........di.IZWi..t6........&..n.c...4.'..e ...]3..........[....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\clipboard.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 70 x 69, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3947
                                                                                                                                                                                                                                                  Entropy (8bit):7.943205117846418
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:XpIVSotMeomWtuupLHgHzDJhbpmV3G4fNjirxU:mSCJodtwTDJhFu3G4fNWq
                                                                                                                                                                                                                                                  MD5:744E7ECE73DE770613033AF4C28735FE
                                                                                                                                                                                                                                                  SHA1:F7598A712AB76AFBFC8B880FAFA9C307D0942952
                                                                                                                                                                                                                                                  SHA-256:7D324265349E5DF77B3A3A56112E5D13B7A1C9827C4B886205DAB99C279B19E5
                                                                                                                                                                                                                                                  SHA-512:2BB6285603F134BFC6B3B0AA9B4F97B4156D354558AC3B73CE5661988D3A6516528D79DBCA1F82996BC395FE780F41AF7CF144ABAA3CAFC951C0D3FE0A08B165
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...F...E........*....gAMA......a...."IDATx..\.l\.....zw...^{.qpBB...........KA..Q.P.Am.......j..E .r........P..BI...hP.;.......|....}o.y.g.1.d.y....7.....f....C}........f..gE.Y"t......I....d.>d..O,r.&.d3+.x%..G.J...$...P8.....FC.4!..0A`.fk.a.n4....A|..~.@,..'....7tF...Q..C........d....Y.&2..29.HR"..Fs..L.J........<sZ..0..f..[M.A........?w..FcIJ...l..A..l.H.h.L.Fj...+...L.g.....)..x.f..M]mQ&^.Q........-^..v.....n...Y.-.pN`..j!..N.#..?4*g_.`>.s.h.?I^. W..E.K$ a..M.Dc.....{..z8.."...40..v.+.f.......C..Hb?.H*9..1+.\N./_K...082A...(.%...;H........".....n...=.#%+.&.b`...wP...e.t.......X.......:;..+......../.N.............>o.*Jb.#v...>..].j9g5_.....;8(f.).....V..V....J.Q.g.........>.?.p8J...v8..,.$.>.n..aE..;.m#.t.J.t....wkKY>...\Q.e.Rg.....1.....Dc..&EQ4.....t..."......'.?.&.c.I.....I..:.i...:...9..UUg...z..kw9....7;.O..xVq[...s~{..`.SO..E.....n]..gv..w.ib:.F.>...Uhi...z..p:r.].+]...U.m....ZB...P..1mm{....9.a.c...:..l.....=v.g..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\info-16.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):301
                                                                                                                                                                                                                                                  Entropy (8bit):7.008936185757553
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPfAlD5bn3S1bu/6BIMYE00yLbOxD/WeahrkSiuBZ4dp:6v/7HAthII3MYEJ41lBiuBiz
                                                                                                                                                                                                                                                  MD5:B437E1CC057558224FEBE4A96FE66CB7
                                                                                                                                                                                                                                                  SHA1:DECA512775F0FF42BB1B6F734BDDD07DBCFA0AA6
                                                                                                                                                                                                                                                  SHA-256:5F233229050143BA35B24A5DA5E1DB5F2ADCFB0E0F2B78707FFEAF39DAA19249
                                                                                                                                                                                                                                                  SHA-512:EDACD7B9B7674FABB02BA5CB3B2BB5156C992C95715A71D6415353F9B62E9936335F490D2AE4CE7D58DBA68AAFC583AAEAD482D25DFAC459879CF289E2EBDB0A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR................a....IDAT8....JCA..?.[...$..+.........|....BD.....i.*..V..h..+.>....*...X.s...f ..U..X}..B.U.s~SX.}..2..=.........0Q...D]U{.M.?../..}....... .eu.x..~.6..3`% ....y....+..BP../..8.)pm..\..M.h..Q.....-..Y.....u...T....S..0..e..%....u.8].^.........1....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\npshandler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6035
                                                                                                                                                                                                                                                  Entropy (8bit):5.764128715208747
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:iGHQe1nDk6k/Lap8sPnYuOKWi4s0reMRkyi0DlbwOxjHXExCDw:Ce1DkFsPnXLWRs0reMRkyi017xjHXExP
                                                                                                                                                                                                                                                  MD5:7482EABE836445A6C8FDA14A4E353014
                                                                                                                                                                                                                                                  SHA1:C176AFF8F7129E9B691A3F6B5ED52F501AE2101B
                                                                                                                                                                                                                                                  SHA-256:C7D0F5B0E46EE308C4FC511F3CCEC0E7A4038B7BCF02D9B3C3681A268CA7A888
                                                                                                                                                                                                                                                  SHA-512:E6EFAC00A5A8BF329583A1077B73E74F2D94903F5F21473CB48D0A4D2B6CA57297CD8CC51D11757A014A88839CD97AB16B381D4A69C341BE2D6222976D29763C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6...9...+...=...6...9.......9...'...6...6...9...9...B...&...B...K....tostring*[NPS] packages.nps.isSurveyShowing = .info.log.core.isSurveyShowing.nps.packages........#6...9.......9...'...B...6...9...+...=...5...=...6.......5...=...=...B...6...9...+...=...6...9.......9...'...6...6...9...9...B...&...B...K....tostring*[NPS] packages.nps.isSurveyShowing = .isSurveyShowing.triggerType.shownTimes....shownTimes..triggerType..commandName.showNPSSurvey.ShowUi.EventData....onExit$packages.nps.UpdateSurveyStatus.EventData..UiTemplate2wacore:mfw\packages\nps\wa-nps-checklist.html.UiType.npsSurvey.web_view2_ui_templateGfile:///[WA_FILES]/mfw\packages_web_view\nps\wa-nps-checklist.html.nextSurveyCheckTime.nps.packages![NPS] TriggerNPSSurvey start.info.log.core..........6...9.......9...'...B...*...6...9...9.......9...+...'...+...B.......X...6...9...6...9...B... ...=...6...9.......9...'...B...K...6...9...9.......9...+...'...+...B.......X...6...9...+...=...6...9...6...9...B... ...=...6...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-controller-nps-checklist.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (458), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26004
                                                                                                                                                                                                                                                  Entropy (8bit):4.106993065693765
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:toM7vbmeN/beqwi1y42ykBkbae2vx3D00:+Gbm4i+1M
                                                                                                                                                                                                                                                  MD5:4A4FA65EEE365D21F9472C766BCEBD07
                                                                                                                                                                                                                                                  SHA1:BAA05813862F4458C37DAE97612CB4400C7A9612
                                                                                                                                                                                                                                                  SHA-256:D1C2AF320923448FA198A84A10CB85EF17E6932E15A41EAAC1BBF046257D9B48
                                                                                                                                                                                                                                                  SHA-512:C2699F065E347AA8066E8BE307E7DB6FC72B619D933B611710D12EF094B2A2F458A7D10D26756BF4E4F1438ADE15E3B927057F3D6ED99C63E2FEDCC29739F102
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* NPS CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.... this.update = function () {.. _window.ready(function () {.. var args = JSON.parse(_external.getArgument("template_args"));.. if ($(window).height() >= 630) {.. self[args.commandName]();.. } else {.. _window.close();.. }.. });.. };.... this.showNPSSurvey = function () {.. var html = "";.. html += " <table style=\"border-collapse:collapse;width:450px; height: auto;font-family:Open Sans; color:#53565A;border

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-nps-checklist.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2305
                                                                                                                                                                                                                                                  Entropy (8bit):4.925005434064277
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:csY0TlGNVMz7tVMz7EVMz7VMz/VMz8AVMzjVMzJVVMCFqOcO/TP3G+PxCQOR1FEg:3XTFMv26ITWVMCFqOcqehQORDEsD
                                                                                                                                                                                                                                                  MD5:BC8B8A7112D4C26814EA5FC4EF0016AD
                                                                                                                                                                                                                                                  SHA1:C3BDF889D3A0C6C22F6177CE92BD3E375EE23EB5
                                                                                                                                                                                                                                                  SHA-256:AB05C74F771C1B31157779B7BC7B761A30B59967340BD14F288909A752046123
                                                                                                                                                                                                                                                  SHA-512:57B13FB0C6AC3A1140AAF9A8DD5C72D7F7B9F9D9B6B39EA93BE00833FD1C65E31D988A7E1C643561D4A898BD8443E81A4563BDB7CB0BEA93F0C5CCD0665EBDA5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-ui-dialog.js"></script>.. <script type="text/javascript" src="wa

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon-selected.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):477
                                                                                                                                                                                                                                                  Entropy (8bit):7.351051330229087
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7y2VDhNOYjroguA84jleUzz0BDdbNSp42duo1:wVlYq7kC02yNSp5Qo1
                                                                                                                                                                                                                                                  MD5:8DD33EC0D498CB6C2FAA490D5FFCAB72
                                                                                                                                                                                                                                                  SHA1:E278EF1E92293D41820D83E115A7195E30509BAA
                                                                                                                                                                                                                                                  SHA-256:C43CDCDA1172EA4E55CD6725B5FB3B0F2ED9F8AC2C3DFAB3CB5A927550C00492
                                                                                                                                                                                                                                                  SHA-512:20257C6B39D94376C69118E91480F101B96E168E0C1AE599E505E76C4785A08C7CEC0297B84B8FB99EC690C16FEBE8985C8558AFEE13A7503D053760FB52B242
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.19..d...ZIDAT8O..1(.a......QJ1... ....2.3..`R2.u...*.h1. ..,.1...=..9}.........y.._....E..M...%;j....}|.Z....m5........;..,.v.l6...X....^].F./{.q.-V.0.sGaf...\.S.*WV..7.3f{U.A......Q.....L..%.Q..\.'....M.Q.lOn~.;.p]s...j.....5G...c.QV|a..(....1.+..W:.2l;....b....)7.3`;.....Z...Y.....KY.V...Jx.V.G~..V......+.!..U,.........|.O|.s.`...'I...-Ps4m."....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):621
                                                                                                                                                                                                                                                  Entropy (8bit):7.440301212402691
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7y2VcCkoWVpXHvC+N3Pei2PrEyBvatOrED0uapdvoXP:wVZk/9/ei2D6d07m
                                                                                                                                                                                                                                                  MD5:CAE22AF422FC994E24E8CCAE7ECDFCD2
                                                                                                                                                                                                                                                  SHA1:E237654EE11A51773BBC840A27F79D6EB2DB0000
                                                                                                                                                                                                                                                  SHA-256:48B34A024F5B925DFB6B8973876708BDD49B363712E74981078661D638E8440B
                                                                                                                                                                                                                                                  SHA-512:8A818292FB67F81A7339DC2866EE5884DBF5DD97707F6567F4B1A6DA7CDD8FE8ED8BBEAB04CA610FFF2C1B80C36A1873ED331187FD9A8BA8734DBAA401076379
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................gAMA......a.....pHYs..........o.d....tEXtSoftware.paint.net 4.0.19..d....IDAT8O..1H.A../!Q....@@kI.H...AmR......w.'.W(j..UHa%H..b.(....R^.B,...!M .I.B....x'..`.._.....y....U.e.D.4.D..Z..Z...I.+...B...i~.R.=.2.Ci...3.zw.c...;...n.ju...(.G.e..(}..<w...Y.R.b..v}.='0.V.^.tQy..,rf"T.B.Ry..&..._sQvw...%g$p....8.8...,...R.I..........'......g..m..^F.7N..Q.i.....<..O.8....y..<"..I}...,...*...<R&...s..;\..J.'8.G....f..o...l .^...(e^..;..t.._.....F%...k$.......:.'..u.n..g....@..N...E.....m....4M.\Do...H.b^?...t....}.......}Ahl.G....~..>.@..3g..U(\.Q....L......IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7069
                                                                                                                                                                                                                                                  Entropy (8bit):5.1158379235764695
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:OWZxXMHRMroWa7b6xEgPGquAED+YhAAA8b89Y/5Pbqx51E5hh565/M7buH0eFDeW:OW0H28Fguf+y89K2kCdMunbH
                                                                                                                                                                                                                                                  MD5:DA38A5E3FA021CA0E9369FA61CC3C877
                                                                                                                                                                                                                                                  SHA1:6DF68EBE3079FB3A73204CF97ABAD6BAF5A487ED
                                                                                                                                                                                                                                                  SHA-256:1E1599C4C24FCAE4F1A19B19BF21277D3210D6A3ECF155B767940A628C890223
                                                                                                                                                                                                                                                  SHA-512:6FF562D1E2577294FDE65240B177FFBA950D90AD26421C4AC1D5B3DD6BFB892D7AEB916E23F78FD55FC3108E30C67CD4246204E467124C3A422C7E10E0B82219
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;.. width:fit-content;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* v

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3649
                                                                                                                                                                                                                                                  Entropy (8bit):5.081162908198535
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:jMsaeRv26XbWZNG50ybUYoA1gPeaNS6cD2QXIan75FfEl:jDbGNw1AYomgPeaspDfXIandO
                                                                                                                                                                                                                                                  MD5:2E0C29524877E42439C96690D076A58C
                                                                                                                                                                                                                                                  SHA1:971F598A61BC322699CA2BBC121603AC0E3908B6
                                                                                                                                                                                                                                                  SHA-256:A3CD22B2F53A0BF69A217D1B48CF1627F7B26BE33E0C1083D11A71503AF09DB4
                                                                                                                                                                                                                                                  SHA-512:79131D93033948B63559F074139E5BF7B4E898FC07341D77968A5F9C5B453709CDE48E14BB680B8D757E5C1D0D2CC8E0D5ECCCDD2C48AD19DEE28DC8A8F92EF6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>.... <head>.. <title>WA SS Toggle Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\aj_toasts\\wa-aj-toast-toggle.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\pa

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7536
                                                                                                                                                                                                                                                  Entropy (8bit):5.116758318348117
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:lAvUEJU5h6oVXuVdDE6hYkBaWPwT0JrrvG10qAvlaVXkfldXF:mvhJYrV+fEGIj1bVUdtF
                                                                                                                                                                                                                                                  MD5:5E844B469ABBDEDFB4DA21AC1E37A143
                                                                                                                                                                                                                                                  SHA1:760A76CD1476D6D9642DA62ED433FB09FC25E28B
                                                                                                                                                                                                                                                  SHA-256:3C1972F7E069789006A13B076526748E2804A852CC3CB963BF16EFB0CF667F6E
                                                                                                                                                                                                                                                  SHA-512:21E0BAE0F3C42C0C25A657A1D9F440474709760BD5104C4136F8089A85F2D6E4308F1EFC22263EA3593BD5556085B27B9D995FEE7F58C2B0C7B28770DAC7EDA6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. version1: $(".version1"),.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. feature1Label: $("#feature-1-label"),.. feature1Name: $("#feature-1-name"),.. freeLabel1: $("#free-label-1"),.. feature1Desc: $("#feature-1-desc"),.. feature2Name: $("#feature-2-name"),.. freeLabel2: $("#free-label-2"),.. feature2Desc: $("#feature-2-desc"),.. checkboxContainer: $("#switch-se

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\amazon_upsell_handler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1238
                                                                                                                                                                                                                                                  Entropy (8bit):5.704980533812439
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6wBTG+3j9qlatg94bXSx7ngIdMKWF8gGX5p0TA5+CUTm2X+0XLYJAvM2:BBiIj9qlatVXEngJKWqg8+CUTvxXLqA3
                                                                                                                                                                                                                                                  MD5:7B318AA9AEEF6B2FC46F676281E71CA2
                                                                                                                                                                                                                                                  SHA1:C35493B7AF124AA746F60E39DA5B9A0100FC49E4
                                                                                                                                                                                                                                                  SHA-256:2828777A6FE9009E76598C92530A3B9215918A4392CC6AB5FD5540A833E3B8E7
                                                                                                                                                                                                                                                  SHA-512:51B21277A6EFF823E90D9BA6AC2CAB7932219014B80D1889507912703D12582CAA5016F21977125C65B21F3AABA0EB1DEC41ABAC654DFE70550520A8A8C3CB21
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........J9...6...9...9...9...9.......X...6...9.......9...'...B...K...6...9...9.......9...+...'...)...B...).......X...).......X...6...9.......9...'.......&...B...K...4...4...9.......X...9.......X...9.......X...6...9.......9...'...B...K...9...=...=...9...=...9...=...'...=...=...'...=...6...........B...K....ShowUi9wacore:mfw\packages\webadvisor\wa-amazon-upsell.html.UiTemplate.EventData.amazon_upsell_toast.UiType.toast_cohort`amazon_upsell_handler: amazon upsell requires toast_count, amazon_extension_status, and url.err.url.amazon_extension_status.toast_countEamazon_upsell_handler: amazon toast upsell is disabled, cohort: .amazon_extn_toast_cohort.GetOption.SettingsDB9amazon_upsell_handler: amazon upsell only for Chrome.info.log.ch.BrowserType.BrowserUtils.utils.core.Browser........$6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...3...6...9...9...B...9...'...'...)...B...6...9.......9...'...)...'.......B...K....upsell_amazon_toast.event_amazon_upsell.register.handlers.a

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4661
                                                                                                                                                                                                                                                  Entropy (8bit):5.817994241035366
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:XE0GptOJE462KfH+ge9YYdWkHm18LbWQY6guNx6gk:Uf8Ej/+gKPWkq8XPYduNx6D
                                                                                                                                                                                                                                                  MD5:FD3B335D806C8CAD98DDA121CEB7B977
                                                                                                                                                                                                                                                  SHA1:A4D7D3A76EF0FB23AB8480D06CD3EC8E5056B0A9
                                                                                                                                                                                                                                                  SHA-256:696A025E9730DE200A85127C3C2253E1AFE7D9F836291A22C66137EA5A968A0A
                                                                                                                                                                                                                                                  SHA-512:18E9BECC79A56B7DD2B9C8580F79EFDA28CBDE50FBF2662A60EBACF863FF869BC412345E960CEB804A96C7F6EDA2B66B01875A9072EB4C039025C36BFD3C57F6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........5...=...=...6...........B...K....ShowUi.EventData.UiType....UiType..web_view2_ui_templateJfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-checklist.html.EventData..UiTemplate5wacore:mfw\packages\webadvisor\wa-checklist.html.........5...=...6...........B...K....ShowUi.EventData....UiType.downloadWarningToast.web_view2_ui_templateHfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-dwtoast.html.EventData..UiTemplate3wacore:mfw\packages\webadvisor\wa-dwtoast.html........U6...9.......9...'...6...9...B...&...B...9.......X...9.......X...6...9.......9...'...B...K...4...6...9...9.......9...+...'...+...B.......X...'...=...X.).6...9...9.......9...+...'...+...B.......X...6...9...9.......9...+...'...+...B.......X...'...=...X...6...9...9.......9...+...'...+...B.......X...'...=...X...'...=...-...'...........B...K......checklist.showChecklist.showUpgradedUserWelcome *DisableUpgradedUserWelcome.showCryptoLearnWelcome.*DisableCryptoLearnWelcome.CryptojackingDisabled.showNewUserW

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\chrome_extension_push_handler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1682
                                                                                                                                                                                                                                                  Entropy (8bit):5.571913634634723
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6ICRoYslDAbfu+oqxMdiyUZXuUBRCziQGePQ6NNL9aN+j/bOJjI:+YkbfuhxdiHuUKtGaHy+j/bOJjI
                                                                                                                                                                                                                                                  MD5:E5766C1FD44D8EE493D5202B0A9E93F2
                                                                                                                                                                                                                                                  SHA1:507FDC8FB49CC2AEFA89F1239BCF688B00AE936C
                                                                                                                                                                                                                                                  SHA-256:ECD2F3584E6E28DF0ACB3A8996FFF3CC8E02732A38104B1FABC8E3D4504FD6D8
                                                                                                                                                                                                                                                  SHA-512:6F9E9E86067F257DB424CCA0E9BD84780AECB0DA37F20447C00DAF80D18288245AD37C88B0906CD5E449069D944B64CEE6AE9C49D8F46A3089B7A6A585CDA8B5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ........&...6...9.......9...'...B...6...9...9...9...9...9.......X...6...9.......9...'...B...6.......9...'...'...B.......X...6...9.......9...'...B...K...6...9...9.......9...+...'...+...B.......X...6...9.......9...'...B...K...6...9...9...9...9...9.......X...6...9.......9...'...6...9...B...'...&...B...K...6.......9...9...6...9...9...9...B...6...9...9...9...9.......X...6...9...9...9...9.......X...6...9.......9...'...6.......B...'...&...B...K...5. .9...=...6...9.!.....9.".....B...6.......9...'.#.....B.......X...6...9.......9...'.$.B...K...6...9.......9...'.%.B...K...!chrome_ext_push_handler: endRchrome_ext_push_handler: Failed to trigger LogicMsg browser start on browser.OnBrowserStart.encode.json....Reason.browser_launch.IsExtPushTriggered..Browser.., no need to engage1chrome_ext_push_handler: extension state is .ext_no_entry.ext_enabled.ExtensionState.ch_wa_ext_id.get_extension_state.browserSettings. is not supported.tostring&chrome_ext_push_handler: browser .ch<chrome_ext_push_handle

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\cryptojack-icon.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 170 x 167, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5286
                                                                                                                                                                                                                                                  Entropy (8bit):7.918352410896778
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:VadOXrG7NapBuqn5EVYrylb7le57jdIt5X/pu660z4GKbAkhYaPQGflW1:B7smri6ryhGGX/JNzoAkhjYGfe
                                                                                                                                                                                                                                                  MD5:992B99090456FAE196C91BFCA1630D5B
                                                                                                                                                                                                                                                  SHA1:5079D7427DB7384162CFD4917A87D1B9C3235A55
                                                                                                                                                                                                                                                  SHA-256:F86960D443E848E83A2BA3B27B68EE488623A6E6E80E74594E69802FC472AC8C
                                                                                                                                                                                                                                                  SHA-512:80A8DACF479B444979889F0D9B5DDE429AA794D8D7E1430B4555571513FB3FB5F6F950B2FD989A7DF9B4EBAB7ADE271B5C8A635C4B247FD9D3D97EA96FEA0AFF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR................\....pHYs...%...%.IR$.....sRGB.........gAMA......a....;IDATx..{.T....{.a......GO6...*E..`.n!<$+L$.ML...X1.qe..V........M\.2C.v.'....uf...$.Vx..0.. P............}o?.....3}ow&...;...HA.ljYLzj..:Q.........(."I.LOj........Q4q..)-2....\..>_.^."K.|.f))H..F.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF.XTF...'.V5..b.G...4.Qv.a._..21...4...=...g...WD.....\.......d;.....6......D..N$2........3J..2J..2J..2J..2J..2J..D.r.t.-T*..n..OS.......C. .....r*..^5...E...n..%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%`Q.%.[..fc.....:.g.0..Su.%^...kkg'.Z]K[...).?H...N|z...[..v.z..........x.>|8UVV\y.....X..xf..g.....5v.r..?_@..K..N.(g..?....o...cFSuu.F...kcE..V.....o.LRY..9j<...i.>...>S=.n.i.x.....k.......VB#.ow.b.X[...^.3..w'.#......P....}.....<.T.F.b./U;.n.{B.8.v..t....rA.W.....[......h..5T...<U.Pg.Pk..5.~v...J'.B.5;.ijv..vB.Q.?.-.3u...R.S..kj!].....H.T..o<Pr..PE.eO=).H.I5 l{..I7.d../V....N.Q.P..E...u..E

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\ext_install_handler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1239
                                                                                                                                                                                                                                                  Entropy (8bit):5.772003971685495
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6uhfXWnvmJJdPObNlpwgMT9CFbzxX0TA5js2X+0XrB2T:dhfXguTdPCFM4bPjNxXrMT
                                                                                                                                                                                                                                                  MD5:68179B44FCA2D4E28A150AAA035C55F6
                                                                                                                                                                                                                                                  SHA1:3FDAACAF09F869EE78C8B8FC98AB4E1C6DFB1F61
                                                                                                                                                                                                                                                  SHA-256:11E9E1FB984B24FC1191FE78F42BA82A0679EA6CE850B2457EDFE94503FBB38C
                                                                                                                                                                                                                                                  SHA-512:EA6048A3BF9B3DD1A277184C1EB4AD697CA97F70AF680E8224FE315CBDD61008D89AB0FC9C31629D63697527C93C865E561C45FD791B4FFB349EC356ACB447CA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........<5...=...'...4...'...=...9.......X...9...=...6...9.......9...'...6...9...B...&...B...X...'...=...9.......X...9...=...6...9.......9...'...6...9...B...&...B...X...'...=...9.......X...6...9.......9...'...9...&...B...9...=...6...........B...K....ShowUiEshow_ff_extension_install_toast: got implicit close event name: .implicit_close_event_nameRfile:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-ext-install-toast.htmlCshow_ff_extension_install_toast: got custom WebView2 template .web_view2_ui_template.web_view2_template=wacore:mfw\packages\webadvisor\wa-ext-install-toast.html.tostring=show_ff_extension_install_toast: got custom IE template .info.log.core.UiTemplate.template.extension_install_toast.UiType..EventData....UiTemplate..EventData.........$6...9.......X...6...4...=...6...9...9.......X...6...9...4...=...3...6...9...9...B...9...'...'...)...B...6...9.......9...'...)...'.......B...K...$Builtin_InstallFFExtentionToast*EVENT_SERVICE_InstallFFExtentionToast.register.handlers

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\facebook.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):407
                                                                                                                                                                                                                                                  Entropy (8bit):7.1407976551071055
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/74/6Ts/+smsfwZQlyCzDSkG+ZlfDN+y9X:x/6afkRChDZ1DEy9X
                                                                                                                                                                                                                                                  MD5:52488EF2BAA65366C96F39947B5CEC32
                                                                                                                                                                                                                                                  SHA1:580C1612E3D607EA8C3C83B03285ED6B5E5AFC23
                                                                                                                                                                                                                                                  SHA-256:C0E9102EF0C19E55052516B7B11F95E96A13A93A19DA66328DE5B66740CE4A4E
                                                                                                                                                                                                                                                  SHA-512:0D54D10933E441EB624CCE78C293162AF8150134199D7C2AA54554476CDB70983A3CC069B23D3C93D736612C80EF6C31CA1842EB72385FA4BE359A40F36A5B67
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....,IDATx..k.P..H.....;.P:..Z....[.QG.I\..]}L...... 8..........1W1\|../8.....|9.;.r.@>. ..(HZ.%'p.Y..;...[..r..m...Z..&.l^.....k-B...Pk...~?.....{.....b...f...}...ty..C..`...@<..,.]..R<u~.{@f=.w.<..x|.zsjq V.......I.KC<.}.....V{.l].Lg2..v..m!c....@g..-.>...@v ....L..l.y.>.)....."....%....P*........IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-noxup.gif

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 148 x 50
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1686
                                                                                                                                                                                                                                                  Entropy (8bit):7.777921392960299
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:I/sUg09pp/qKHlZpbkXt8K7n5bTh5lTdAiwy9QntZ9C:onJpp/qKXpbU2g5DlT+i9QnY
                                                                                                                                                                                                                                                  MD5:DFD80EC6F7EE421AEAF3F785922438EF
                                                                                                                                                                                                                                                  SHA1:DD3FCFB2BF921A6C67933093B1AE64CA23E1AF26
                                                                                                                                                                                                                                                  SHA-256:FF31AC8E9802988BE162D31CD350711F460E8AB292CC45950C202ECD1A8FEEAF
                                                                                                                                                                                                                                                  SHA-512:8391CD280487F73F7FDF5529BB6677696BC815DC99ADD5AA229EBE1B569B94C1D8C5370A86C0665F5F20CF918325B23338EAAE347FE441550C0758A687297C06
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:GIF89a..2......'.....-..&..,.."..,..(.....-..!..&..+..(..5..)..(..2..$.....!..2..&..*..+..1..&..... ..%..0..6..*..&..+..0..-..:..5..+..0..2..-..5..5..;..@..6..7..=..?.#<..>..E. C. >.#@..<.'H.$E./K..N.*S.,J.6I.,O.1K.+@.+N.1N.)W.4W.>J.9R.;P.6W.=Q.:V.DW.A[.GW.>].HS.E^.J].Bc.EX.Mh.Nc.J[.Re.Pg.Mg.If.Pb.[h.Ls.Mm.^o.^u.]p.gt.dt.jy.g}.qz.u|.{{..~.x..{........{.............................................................................................................................................................................................................................................................................................................................................................................................................!.......,......2........H. 7Z[<DX......#J.H....3j...a...B..)O.?~.....J..........8s.....@..MP...HM..._.. 4x....X.j.:..Q."..S........a.*.p..I.(.....O^...6..Pu...}............A...3kF.x.g.'..........`.....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 27 x 50
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):369
                                                                                                                                                                                                                                                  Entropy (8bit):7.019028949718389
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:aPd7Wm9a7S6xP+rDzujMhsACN1brSF+dmz0fmBDbf92buPamIPW19mW:aPd7Wm9a7zGDu91Ppdmzka/f8bQasX
                                                                                                                                                                                                                                                  MD5:3D32D5CBF24BDCC2C74E876AAD4C19A0
                                                                                                                                                                                                                                                  SHA1:E4F405F07DC0D870A2CF4E5EEF48C91393676290
                                                                                                                                                                                                                                                  SHA-256:7456A5B53B0E7BAD980926BA86EF437ABB19F5C2D397031C83B27198DEA3C5D0
                                                                                                                                                                                                                                                  SHA-512:DB97E6E8E062B75FE46D49558BDA19674AA574476F85458A22A536FD07384618524007342098E5FA095532A2D8CFC2612CAD0AD77AC406E5C12029E48F112830
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:GIF89a..2....................................................................................................!.......,......2.....".di.Y..l.bp,.tm.x..W...`.B,...r.l:...tJ.Z.X,e..z..xL....tZ.n..pxdN.....^.........................................'..#..................................................................................................&.....#J.H....C..;

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:GIF image data, version 89a, 2 x 70
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):361
                                                                                                                                                                                                                                                  Entropy (8bit):6.510176350874939
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:DvjkRhk/NruDE9Q0QVlMjlFGCyzVwFECgVp/R5i9pNoj3f31XoB/fNfkc/:zjkRiFrFQ0QELV8VwFELjZ5ii3f3No1z
                                                                                                                                                                                                                                                  MD5:2D1CCF8BB4F2013151F9BEC12542D9A5
                                                                                                                                                                                                                                                  SHA1:9AFEE504C285A2FD7B09BA3AA745B3CD4AEA3ECE
                                                                                                                                                                                                                                                  SHA-256:8CE5E1DE817FCEF6618DC2279753936423A975ECBA3C28732FE0CF0DAA52E1D3
                                                                                                                                                                                                                                                  SHA-512:C640B6921D144E76417CCB433CD7B0359FCB8298E546454AA31067FF70D4356DB86A223C83E70F2C43F46420CC4D6554834D3998150DD2D6257F65F8F7708942
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:GIF89a..F..2...$..$..$..$..%..%..%..%..&..&..&..&..&..&..'..'..'..'..'. (. (.!(.!(.&&."(."(."(.#).#).''.$).%).%).%*.%*.&*.'*.)).'*.'*.(+.(+.)+.**.)+.*+.*,.++.+,.+,..........................................!..Created with GIMP.!.....?.,......F...q...).V..+...0....XX.j.J.P...d2.H..H$..@...C.p8..F..`.........................................................A.;

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1059
                                                                                                                                                                                                                                                  Entropy (8bit):5.249212112534314
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:xmp5UoZR3xQiD3RJMZcUhiLKyFc43bZApRmWo0p+oh:xmp5UoZJxBTM3Q3SDf1o0pL
                                                                                                                                                                                                                                                  MD5:AE88695F4ADDD20D33EA6AACBB7F1D25
                                                                                                                                                                                                                                                  SHA1:8DC007E69E01A3D1BBD2153733104811D5140886
                                                                                                                                                                                                                                                  SHA-256:A2B29F3671BEBA78918FB3CC82ADB90DBE501BECF1B4495359032B10E06DD3FD
                                                                                                                                                                                                                                                  SHA-512:DEC7230018A67EFF845138EFB68700034A003A4402AD72757E1C97784F108EB0D1FFD3896E7B262318444E75B2D90C87644E69EFA1CC76CE5D595155A332BB7F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}.....balloon-chevron {.. height: 20px;.. width: 20px;.. border-top: 2px solid #E6E9F0;.. border-left: 2px solid #E6E9F0;.. position: relative;.. top: 10px;.. transform: rotate(45deg);.. background-color: white;.. z-index: -100;..}.....chevron--centered {.. margin: 0 auto;..}.....chevron--right {.. left: 337px;..}.......balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//0D423BC8330C17B5B4E4C044594DC91C3192F1BEC8579C99ABEF24DC5D02DB03B0A7FFD

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1585
                                                                                                                                                                                                                                                  Entropy (8bit):5.2846423292021445
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:LswDjYlGNVMr7xnVMr7EVMr7VMr/VMrlpVMCrNM/QogXORMeu2J68WF:oOjmxuneCKCEQxymF
                                                                                                                                                                                                                                                  MD5:ABF7554B9F2E6199B3DF205DD0BB1084
                                                                                                                                                                                                                                                  SHA1:795F0DCFDB12CD34411F0F24E165D7109B976E15
                                                                                                                                                                                                                                                  SHA-256:854F591ACDACB13376410E99F5D9245BAC0FE293D15DC03982919C3F2C51B979
                                                                                                                                                                                                                                                  SHA-512:046ED98143B13CCF173EA5DBA1650C63A4EA23BDB98F1C562B0CA5218E18C1F2AAABCFC1E055DC7F743A8461156D8BF770D1045532A0A52043A095FAD149CB62
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\new-tab-overlay.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\new-tab-overlay.js"></script>..</head>....<body oncontextmenu="return false" on

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-overlay.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4111
                                                                                                                                                                                                                                                  Entropy (8bit):5.083124051310355
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:T0AmdonK4uoOPV1PixEeB0NufP9SdaQbXkTJsR:AATK4bs/jeCQS9bXt
                                                                                                                                                                                                                                                  MD5:473EE8868F2C6C123846FEDDEA5D8220
                                                                                                                                                                                                                                                  SHA1:3E4FF22A368CC8A7191615C1EC7A98FF30A4336E
                                                                                                                                                                                                                                                  SHA-256:90B448842B7527F46D92D7F359957DB5DCDFE4F0600AC864D950BCBE8560A339
                                                                                                                                                                                                                                                  SHA-512:7ADAD4C83DAC4DB3F7CB10163EF5A8A41DD66840BC7F90D02C175924A40A7394C36C594507B68267BACBE975868E3BC7D8BD058BA4CADC93548BE6C0760C7BAD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $(".balloon-chevron"),.. },.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.. var overlayType = Number(settings["overlay_type"]);.. var extensionType = Number(settings["extension_type"]);.. .. // Polyfill of isNaN for IE version < 12;.. Number.isNaN = Number.isNaN || function isNaN(input) {.. return typeof input === "number" && input !== input;.. };.... // Validate toastCount is valid;.. if (Number.isNaN(overlayType) || Number.isNaN(extensionType)) {.. _window.clo

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1660
                                                                                                                                                                                                                                                  Entropy (8bit):5.235995809978379
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:xmp5UoZJxwqqZlmlXMwWlYAlCiIpcDFru:xArxzqvmfWlYAlcGDw
                                                                                                                                                                                                                                                  MD5:FB8EF52C258FC344B95AA5BFDD8AA77E
                                                                                                                                                                                                                                                  SHA1:7A64338DE9C5891A0C43FEEE277E318338495F6A
                                                                                                                                                                                                                                                  SHA-256:C2613A3876EB168728CD4FF9933EEB0FC6D079B265A5A2C83A1CBF535261BB50
                                                                                                                                                                                                                                                  SHA-512:39FEAF64C8764A02659261F6AC21E0CB1A3F05F733B1721924FDDFE705ADCA7F536595A9402CA4E48C800CD68DCB11BF5E2DA76F4930D7E48A5A8F1A01D19FB9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;.. height: 255px;.. width: 505px;.. border: 2px solid #E6E9F0;.. border-radius: 24px;..}.....balloon__card {.. background-color: #FFF;.. height: 100%;..}.....card__content {.. height: 100%;.. padding: 24px 20px 24px 24px;;.. ..}.....content__images #wa-logo {.. height: 17px;.. position: relative;.. margin-bottom: 10px;..}.....content__text {.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. padding-left: 24px;..}.....content__text > h1 {.. font-weight: bold;..font-size: 24px;..line-height: 32px;..margin-bottom: 16px;..}.......card__image {.. float: left;.. height: 100%;.. margin-right: 24px;..}.....ca

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2027
                                                                                                                                                                                                                                                  Entropy (8bit):5.174314651406783
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:LswDjYlGNVMr7w9VMr7EVMr7VMr/VMrlWWrVMCrAedmsQ26qK/OFhItaIwV/qIPN:oOjIxneC4WCCFy26qAqIMImqIuNZEH
                                                                                                                                                                                                                                                  MD5:C61D30E433E043A81964C66234189A36
                                                                                                                                                                                                                                                  SHA1:A4A60D150AF521EBB07AB860A377D9188618448B
                                                                                                                                                                                                                                                  SHA-256:05B8A62D01E2582B7FC61F06C7C5861231BEC9EB60343627053E973F091E1063
                                                                                                                                                                                                                                                  SHA-512:1313BDFD44F075966364FB32102C9690C2DE8FDCC8E3218FAE1C6199E50254B8D863ECB278149279DC045E280B97DB3E9F0DF91BEDD169E42CF7CB8A2145C11E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\new-tab-toasts.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\new-tab-res-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\new-tab-toasts.js"></script>..</head>....<body oncontextmenu="return false" o

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new-tab-toasts.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3498
                                                                                                                                                                                                                                                  Entropy (8bit):5.173544369475828
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:m5Y7fVMKxAX955IGIyy8CJ/Z1gu0VKz1hauWSvAM0w4SVzz2eE/NXkN1n:n3AXKffHguIKz1hauWSL0WVf2bXkN1
                                                                                                                                                                                                                                                  MD5:A79B65FF309360695882F58E59B1041D
                                                                                                                                                                                                                                                  SHA1:7041D648B9476BAE73A68C6AD64855DC40B970B9
                                                                                                                                                                                                                                                  SHA-256:C2FF635BC8A1240BC781F33B05053CCDEFF3E31861107E23B47B1FA2BB577510
                                                                                                                                                                                                                                                  SHA-512:BF9BB26100EC477D0992F4E8AEA7FF11BC79D0128F9F26F7303EB81891F936A683C2224289022431C47C4233A93CB7BD959894B28289C62087130629BFB940C7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. };.... show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("overlay_data"));.. init(payload);.... _window.show();.. });.. },.... init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.NEW_TAB_TOAST).get;.. var toastCount = Number(payload["toast_count"]);.... // Polyfill of isNaN for

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\new_tab_main_logo.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 155 x 252, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9836
                                                                                                                                                                                                                                                  Entropy (8bit):7.914414293589123
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:4SzlM0MAc3Z+8WM/h/Cl3oKSo5i1TL999zhgwfnt1ztUOTGgz7dEM:/zYcc/Cl3nSoIxL9XuwVhtUOTGy7dN
                                                                                                                                                                                                                                                  MD5:89FC18BBBA9A69CFEEBFB5ACC4E9089C
                                                                                                                                                                                                                                                  SHA1:1FC704BA2ED65674BC9DD7B7D882D8F588C1F898
                                                                                                                                                                                                                                                  SHA-256:DDC5EB8EEBD2874C5774A4266EBF0A064FCFBF94A34686839B3FDF7E73235F62
                                                                                                                                                                                                                                                  SHA-512:12099A1DA49A4AEA5A5BEA2E41C94E8151743191B48AD6B0F099B43A3532FA57ED7D335C9A2748BAC7F43C11212C04CA63D42E38B0D278C20A3A0D2DBB49A632
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............`..n....pHYs.................sRGB.........gAMA......a...&.IDATx..Y...y..........")..J",J.ER..(mh......a....~X.F...v..z..#|...."%..D..i.4...%..@..qc....g.3.*.2....{.s03.lTu.=S...jr..9..b.. .!Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1Pl.1R.....Jp...{.S....c0.~.V.(.ef..4<.....k'l...y.v....jDG..=G.Y...~.7.........|........m..+4.........`..b[&..#4.7..YX.........Z....m.8v.| ......J..f...'.."..J.lX.0....?z....n'..}...dPl]...S.....`%.n..p+.).........../o.l*d.;...>4...._.".tPl]D....3{...<.....eVA...f......{.C..Z.nO?.*.tPl]......F.....IB\^|.......n%Pl].$4n.U.lb...,

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\overlay_ui_handler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8509
                                                                                                                                                                                                                                                  Entropy (8bit):5.661293428262151
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:NLDvJHOV9mMOoxNkya6eQ4fV356VPUbkOtxO:NLDvJHs9LWB6eTUVMbO
                                                                                                                                                                                                                                                  MD5:98EBCF3476AB4A6BD3073B2CA58248A5
                                                                                                                                                                                                                                                  SHA1:96D26050B42BCB8ED858EF5A039E8A0350C0FAC4
                                                                                                                                                                                                                                                  SHA-256:D2DFEE520D072EEF92D196CE3BF49EC3F7F19EC915949AE38449A13CA694116D
                                                                                                                                                                                                                                                  SHA-512:2242B693060CBA1969F6105D7468CB55FF9D5989E081A12012D71022489C1A6D22E73F290483CDC0A2330604F4E354CB76977AE0C0C2AD98D38D02D50FA0A9E5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........-...8.......X...6...9.......9...'.......&...B...+...+...J...6...9...9.......9...............&.......B...+.......J......GetOption.SettingsDB.utils3overlay_ui_handler: Not a valid browser type: .err.log.core........66...9...9...9...9.......X...6...9.......9...'...B...+...L...6.......9...B.......9...B.......X...6...9.......9...'...B...+...L...6...9...9.......9...+...'...)...B.......X...6...9.......9...'...B...+...L...+.......J...Doverlay_ui_handler: edge onboarding from process start disabled.edge_onboarding_option.GetOption.SettingsDB,overlay_ui_handler: Locale is not en_us.en_us.lower.GetLocale.utility,overlay_ui_handler: Browser is not edge.info.log.edge.BrowserType.BrowserUtils.utils.core.t.......6...9.......9...'...B...1...K.....Apackages.builtin.on_search_ext_warning_coachmark_exit called.info.log.core........P9.......X...9.......X...6...9.......9...'...6...9...B...'...6...9...B...&...B...+...L...-.......X...6...9.......9...'...B...+...L...6...9...9...9...B.......X...6

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\securesearchhandler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5962
                                                                                                                                                                                                                                                  Entropy (8bit):5.806694956330883
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Nr9fZOY+cM0cyS6fJ8YfrmJ/zAbWIYCx7B3it0BZkJzg9g/0pRu0heDBoQSQPJdQ:t9fX+VmS6zfrIIYCx70cZkJ09g/oxhew
                                                                                                                                                                                                                                                  MD5:402C57B5A5B5E7DBABF63513B218D74C
                                                                                                                                                                                                                                                  SHA1:AD550C41A36203F82734F5BA9D43521FD437AE64
                                                                                                                                                                                                                                                  SHA-256:7003380895DB75B85AB96EC37E4DDB8D458C8A714F0D794D88C616D79E3AACF0
                                                                                                                                                                                                                                                  SHA-512:AD7DE3917D1B1FF9D8065D7F57B2807B03037C30F2A0478198D01E35E009270C2FB0AC9C09F5A22AC71CF6491D7AE6A5D1BE321FB2154714BB8DAB484E3C89D6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........!6...9.......9...'...6.......B...&...B...6...-...B...H.......X...-...+...<...6...9.......9...'...6.......B...'...&...B...F...R...K...... removed=packages.builtin.updateSSToastStatus: toast for browser .pairs.tostring6packages.builtin.updateSSToastStatus called with .info.log.core-.......5...8...L......._ie._ff._ch._msb._edge.........5...8...L......2Global\{8DB68CEC-1C6B-46B8-8808-90838C14CA3F}2Global\{F84F0E05-209D-427A-A977-A5AEAA90EEBA}2Global\{64C7DD73-FBD5-4B1B-8A82-B49950F36A97}.........5...=...=...6...9.......9.......B...6.......9...'.......B.......X...6...9.......9...'...6.......B...&...B...K....tostring:Failed to trigger LogicMsg browser start on browser: .err.log.OnBrowserStart.TriggerLogicEvent.utility.encode.json.core.Reason.Browser....Browser..Reason.........H-.......B.......X...6...9.......9...'...B...K...'.......&...6...9...9.......9...+.......)...B.......6...9...9.......9...+...........B...'.......&.......X...6...9...9.......9...+.......)...B...X...6...9...9

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-close.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):379
                                                                                                                                                                                                                                                  Entropy (8bit):7.24199845007647
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPW/E8kQoywGZy2QuloYCnWnXmYFOwrMFOfzs9fOPrmi/MsTjWnDU4p:6v/7uMpQoji+YCnWn2lwAAfz/jmiU8SP
                                                                                                                                                                                                                                                  MD5:0D006D29C298D5D75780C5514DFD7E02
                                                                                                                                                                                                                                                  SHA1:47231ADF89D53E452EEBA1A7A4F6F51697B93C4D
                                                                                                                                                                                                                                                  SHA-256:CC72D82ECF19CB08D92F5EA6A612A12FD54B86D8E6AD1019D3516CAC0E90353A
                                                                                                                                                                                                                                                  SHA-512:B35A08D6FB781DFEEAE99CA78F70C85517DCEC702E59A920967AD146C38B06442C95FDE021EEBB47901CA9D8B4B3DE3E2192DCA910C68497D5D4F5E721B5F35A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............V.W....gAMA......a....2IDAT8....N.A..GLL.....U.....Di.....k.m.S.<..`.&.....M.u.c.......~.........N....\.x....|.....z.X.......)(..?vDzF...q.h.B..r..S.....j.=.`@8.A....F...g...._ .E..*!.Z...aV.IL...z...?. r...q..j-..0{r3Y..M...m.)....Z..^....$|..... n&.....RB.1...v..~.#..t....4..k...E.........~M...S..>.S..&6t..oB.Y......C.Q....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon-selected.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):366
                                                                                                                                                                                                                                                  Entropy (8bit):7.181473502943194
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPUyCfW1DINGm00Q6GhmVMWW5tDGMYmw3H0zPsXFdCkhY1+8EtWmTp:6v/7yfW1i700sMVI5tDGMX0VdCWY9EZ9
                                                                                                                                                                                                                                                  MD5:808F5E9FF7B694D5926CE6CFFA336085
                                                                                                                                                                                                                                                  SHA1:58C5D8F14FEA91E715F8B3CB9B84421FBE99317A
                                                                                                                                                                                                                                                  SHA-256:5331E5CCC4E6F8082F7AAC9492FC3DF5CB810087E6F0CB71D99B1582E233A61D
                                                                                                                                                                                                                                                  SHA-512:E2DC4A40D8BD68D7DD31A002F480F3D0C5ED7433D0CB6F966EA11D437FD38A2B12C3F9CFC057DA9118E05BA5E81C1BC0896C5844D78F256084AC81554FC89A82
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................gAMA......a....%IDAT8...AN.0.E..`i....+.-.....(..E9GO.[..._e....P!.....x<v.4...m.<v,c._...?.....*.p..p.7...d..-T.....B..p.G...m=a..Y3.qm.B..m.WWq.p.Q.C..^.w......&bd....^G..W...TMM.....R...~])...]$.#.jA.Qq..<o.....*..-.M.-.j.k.8..>..b.....w.-.Q..|(.&~..M..Y.>..=.:..Y..n.....S.&....)s.c.T...v0.%..!.Y...J%....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):617
                                                                                                                                                                                                                                                  Entropy (8bit):7.536368903712138
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7y8A6KCbdR+rqKuKRLIRBG9EtiJjt+KxqMK:R6JrXe+BGkiJ4z
                                                                                                                                                                                                                                                  MD5:112768C9A06EA1AC8783E7EB786450C3
                                                                                                                                                                                                                                                  SHA1:15312DD4FD8F87FD23725531726261CFD73888C9
                                                                                                                                                                                                                                                  SHA-256:3AA7CF0C447D88B8CE2C2FC0B50E80E49851217D0CB3BB7D4E38FC22209DEE03
                                                                                                                                                                                                                                                  SHA-512:87E13AA38498C7E76EA9B017A893CCEF4819FBC13EB387C8A4946C721EAB176A44A5F3B181FD23AC2D16943D12B452EB8462FE7A57F6572EB047F3876BD2CFEE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.....................gAMA......a.... IDAT8..S1k.Q...K.H...p...TV...../'v...6V.U..PP.;q...H%.&V6...!.i...;~.[&..q.,taw.....f.........z.G....j.Z..Gg.dg..F.l.I.oX..H2.t.\T+...A+....vD.\...6X.....\.R.-.v.{..>....|jb....@7C..Q l.]....A.47.....O.X........$C......p.*_.d&.......M..?m.!.,.C.a......../.8...@n8gw.....@7..1.X.p=......._67.V...a.)...V&....a..R^.b..eN.Q.>?.j#4..A......_C+...A..H?....,o:.>........g...[._...d=\..^:.~.?......A?.cN.,...B.q..M..h.7.I.pT.T.4[.o.o..*.\..m".. ....6.0jk1..../..o....J>..6...C.6l.q.)1..N...s.....^..Y6.p..7......,.....:...C..y....IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_off.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 48 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1523
                                                                                                                                                                                                                                                  Entropy (8bit):7.849513030462221
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:4V7JCN3mFRJOJsHKyzBNqS+s6snN326HGGeV6CouULfX7GBo6Bqy4XoRE8ndBAQe:507Zzas6s9lH06EUSBnBqy3dBAPl3
                                                                                                                                                                                                                                                  MD5:0A57D1C2AF64AE52DF0CC5AE10897E72
                                                                                                                                                                                                                                                  SHA1:923C6AEEA726F5BDAE43F4837C7FFFFE34E90B90
                                                                                                                                                                                                                                                  SHA-256:541865D3715C481C1C111ADF0729928E0F6DE4A6B8E1687BB2DA2D26166E8C57
                                                                                                                                                                                                                                                  SHA-512:2466E5EC410C6A9484A792B5F431FE3A527A04C01127CF11DFA6AB2ED49860FA052DC84C8AB61441359E03E2DF62341CD7E05F3CD94612AABE1E37564521CD38
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...0.........j.......gAMA......a.....IDATX..X[lTU....;.N...R(}D.-..CA.1.T[.`L4..5~k...*.|..~.eI0..DA..H../..6..VZ.J....:}..{.......bO.....Z..}.>C.P....F@..Zi:z.X..v.!.-.*'.*d..=.%i...m.d.}.d_].E'..}.J..t....c.......7M.T-.$vF.. ....U.....M..2..}..$.P}.....:....[9|..KBx>7.=l2..<ZS.O..fQ0.M'..iht..........".zV...xB....-.8..P&.....s.B.8..+..ris.......s~.M.......{.<^.M....a%a.<...5.}*......y.|.g.OW.QmU..qu...E....$T....."...e9. >j:.*';.=...7>YJ..+\.NU..z....x...k.dB...!'.]....P.......$.....A.[...i...[....M.|#......K~.|...H.;.@ei!m.. .gd......QLz..S.../..'....^mr.......(..|.`.sf!7...E...M....x<C.t2..:e.n^.D...SiqA&.......a...?.i.....D....}.q#....p...I...nl\...|j..s.s.w").a..Wm...$x.A......8.)......_.i..a...q..$!gb...U$.%...o..X.O....D./.....4.[X..yG]../..:..d.%....................-.g>_....h.$.%b...l.....|7\..>.j....[_6'aSs.:n.'...l.|.z.k..h....yu...TU.r;Yv;.F.b.38b..s..$...L.5.....r.9....)+.C....K......'g(.....P....,#..C..F..!

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_on.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 48 x 30, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1568
                                                                                                                                                                                                                                                  Entropy (8bit):7.855339992904692
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:URY+DGIp5LXcjQxWPQjWqIiU27j2NbCYv0WGYKmUjDeQuksU:Z+DfdXqQihAv/WGYBFQuksU
                                                                                                                                                                                                                                                  MD5:1CCDA19F6B165F0487EBB6C65E870492
                                                                                                                                                                                                                                                  SHA1:3CB6473AE58648F9E6365DDD44EB6A24529DD55B
                                                                                                                                                                                                                                                  SHA-256:8A3C7A2285AF72210C4CEDEB87701596B05C96A435E200A1BC3F0FE1947DB566
                                                                                                                                                                                                                                                  SHA-512:D681758B205597B043FFF6F8BE779B5D05E37708FBCC9C08C88DA963B2B4681C33BB3E3B5912E8DF0CAB819A89D520BF1D21DE1C7B7499B5738AB0D557329C57
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...0.........j.......gAMA......a.....IDATX..X]l.U.~.um.....l..!.i"..8...J.@....+.....41A\.K.B....;.:T.1(.B......(l.u.l.m]...k}.....n.vr.....<.{.s.{..[.(..........w#.z.....F..)8...T.pL"V.e....g]...C<.....K..eq...0.o..S.g..T.E\.I.3%.....Mh1i.3...O......fG..Ez.J.....g.t.6...O.H..J.W...;..P........?...,.......H.......$..V$W....B7Sn}..e-.'i..=.....k....3::.....8.p%...6.g)1OT,.L..W.84.....u...7v....!$E.-....j%L....C.T.....&.-~N.b.wZk.y.......:3.W....s...w...1....a."..Z...n..1!........J&/x...b@.=..}.U..rTF.a.....N...A761?q=..~ZID./..Q8.s8....U.m%......3.x....D....2.7V..C.....}..Mj..y....\e..`1.`...Y..i.*I6....o....5..?.kzz.dN.*.......9.........8,o.%...5T..o..cH...j,o...5.Bz.;......<....x.x.._nq...<.{V..o!..!.....S....tx.\.U............u$j.>.....4.....H....F.,..b.Z...R]2}WP.,1L...m.........W.....R)..a..Nl%..s&....9S....F..:q.`..1....b......j%..S..<v\J..]..5z>?=65.Qf)....hd..rx..QtS...pR....r>..G.J.Qj..]Yn........L......L<*..T..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\toast_impact_close.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):245
                                                                                                                                                                                                                                                  Entropy (8bit):6.356933018581735
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPe/6TsR/h2Ogt2PfVuymklNXULhg+/qp:6v/7m/6Ts/NutyJlNn
                                                                                                                                                                                                                                                  MD5:BE47EB430418C03DF89E2CA140BC1325
                                                                                                                                                                                                                                                  SHA1:A099F0ED4114F8476D6558BAA30E3DDFDF0512C7
                                                                                                                                                                                                                                                  SHA-256:F651001BDF0AD41D9BFB7D5942F136CE75ECCEF744752EE72934980B8ECFFA4F
                                                                                                                                                                                                                                                  SHA-512:AD150D115D35F1F796BB0E24C61FFAF72401FE2857A0A4475A2CB7E36325A5130CAAC1F167628E26C7AB6D053B7A3757D57EA3A07C71FC14FC848CFD2771232E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR................a....pHYs.................sRGB.........gAMA......a.....IDATx..S...0...$..F....J&.i..X.b...w.|.pXJi*.N.|..-.."s.Y.`...MX...._.6.mU..aD.0FY*.T.O.....@C.o....&A...Y..C.Z..G...D..5:....9...s..............IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\twitter.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):473
                                                                                                                                                                                                                                                  Entropy (8bit):7.236375221337779
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/74/6Ts/fWEpw+mmdlVkAV7AnpSvLkXfwtelX8EFQgdPjSTFN:x/6MWNmXVfV7opSYp8eZPev
                                                                                                                                                                                                                                                  MD5:640A9A68216D3ACE0A04C70F745760F9
                                                                                                                                                                                                                                                  SHA1:DEF457CF4CC59B638CB4C988652925CBBD7A972D
                                                                                                                                                                                                                                                  SHA-256:40171CFFE5FB5BBFDA44569BBF7BBCB3848ECEF6A975CCC237F475B3141CCF4D
                                                                                                                                                                                                                                                  SHA-512:A1CFC930207C1F468D423F072CB80CE6D6BC2FE6E8ED54A8A21386445882E9A922BE55AE627330E7810EA3BEF6108F06B4A2E0A3E62EDC659E1992046FD9D8C8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............w=.....pHYs.................sRGB.........gAMA......a....nIDATx..J.P....&........8...... .=|.}...y.....A.X.5.N.P.&1.{.X...B&...$7....O.c.,x..D1x.@q..P0..a...:.Zb..%.........%y..Gp.X.9...ze.$p.UQ]..~u*Nt6,....3YX..F...2.....O6..]...]+#r...`[TzyP......c......Py.... ..j).......5uD.c*......?..1.;..3.x..P.gA..3..=.M...ns3...C.U.L....VO(.............tq....WJh-.o....0..y..0..-u%.+.g......Z@..V...-...P..{....I........IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\upsell_toast_handler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3856
                                                                                                                                                                                                                                                  Entropy (8bit):5.632480978270416
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:lV4Ubfff6DbxWUY8vIZOETrptTDWlL07vk/jn621GDmrQ+2L+CMqKZc9Ppqo7Kl+:lVvGHx5uXl00jS5V2KCM49cyp/Zuxo+E
                                                                                                                                                                                                                                                  MD5:CDB3D65FBD77FC0A7DEFB85A9598D925
                                                                                                                                                                                                                                                  SHA1:126FA51C81FB59B48B7CE3DE9680440431188010
                                                                                                                                                                                                                                                  SHA-256:0EC2D313D7F01C708C0F7AE628BDDB4AF0745C15C22A38B45BE85653A351B6AF
                                                                                                                                                                                                                                                  SHA-512:4226C28E3B5661916CE401F5804E1FE76E7820B0A5A79115208E433C7763DAA0C536634E37A86251C6022F2D03EA367251B33B4D6224C4274CA9E8038E3505C2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..X...........X.......X.......X.......X...+...X...+...L...+...L....new_tab.browser_launch..........D6.......9...B.......X...6...9.......9...'...B...+...L.......X.......X...6...9.......9...'...B...+...L...6...9...9.......9...+...'...)...B...6...9...9.......9...+...'...)...B.......X...6...9.......9...'.......'.......'...&...B...+...L...6...9.......9...'...B...+.......J...Hupsell_toast_handler campaign one: show campaign one - take_a_stand., do not show campaign* equal or greater than xml threshold 9upsell_toast_handler campaign one: client threshold .threshold_take_a_stand.tracker_take_a_stand.GetOption.SettingsDB.utilsdupsell_toast_handler campaign one: Only browser launch and new tab are allowed for campaign one.new_tab.browser_launch>upsell_toast_handler campaign one: User has WSS installed.info.log.core.is_suite_installed.utility......&...9.......X...6...9.......9...'...9...&...B...+...L...6...9...9.......9...+...'...)...B.......X.......X...6...9.......9...'...B...+...4...J...-...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell-logo.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 150 x 314, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):42124
                                                                                                                                                                                                                                                  Entropy (8bit):7.989049214597359
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:LJZubuFGvQ0hVNPAb14MPMrY0iJyMXbAjw15AIJgW/8QjzastNBmwQ:LJsbu0vQ0hje14M6iJy+sE15AegW/8c+
                                                                                                                                                                                                                                                  MD5:6F1B48189D2C835EC68CC9C30BA53360
                                                                                                                                                                                                                                                  SHA1:93D78939DA261C4D7CC06E8B8341D9B3D93CEEB3
                                                                                                                                                                                                                                                  SHA-256:29ACC284AD48147B1B5FC3F6F8E79F8D7481002E12B7D0B631DF91D9D22E5749
                                                                                                                                                                                                                                                  SHA-512:D47ADF288217FFC8AE2F6D9DE1A2FF5E240355EEF3E31F3B204C16A226ED7470D60021E23F155883A9F77275FD1712994565B58392694CEBDC4E28BE7F3AD1E3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.......:.............pHYs.................sRGB.........gAMA......a....!IDATx....e.U...}.My.%.F..b.fK.%..........H..@../$|.../...~.. 6.d06`.{U..{.......Y..g.....7..aKo....*......7?@.B)....|...w......}..X..Q......Ju{.k#x......sm...G.@...R...)./m().Q..mwM..'............w....z}.;Sk[Oj\;G........A+....X....g.U..}g%.?..z..U"..A....t.....F....i.4e..X...4..L..LZ.b.. _/J."..6.~.QJ.8EuB.."A~.....j......%VU.sF.i..;....m....|@3.vJT.6...R.S.[.I.m.....=..D.6?...h...]...^^.........X..[.Z.0..BT!<a....TQ.xr...2K.......D. ...m...).xf..<.D.#.J.K......qY.;f.h.U..yfZZ..J.p=...R@3.E/..8..U.:t..W}.4.g=-....4.G7'g.:.\....5J&\4..Ip.....Pk7.........l..f).*.G..yh.D...?~p.0..k5_0.UT..E.L\T.8q..\.>..Y.r...o.B..k.n...jV{....!...YH{U..Y't...b5.A...5..........9zZD$T../.F..Kue.....z......un.h..G..J.!$ru..2......0..n=........U.0.....Qu_.....M..7.@.4.v..3bQ..Q5..zB.}..0....^.L...V.!,.*...D.^.3..._j.....t.(PC6.... ..c.......M.P....H..A.x...........J.#

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1957
                                                                                                                                                                                                                                                  Entropy (8bit):5.208734343017381
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:xmp5UoZHx4Yli5FZSFIuMDWlYOlZiIpd3Rp:xANxhi5FUAWlYOl5Tn
                                                                                                                                                                                                                                                  MD5:BD38056590D01D49F997A7120F05D65F
                                                                                                                                                                                                                                                  SHA1:9796FA5A40B605914A1510C26304A94680437A37
                                                                                                                                                                                                                                                  SHA-256:CBC3F26DA52AC8BDD100B02282CD60CD108476819F69E456C1D510F092002182
                                                                                                                                                                                                                                                  SHA-512:03B3F3DB4358D52070D71A3DAC957E75F105589592F6F77A6B14E3B2D15B9F7E4A731674DF375E0B8004F97DECF78FA3ECB86A23DD9CADC35FC53CAB8E1C55CF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 16px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;.. .. width: 510px;.. border: 1px solid #ABB2C3;.. border-radius: 24px;..}.....balloon-I {.. height: 314px;..}.....balloon-II {.. height: 370px;..}.....balloon__card {.. background-color: #FFF;.. /* height: 314px; */..}.....balloon__card-I {.. height: 314px;..}.....balloon__card-II {.. height: 370px;..}.....card__content {.. height: 100%;.. padding: 16px 20px 24px 24px;..}.....content__text {.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 16px;.. line-height: 24px;.. padding-left: 24px;..}.....content__text > p:last-of-type {.. padding-top: 18px;..}.....content__text > h1 {.. font-weight: bold;.. font-size: 24px;.. line-height:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1974
                                                                                                                                                                                                                                                  Entropy (8bit):5.292418064990269
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:LswDjYyAGNVMr7OVMr7EVMr7VMr/VMrlygVMCrAedmI4O7P7K87DO6IrIw2/qIPL:oOjEJneCWCFf7P7d7DtIrINqIdmfMGC
                                                                                                                                                                                                                                                  MD5:AFC5C4BF6EE9B890F666CA81E9ADB918
                                                                                                                                                                                                                                                  SHA1:6C7414CAAAF0F60D30580A05146DE6D06E3178CC
                                                                                                                                                                                                                                                  SHA-256:A45E80D4E3A6C9A53C29D81A57BEDD939818FEA90036F2744D32FCC8D08579DC
                                                                                                                                                                                                                                                  SHA-512:0DF1A142F1C562B05966E7C55DDCD2369E9D41ADF4BBFBAB2E8FC8FE14883A57F7ECB5FE5BA1A55A19C2292253B708304587F4775FD13040369D0D13055DC5F8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-amazon-upsell.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-upsell-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-amazon-upsell.js"></script>..</head>....<body oncontextmenu="return fa

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-amazon-upsell.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5813
                                                                                                                                                                                                                                                  Entropy (8bit):4.8566147736196745
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:4G3AXPfTEzni3R4uISETACySbd0SE13z8acglmVnIJ+BHBbXks:4oAmMR4FfCSERz8k5IbXR
                                                                                                                                                                                                                                                  MD5:6FE7A5BBDB292E21CCF9987C837EB52B
                                                                                                                                                                                                                                                  SHA1:E8B630BD2D5AF019B5CF393AAF6B2AB3A2670F43
                                                                                                                                                                                                                                                  SHA-256:C7D5BEB5E6121270CBA1CFEEFF4D25778419BB405E2760A9E1D8367B0083D39E
                                                                                                                                                                                                                                                  SHA-512:4C1A1FC16FF51B6FCADE285DC57C897AD2B86CDCD9B877AFD04999CA5753068999BFF81F7EA3D078E0C83A388A102C69D80FF9E90F2744C9CCD58D37C88826E5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Amazon Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. contentText2: $("#content__text-description_2"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. footerLegal: $("#footer__legal"),.. };.... (show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("toast_data"));.. init(payload);.... _window.show();.. });.. }),.. (init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.UT

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1484
                                                                                                                                                                                                                                                  Entropy (8bit):5.247167898152739
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:xmp5UoZR3xQpxVYHhLcY39U0M+mtFl2zZRVchpKIjvVCfnvv/UQsUM3QiisA:xmp5UoZJxDHF3uBjFloZKY+YfnHcQe3o
                                                                                                                                                                                                                                                  MD5:CFD0651F1C8146B4DECF69C514221FA6
                                                                                                                                                                                                                                                  SHA1:CF49EFF69D1D676702ED360736DB884275EA7421
                                                                                                                                                                                                                                                  SHA-256:0D20CFABE63FB1ADFB88B7AF39846FEB46E38E92423D58113DD455398D26D0EF
                                                                                                                                                                                                                                                  SHA-512:2B6BE8A9F26649EA32F15966B8DCBC60D7BDFC1844E90688DDA76CEDF72E00B85BB1E8BA0FD02A579E44F396D6DEC4A9FA4BF1F3C8EAD734525F6A6DC31BC98C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}.....balloon__card {.. position: absolute;.. right: 55px;.. overflow: hidden;.. box-sizing: border-box;.. background-color: #FFF;.. border: 1px solid #E6E9F0;.. border-radius: 12px;.. height: 200px;.. width: 328px;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. padding: 16px;.. height: 100%;..}.....content__header #wa-logo {.. height: 13px;.. position: relative;.. top: 2px;..}.....content__header #close-icon {.. float: right;.. cursor: pointer;..}.....content__text {.. margin-top: 12px;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. color: #5A6175;..}...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1849
                                                                                                                                                                                                                                                  Entropy (8bit):5.246021501122015
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:+swDjYARGNVMr7xnVMr7EVMr7VMr/VMrlmVMCqAedml3+u4wXRM0cPh/m5:NOjXxuneCnCa63+Wxct0
                                                                                                                                                                                                                                                  MD5:BA6E3307F6474161D905B49A808E1643
                                                                                                                                                                                                                                                  SHA1:02985C4B755D0F9E50D904726654F262C96D87F3
                                                                                                                                                                                                                                                  SHA-256:8CFEEF41B4ACE006C12AB7B6564FBA1EDBA6ADCB5A22021DD2A0FA9D2AEFAFAD
                                                                                                                                                                                                                                                  SHA-512:3A15A75D308698934842F94F1B3D58B133004262EF6BAA147AAC1D225DA9360324E001D91100B1BA11626828C400BD9FCF026774FD233EBB3CCA2F5BA6B0EE2A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ch-store-overlay-ui.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ch-store-overlay-ui.js"></script>..</head>..<body oncontextmenu="r

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ch-store-overlay-ui.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3042
                                                                                                                                                                                                                                                  Entropy (8bit):5.134325068794321
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:h4D7pOAoHHxRUoV9PhPkD4OEbN4d0Bk/5LiMCH2qJoNugUoV9PhPkOOJOMaOfNXR:cMAo1V9PqREed0kMTJo5V9PKgMaGXlQO
                                                                                                                                                                                                                                                  MD5:A6978A2257A0405108B5FA83999FBEB9
                                                                                                                                                                                                                                                  SHA1:F3E4061D40C0662445F0D1BA05088090D81201AF
                                                                                                                                                                                                                                                  SHA-256:8C0D004BDB852052AC370CE5F8704FE6868FF88469DF7ECC1004E88DCFDFFA7E
                                                                                                                                                                                                                                                  SHA-512:1C595B5AC92E7C621404318E172CC43DCEF1C04CFBAAA0D6D4D35E06D19049FEF4781BA1D9D020EB63BA152B14CED5005F91CD9B7DE4EE669C6DD7BE3BA48C34
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. contentText1: $("#content__text-1"),.. contentText2: $("#content__text-2"),.. closeIcon: $("#close-icon"),.. },.... show = function () {.. init();.... _window.show();.... //Send Telemetry 3.0 for dialog balloon.. var browser_code = _instrument.getBrowserTypeCode();.. var screen_flow = browser_code == 'FF' ? 'firefox' : 'introduction';.. var hit_screen_id = browser_code == 'FF' ? '300.1.2.1-windows-onboarding-firefox-webpage' : '300.1.1.1-windows-onboarding-introduction-coachmark';.... var analyticsEvent = {.. _event_name: "wa_onboarding_balloon_impression",.. hit_label_8: screen_flow,.. hit_label_18: "Onboarding",.. hit_label_19: "Impression",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-risk.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 20 x 20, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):743
                                                                                                                                                                                                                                                  Entropy (8bit):6.485906014360001
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6v/7MRUwaBLht3zHOuVKg7/6Tnpb+R2pi5IDyc1RX25gbhbzS5/IEMS:kwaZht3zuKKC/6jptpAIeEoglbzegEMS
                                                                                                                                                                                                                                                  MD5:1ED7DBC29E984E621DB85633607A39EA
                                                                                                                                                                                                                                                  SHA1:77CF88D52CB9A32A8EE377E37DC2CA70EBC79143
                                                                                                                                                                                                                                                  SHA-256:C364887E094D6235A4FD5774D7CB5D9631A2983C8626998BAD8CA294BC446A19
                                                                                                                                                                                                                                                  SHA-512:57CB41F770F5586041F9FCD9E934FEF894301AE8DDF8EFC498E2743FAD006D5C0D4AEF7D2A2086A9D3E60FC08B02AD2505D02E95B039786555522015EC9C41FB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............W.?....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE............................................................................................................................tt....WW.ZZ....[[................................r....%tRNS....#BSR$.7}....~9.k.....l.y....z.....>....bKGD...-.....pHYs.................tIME......*..uk....IDAT..e...0.D%....;f.@ ......,`.r.]..J*.Z....jl.3..D...M..q.....(b.."I.6MD..=E...e;..{.<*..X."..$..}..r.el....-..z%..(.^#.f..H...07Up.S0u...a.8.r&#<.N......r9..H}..R4...R...]Y.).3...S.....U..TW..+.z.).3...(.....s..m.....5..3m8....&1@.....%tEXtdate:create.2022-02-18T19:30:12+00:00z.a....%tEXtdate:modify.2022-02-18T19:30:12+00:00........IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-status.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 18 x 18, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):285
                                                                                                                                                                                                                                                  Entropy (8bit):6.92410222781354
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6v/lhPW/ETnWvTVFX9ls1mDf0J7KzAvC7gnh+i25wp9M+S+N0XXnTp:6v/7uMTWrVFtW1mQJe7ib2uPSjX9
                                                                                                                                                                                                                                                  MD5:527825CC6A463D4D1A8E7019B4773D02
                                                                                                                                                                                                                                                  SHA1:C58CE479BCED1BA8B47339D6A9867E3D75A96672
                                                                                                                                                                                                                                                  SHA-256:87A2C49BEFA3F59750E91A1FCE86FB9AC9BA928A04D4ABE1A7BDFFB25883EC2C
                                                                                                                                                                                                                                                  SHA-512:38DFD2D59C8D8A9195BC9D45E45A71FAAA69AB3E7C4777F3A448C31A95D44AA3E97303EF3FABAF13B3BD4F7DA1BCC6269B8A6A668EC758E28EBADCE2F949D0DB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............V.W....gAMA......a.....IDAT8.....@.E.I@....V.AK..K..[.`..zQ<X...EP..&.a3D../..cg...a...o..v.38@.s.|4.....`.;....a.G....k.m".....w........&...`.{..C.2q]jx...l<)OC%4.....'../H.+!y..S].,A..J..stM.^.M[.....2....^...T.(J..7.?.....t.QL..r.........IEND.B`.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2224
                                                                                                                                                                                                                                                  Entropy (8bit):4.9541246398353875
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:csYzTlGNVMz7tVMz7EVMz7VMz/VMz8AVMzjVMzlpeVPhFj/TP3G+PxCQOR1F3Imq:3OTFMv26ITWWhF/ehQORD36pz
                                                                                                                                                                                                                                                  MD5:BABAD8554691BE8A63D9B4709EEB5934
                                                                                                                                                                                                                                                  SHA1:E74D107B5544B3CEBB75ED60C74B45B62EEAE9A9
                                                                                                                                                                                                                                                  SHA-256:10F4F0324BD1A6B0C42724221E9C1E6C0AC6AEF4FE98B2EA3E527E40E3F7CDA9
                                                                                                                                                                                                                                                  SHA-512:BA1420797B4BCB0CFE924D3EBCABFAD9D1ABCF69C5A952B046F0760770924C8FDD7240DAA255189D66D57CF64268021024A1F465787C683956D544FE26D456D5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-ui-dialog.js"></script>.. <script type="text/javascript" src="w

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-controller-checklist.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (339), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20241
                                                                                                                                                                                                                                                  Entropy (8bit):4.031550033483697
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:cD3PO1JLKGbm4Ny+e8yfR/ZfiuLeeY0WR9dZGei:Y3PO1JLxbm4NyljziuLa0wZGL
                                                                                                                                                                                                                                                  MD5:07E07A1EB472F8BB5AD0F36E99DC5969
                                                                                                                                                                                                                                                  SHA1:1A71EA9434F307F8EDAF16EB2F21FA6FF55FA983
                                                                                                                                                                                                                                                  SHA-256:4BDC420C4529841499DEA7FA4DD005E8A14721657F8AE9E4AD15124AB145429A
                                                                                                                                                                                                                                                  SHA-512:CF52673B370443D94D0182C70F38A8753D1600E2779072FFE020CEDEF57D791FF89A0B2A1AC715748EAEE89790969233B075E5F81418D664C62D33A57403DAE5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _l10n = wa.Utils.Lang().checkList(),.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var threatStateCss = "threat",.. infoStateCss = "info",.. greenStateCss = "green",.. waitImage = "wacore:mfw\\packages\\builtin\\white_timer.png",.. alertImage = "wacore:mfw\\packages\\webadvisor\\wa-checklist-risk.png",.. ignore = _l10n("IGNORE"),.. fixNow = _l10n("FIX_NOW"),.. defaultImageCss = "wa-state-img",.. alertImageCss = "wa-state-img-threat",.. keyMap = { "NUW": "WelcomeMessage", "UUW": "UpdateMessage", "CLW": "CryptoLearnWelcome" },

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):802
                                                                                                                                                                                                                                                  Entropy (8bit):5.277894961878517
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:xmp5UoZR3C3dDUUhiLKyFc43bZt7nMP3a9:xmp5UoZJkxQ3SK7nMU
                                                                                                                                                                                                                                                  MD5:A631FB3B67B4579F57702E1E13F796C4
                                                                                                                                                                                                                                                  SHA1:94E7B8C6F46249BD91687E29B134CCD8DB951B7E
                                                                                                                                                                                                                                                  SHA-256:B364801B56A9CCB6E67A967B0809BBA7BD7EA8DDD398338C22E6121954EE3182
                                                                                                                                                                                                                                                  SHA-512:DFA586FC418C281274E5A7C8C9B86A1F37822A9AAA9BF3A082D952E031410A733E9FD0F634BF8A56FD89164DE8C352872A49F1B22691260855C2D9D58BA79209
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #454545;.. line-height: 24px;..}.....balloon-arrow {.. margin-bottom: -6px;.. text-align: center;..}.....balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//7900B9930125B2E2FE55905E988F41A21C75AA3DC20FBF9659E6E92E4E2E3E8AA1C54BBF39F105CA386D6DD5B2F89B2E8887DB94D2C7FAA569F1CE1A3F2DD653++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1786
                                                                                                                                                                                                                                                  Entropy (8bit):5.2644080547860606
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:+swDjYI2GNVMr7RHVMr7EVMr7VMr/VMrlTMNVMCrnr8ymTQogY+ORMqnPPQ:NOjPOROneCZNCzsTQ++yU
                                                                                                                                                                                                                                                  MD5:6254108E6A4AA9806F2756FEC26D005B
                                                                                                                                                                                                                                                  SHA1:58D6D47AC90C766415FE60D30178D2230C0D5B17
                                                                                                                                                                                                                                                  SHA-256:A30B4FEC24176222C7D411E5D4A0379701F7090FB87ADDC6521F80D396655FBF
                                                                                                                                                                                                                                                  SHA-512:9BC9AF5E7009FA776A0897B3E2689A2BA3B8D7684437ABEA67EBE585DE8C7070109E7D9DE3F0E51709516A2D89F09C176E28C5A6A320F041CE1645D73D8ADAF6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-dialog-balloon.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-dialog-balloon-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-dialog-balloon.js"></script>..</head>....<body oncontextmenu=

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1653
                                                                                                                                                                                                                                                  Entropy (8bit):4.929425962777782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:3JYmsL0yXFeRZ7kkbslksjsjjGbb+CDBXRDDNEVRK1tzZtg77OgKqDRjnnTMUHu3:9ByXIcrH4fGbaYTEV6tk77Og9TTu3
                                                                                                                                                                                                                                                  MD5:EF8EE9D11F99FC1787822E5B2A8FDBE1
                                                                                                                                                                                                                                                  SHA1:D6096EF088D6DE16307D0C9ECDA6F8DBB04980D7
                                                                                                                                                                                                                                                  SHA-256:FA0785854808DFC38B1F18B740D97A4D49A33C3DD8F8551E33158BFEAED6C515
                                                                                                                                                                                                                                                  SHA-512:300A37ADB535FC034E7F222804689E06050DECC082CCBF95198221609E455FC84F8459DE9575C1C55987758F4CE2D24755D77254FE0E922785E36CE333015EAB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:#wa-dw-toast {.. height: 245px;.. width: 425px;.. border: 1px solid #B1BABF;.. background-color: #FFFFFF;..}.....header {.. height: 20px;.. padding-top: 12px;..}.....content {.. border-bottom: 1px solid #E6E7E8;.. height: 132px;.. padding: 12px;..}.... .content img {.. margin-right: 8px;.. }.....content-header {.. margin: 0;.. color: #EA1B24;.. font-size: 14px;.. font-weight: 600;.. line-height: 33px;.. text-shadow: 0 2px 2px 0 rgba(0, 0, 0, 0.25);..}.....content-text {.. min-height: 32px;.. width: 99%;.. color: #53565A;.. font-size: 12px;.. line-height: 16px;.. margin-top: 8px;..}.....content-footer {.. color: #53565A;.. font-size: 12px;.. font-weight: bold;.. line-height: 16px;..}.....content .body {.. float: right;.. padding: 0 0 0 0px;.. width: 99%;..}.....footer {.. display: table;.. background-color: #F5F6FA;.. height: 56px;.. width: 425px;.. padding: 0;..}.....logo {..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1693
                                                                                                                                                                                                                                                  Entropy (8bit):5.123238382138251
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:V2sY0TYttGNVMz7tVMz7EVMz7VMz/VMzlGVMCqEjIYcdzV:3XT0tMv267CjjKdzV
                                                                                                                                                                                                                                                  MD5:06808795BDCE5F2B3101F594A66CF92D
                                                                                                                                                                                                                                                  SHA1:F29FB92B8BF454ACB3DF58A2CC572245B7AAFDC3
                                                                                                                                                                                                                                                  SHA-256:0CDA42FB307B25CC6D9EA80D7AE1D046F9A6A89160E110E249E0A01D38D15DA0
                                                                                                                                                                                                                                                  SHA-512:A94F404AFD5A9DC345391B9DEE0AE3E4AA8F188C5375434CC10284E3BA82DC4E1DC5621D4D132C2447824D0C720F89E1364C281A2234AB186F1F0270576399EF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-dwtoast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-checklist-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-dwtoast.js"></script>..</head>..<body oncontext

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2137
                                                                                                                                                                                                                                                  Entropy (8bit):4.907956363205003
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UUzf2hkRg/q4HWcJ5/VFeICFeI75jYKubJsbnbIeIpqeUr:Uh2gy4HWw5/jC75jYbJUba83r
                                                                                                                                                                                                                                                  MD5:AFA7D01D32A223434ACFC7879ECB9080
                                                                                                                                                                                                                                                  SHA1:34B1B321B7F4E4582E7F8F782921EFA077D7C3D2
                                                                                                                                                                                                                                                  SHA-256:72CEA2AEF37DF1307A5888206BA4D1CC16502E7CE62040653A8410DA7BAB748E
                                                                                                                                                                                                                                                  SHA-512:C0D9EA8DCD8C9680030B6ED87BA63D784A2869CBF02FC7DEE91CDB1D046A3D5F269287ACA1D248F40B7D9F42F12CA3EC507FC5A3F332FD810441C4A2F5D10288
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:body {.. margin: 0;.. font-family: "Open Sans";.. box-sizing: border-box;.. background-color: #FFFFFF;.. border: 0.833333px solid #BCC3CC;.. box-shadow: 0px 0.833333px 8.33333px rgba(0, 0, 0, 0.254218);.. border-radius: 1.66667px;.. overflow: hidden;.. }.. .. h1 {.. font-style: normal;.. font-weight: bold;.. font-size: 16px;.. line-height: 32px;.. color: #383434;.. }.. .. p {.. font-size: 13px;.. line-height: 16px;.. color: #454545;.. }.. .. .main {.. text-align: center;.. background-color: #ffffff;.. height: 210px;.. }.. .. .main-logo-container {.. display: inline-block;.. }.. .. .main-logo-container .img-wrapper img {.. max-width: 105px;.. padding-top: 32px;.. }.. .. .main-divider {.. display: inline-block;.. margin: 7px;.. }.. .. .main-description-container {.. display: inline-block;.. text-align: left;.. vertical-align: top;.. max-width: 295px;.. height: 100%;.. position:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2505
                                                                                                                                                                                                                                                  Entropy (8bit):5.088559098371566
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:V2sY0TYaGNVMz70VMz7EVMz7VMz/VMzl+VMCqX+Q7hc8A5TTD14KtYJCKWbeIwkF:3XTL/v26TChnR+5WbeIwEeIYOzCUOm
                                                                                                                                                                                                                                                  MD5:A0CCF1DBFCF4AF5171FE1F20984AC5C3
                                                                                                                                                                                                                                                  SHA1:607C8BCB3A7237B3754B0DD7CAD192463C82F3BA
                                                                                                                                                                                                                                                  SHA-256:6D9D64996071A2C2AB6A6A69B02E46B98AB87DB145B45B786FDB52066671C5A6
                                                                                                                                                                                                                                                  SHA-512:6B8451AC352CDEC8F0E0B6250ED8E0F2CD7192691DD6D8E399BE8E3D3CA34ECAFB0A295F27C6BE58DE40F9687FCAB8C3CE6BC83027FE9DF1DA293C08710C8C5F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ext-install-toast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ext-install-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ext-install-toast.js"></script>.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3583
                                                                                                                                                                                                                                                  Entropy (8bit):5.331474129475065
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:nPT2likPJkhmmVkH0zf6lui5TF+Ezkb00t+lkz0tRZ21:SMLhmmVXzf6gahLzz/lvtG
                                                                                                                                                                                                                                                  MD5:F2F95A23D0BCA2FABC7FD472179C2026
                                                                                                                                                                                                                                                  SHA1:601BDF930BAA7EFA33D401741FAF37C7261F7FED
                                                                                                                                                                                                                                                  SHA-256:8A1123F61B3E83C294ADE344726A676C384F218D56A96FCC95538099D12B2423
                                                                                                                                                                                                                                                  SHA-512:11E710F81C0C9D2B514519C390437F02753718C93705C62D0E3F4F01257606A2F347F7797943C285DCBE2F737FCC091A873C779BBFE0CE7CA90ED99592C37635
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Download Warning Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,... _instrument = wa.Utils.Instrument,... _settings = wa.Utils.Settings;.... ui.extension_install_toast = function () {.. var $el = {.... header: $("#wa-sstoast-heading"),.... description1: $("#description-1"),.... description2: $("#description-2"),.....acceptBtn: $("#button-accept"),.....ignoreBtn: $("#button-cancel").. },.... show = function () {......_window.ready(function () {..............// Set toast window size......setSize({width: "485", height: "265"});..........// Get settings data.....var toastCountSetting = "ff_extension_toast_count";.....var toastCount = _settings.get(toastCountSetting, "0") || 1;............var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.WAIFF).get;.. .....// Initialize toast......init(lang, toastCount);.... _window.show();.......// Send telemetry for toast impression................var analyticsEvent = {.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ext-install-toast.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 126 x 104, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5630
                                                                                                                                                                                                                                                  Entropy (8bit):7.947897963110471
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:QSToxeyGItzC74o5BBiMAxI0Roty8QTzTuWjP4IMqQidjQFl1JuKOrzmdc4z+S3:QScxeyDtMzPBiMAxZtqIXQ6QhJZyS3
                                                                                                                                                                                                                                                  MD5:F5D9337BD302C183FFE6B9613EA4E236
                                                                                                                                                                                                                                                  SHA1:6C622ECF659AE65E7F6ABFED4FA831D230B51A02
                                                                                                                                                                                                                                                  SHA-256:DDC6EC93BB8B7AE8C90D42476ACCC47CB7E9EE28B01A312346462AD54206151C
                                                                                                                                                                                                                                                  SHA-512:40270893584E34AD27B7E89DE9466D08464A4A869D96D5CA414FADF7332BD02B7AD1F28725FA82D7EF8AF4A0973494CC8633A202F58F0A2E60933CF482591BF0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...~...h.....7.D.....pHYs.................sRGB.........gAMA......a.....IDATx...xT...G2..$<B...6.@?E...#.~U..b..Z.j......E........\...,.......A.V...A Iy.H2.y$s..g.'3.sf..$.{~.w..}.L....Zk..(A.....Q.&...`Q.n.@...j..Wz..2.I*.....f...q. .%..[..x.:B...:.....F.a.,\....O...>.t:....`.Ut...Y..34.O'q.%<..b...B.I...q.%3.n....k..#..=F.J.5.9...;o.R.^...D.N_...9...i?..~A....k.%..l.kiU.\@....`...M.`.....9.L.n.%....t...9..;YK......aT......4-......yq.D.8...>1..."...v#.....]t..i$S..$..H.C)$...i-n.Q(5];S,.Utc......6.....4.WOr..%...-D6v.\.m.m.....r......@..6..1..fQ.......`z.e...J....I...At...0.;..B......?...,...0..8.. ...n...Y..o*....r.6.b.......V...M.....v.J.d.K..y.Hq.|....~...e.=_....x.t...x.x.z.i.%4..~.k>.n..$.&..^.S4s.c...!r...].3..}9M..Mz......u..\..6....=3N.=.#.N...SQ..i\...I.<M.~AdP...G.o....A=.}.L...N.R....N..[nQ<o.8..V.&...,......MMt..a...r.[^..F'9.Ix..t..N'.q.....N8.!.8..%...t...Q=..U[+..Lcs3..j...:r.\I.'S..."9....:Q...YR.WP5[<.w.A.m.0

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6632
                                                                                                                                                                                                                                                  Entropy (8bit):4.863979137870073
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:yH5SvRvxVoY2bZ8/C0jBkY52Q5YsYmgdFZR9FNGA:yH5EvxVD2bSq4BksV5BLgd3ZgA
                                                                                                                                                                                                                                                  MD5:DB4B9B953E26355D626388BB9E3D0D4C
                                                                                                                                                                                                                                                  SHA1:892EA969F63EF86DB81504EE485A4043D785585A
                                                                                                                                                                                                                                                  SHA-256:71111AF2BA5C3A186577DA9A1B28A57A21B18E1CA1C4391E9FF943A851CC9A3D
                                                                                                                                                                                                                                                  SHA-512:4F92FA9CDC6CE7E77EDFA6467BBF9BF8F2EF80E09A726748E0E6A3FB340B6FC1E0434EF58571A1B269D453063583F9B69E23713087AE03AADB359E0276752B99
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:#bottom {.. bottom: 0;..}....#left {.. left: 0;..}....#left,..#right {.. bottom: 0;.. top: 0;.. width: 2px;..}....#right {.. right: 0;..}....#top {.. top: 0;..}....#top,..#bottom {.. height: 2px;.. left: 0;.. right: 0;..}....#top,..#bottom,..#left,..#right {.. background: #939598;.. position: fixed;..}....#wa-button-donttrust {.. font-size: 26px;.. right: 2px;.. top: 5px;..}....#wa-button-reset {.. background-color: #00AEEF;.. border-radius: 3px;.. color: #fff;.. font-size: 14px;.. font-weight: 700;.. height: 40px;.. margin-top: 12px;.. width: 145px;..}....#wa-button-trust {.. font-size: 24px;.. right: 3px;.. top: 4px;..}....#wa-close {.. padding: 8px;..}....#wa-options-about ul {.. line-height: 23px;.. margin-bottom: 0;.. padding-left: 12px;..}....#wa-options-content {.. font-size: 12px;.. overflow-x: hidden;.. overflow-y: auto;.. padding: 24px;.. width: 550px;..}.... #wa-option

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1426
                                                                                                                                                                                                                                                  Entropy (8bit):5.271802199703987
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:csY0TYJGNVMz7UAVMz7EVMz7VMz/VMzlQVMCmFgtHG9pQ3jc:3XT8sTv26ZCJtHwV
                                                                                                                                                                                                                                                  MD5:7ACE7021513254597642A241CE4E4A89
                                                                                                                                                                                                                                                  SHA1:96129C24FB0A1950DD597AD5D2A9513E86EDB8EA
                                                                                                                                                                                                                                                  SHA-256:56A31554439DE4DE7EE6D7A9F335C19E2E3A2A4BC81CD76C14A84FB9162B7CF5
                                                                                                                                                                                                                                                  SHA-512:EDDD30C61BD354D0E280D2BBC53CF2E44B9CBC3807BCDB533FC3E1E4DB165D76B7F9D1C2EBDD1A3CEE95794D3FAF4AEB60DBB4893C6823CD0D11AA81FC1BDB78
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-options.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-options-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ui-options.js"></script>..</head>..<body onselectstart="return fa

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1594
                                                                                                                                                                                                                                                  Entropy (8bit):5.200218132677803
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:xmp5UoZR3xQpxsVecZa95p4H3rn39UDSyPVhilb39U0M3JtEN8vWZRVcoPu5xt2s:xmp5UoZJxRVXw9n0gA3uBHEN8vWZBct
                                                                                                                                                                                                                                                  MD5:1B5E95B4DE976B1CD0ECB0198B8477DC
                                                                                                                                                                                                                                                  SHA1:339303A95A250261D8D1BED2FD91118E34F0D3C5
                                                                                                                                                                                                                                                  SHA-256:DF34889C77E490A35F28E1544FABA79E6DF5289A22E55D217EF2328EF0B666A4
                                                                                                                                                                                                                                                  SHA-512:1F740C183D97BDAD3D808891C43C1F6071CE47BDD4A1ECA6D404958368265F2D0D5FF177E423BAE2E67DDC6229126F6223A6F593B0A922F050DE283AB7634002
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}..../* Arrow pointing up */.....balloon__arrow-up {.. display: none;.. position: relative;.. text-align: center;.. top: 8px;.. width: 440px;..}..../* Arrow pointing to the right */.....balloon__arrow-right {.. display: none;.. height: 130px;.. line-height: 130px;..}.....balloon__arrow-right img {.. display: inline-block;.. line-height: normal;.. vertical-align: middle;..}.....balloon__card {.. float: left;.. overflow: hidden;.. position: relative;.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. height: 130px;.. width: 100%;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. ma

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2055
                                                                                                                                                                                                                                                  Entropy (8bit):5.214758180847983
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:+swDjYiRGNVMr7xnVMr7EVMr7VMr/VMrlwVMCrAe+xdmn56+u0INBeRMmRz0ZD:NOjPxuneCNCO06+PCBCBRwp
                                                                                                                                                                                                                                                  MD5:1425654C854108A36AD043C1BC2BC640
                                                                                                                                                                                                                                                  SHA1:5BCCEBED3A1C6D43212C34041C03E21B06F8CE47
                                                                                                                                                                                                                                                  SHA-256:C97F364901BD668A99D6680B17B01A465FAB81C0F057B82A7835659B17B9E4D2
                                                                                                                                                                                                                                                  SHA-512:39315DAA4685F5F590DAED72B895819C97BAFA213D3D068D0BBC9E06F6CD9A954436E6B6820E2A416FCCD5C199A4156EFE4E3568D419561FBE5955D9DFE49CF2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-overlay-ui.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-overlay-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-overlay-ui.js"></script>..</head>....<body oncontextmenu="return false" ons

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-overlay-ui.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9485
                                                                                                                                                                                                                                                  Entropy (8bit):5.218603054151627
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:2Ar/3qYFqFmMKuhiXdeRh3tEznLe7aAHKmXi:7SVIIh3t+4zri
                                                                                                                                                                                                                                                  MD5:A07A8FC925038CEDA7CE76853BA03EA7
                                                                                                                                                                                                                                                  SHA1:D7948C6C63C150569F492DF97B2730CEC8CC837E
                                                                                                                                                                                                                                                  SHA-256:1C018D342E32C6FB39573C2E2C56F704BD108494C10C29E3610CB637BEE0429C
                                                                                                                                                                                                                                                  SHA-512:C63931BD243334875FF0E227015181795829550B995E4D62C51FFAD0F776239646FD00593FD1E2024334646E634EEFD3C9E0A4C7DBFE635DEA199E837C8B1B9C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. arrowUp: $("#arrow-up"),.. arrowRight: $("#arrow-right"),.. balloonCard: $("#balloon__card"),.. contentText: $("#content__text"),.. cardImage: $("#card__image"),.. closeIcon: $("#close-icon"),.. waLogo: $('#wa-logo').. };.... var ENABLE_EXTENSION_OVERLAY = 0;.. var INTRO_OVERLAY = 1;.. var SEARCH_WARNING_OVERLAY = 2;.. var SETTINGS_OVERLAY = 3;.. var TOAST_OVERLAY = 4;.... var WA_EXTENSION = 0;.. var SS_EXTENSION = 1;.... var overlay = {.. types: {}.. };.... overlay.types[ENABLE_EXTENSION_OVERLAY + ""] = enableExtensionOverlay; // enable_extension_overlay.. overlay.types[

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding-bing.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65389), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):625899
                                                                                                                                                                                                                                                  Entropy (8bit):5.616570429523557
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:57MdRhPEceKr1GPHte7zA+0hung074P2Ej4ITdJwuwvMaSPwCDVrx76I9kO29Gyj:qFvzIo/PWnP8
                                                                                                                                                                                                                                                  MD5:48D07C122F7DEA56B862C8158A2176B6
                                                                                                                                                                                                                                                  SHA1:8D4588D11134A23211B4DE4D84BBA42530148B39
                                                                                                                                                                                                                                                  SHA-256:CABA02AB7A59CE0DD0D4938A62EB421EE041E7CE48BC677CC9D1707E7D1AE29F
                                                                                                                                                                                                                                                  SHA-512:5D12E2C1A36B5428A751806468D85F20A7F5B8EEB1608BC4318A2FEC092746705D6420F5C68373F4529D3F4B5702F94636F044ACE25C4394242DF21008665938
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* CSS file for the new bing rebranding toast that replaces the red SS toast */..../* Poppins Regular */..@font-face {.. font-family: 'Poppins';.. src: url(data:application/font-truetype;charset=utf-8;base64,AAEAAAANAIAAAwBQR0RFRgkWCRkAAAFYAAAAQEdQT1MXRyG6AAAjKAAAE+ZHU1VChSeQLgAAWagAACZ0T1MvMtnrd+0AAAGYAAAAYGNtYXA1CTsUAAAB+AAAAtJnbHlmUcOS0wAAgBwAAeoCaGVhZBrJJGEAAAEgAAAANmhoZWEMdQYgAAAA/AAAACRobXR4ZsjwMQAAEpwAABCKbG9jYQsjgYUAAApUAAAISG1heHAEpQEsAAAA3AAAACBuYW1luw0UrAAABMwAAAWIcG9zdDq/aJsAADcQAAAilQABAAAEIwCVAAwAdgAGAAEAAgAeAAYAAABkAAAAAwACAAEAAAQa/qIAZAnt/e35bgoHAAEAAAAAAAAAAAAAAAAAAAQiAAEAAAAEAQab98VTXw889QADA+gAAAAA2KSpvgAAAADbFjbM/e39xAoHBCkAAAAHAAIAAAAAAAAAAQAAAAwAAAAAAAAAAgAIABgAHwADACIAIgADAHkAegADAH0AfQADAJIAkgADAlwCXwADAmcCbAADAnMCcwADAAQDUwGQAAUAAAKKAlgAAABLAooCWAAAAV4AMgFIAAAAAAUAAAAAAAAAAACABwAAAAAAAAAAAAAAAElURk8AwAAA+wIEGv6iAGQEbwJzIAAAkwAAAAACJAK6AAAAIAAEAAAAAgAAAAMAAAAUAAMAAQAAABQABAK+AAAAmgCAAAYAGgAAAA0AIAB+AQcBGwEjATEBNwFIAVsBZQF+AY8BkgH9AhsCWQK8AscCyQLdA8AJAwkLCQ0JEQ

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding-bing.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1750
                                                                                                                                                                                                                                                  Entropy (8bit):5.237505222218743
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:neswDYEuGNVMe7OAVMr7EVMe7VMr/VMrlEwrVMCrYt1bQSk4CNiebvFUuHRMjg5+:tOKfnrCjCC88YkVeg50w61
                                                                                                                                                                                                                                                  MD5:3B9B1D63B84AA8FDF550571AE62F2E3B
                                                                                                                                                                                                                                                  SHA1:B21220253F01DD8FD12889CEDF562EB95FCEFFF0
                                                                                                                                                                                                                                                  SHA-256:A72AD5F4ED76D8D56C0FD81FCD1677BDD83943C336DC1B3D2115C3B44491F096
                                                                                                                                                                                                                                                  SHA-512:D76CEB797A4B49A65DDB8FC0A0E11345853954B4FD05CDE803EFF3226C5549CF164DF1F7636047790BC3338B4B14192EF93EF3218FCF34EF2568B605B4D92C84
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>....<head>.. <title>SecureSearch Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-rebranding-bing.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.... <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-bing-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.... <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-rebranding-bing.js"></script>..</head>....<body oncontextmenu="return false" onselectstart="return false" role="dialog">.. <div class="toast

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding-bing.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2510
                                                                                                                                                                                                                                                  Entropy (8bit):5.158348945730247
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Fa+J3ggs19E5sFHDjJ60LhrqJ6MLhr3aS/dxJ6HLhryeEpOZ0a:VQgy9E5sFjjkUhWkchpnkrhePOZd
                                                                                                                                                                                                                                                  MD5:942046677902A21A83DF2FAE7D2D330C
                                                                                                                                                                                                                                                  SHA1:F8D0C55282D897FCC8DBE20B739F59551A5F54CD
                                                                                                                                                                                                                                                  SHA-256:40C002EFF4B7C5B1B2DC0233D2CD540E01F58F4465DCE29C34B161504EDA2EE2
                                                                                                                                                                                                                                                  SHA-512:FA17C8BD4CD5F460B5A88F3E7E1CBDC03CE2C7CDE389997551D9A6D7231742B4147BA384E713AF9526428C0E9964684C319F53A6FB9B23FD0D29731E77FC279F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* SecureSearch Toast UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window;.... ui.SecureSearchToast = function () {.. var $el = {.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. subFooterText: $("#sub-footer-text"),.. doneButton: $("#done"),.. declineButton: $("#decline"),.. },.... fillText = function (lang) {.. $el.contentInfoTitle.html(lang("SEARCH_TOAST_HEADING"));.. $el.contentInfoText.html(lang("SEARCH_TOAST_SUB_HEADING"));.. $el.checkboxQuestion.html(lang("SEARCH_TOAST_BODY_TEXT"));.. $el.subFooterText.html(lang("SEARCH_TOAST_SUB_FOOTER"));.. $el.doneButton.html(lang("SEARCH_TOAST_YES"));.. $el.declineButton.html(lang("SEARCH_TOAST_NO"));.. },.... init = function (lang) {.. fillText(lang);.... _window.setWidth("579");..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65472), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):626133
                                                                                                                                                                                                                                                  Entropy (8bit):5.617814771341909
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:y7MdRhPEceKr1GPHte7zA+0hung074P2Ej4ITdJwuwvMaSPwCDVrx76I9kO29Gys:DFvzIo/PWnPV
                                                                                                                                                                                                                                                  MD5:CD387543A50F8B0AA81A58EAABED3C72
                                                                                                                                                                                                                                                  SHA1:B0B8B31AD884A0C8387293A3A765674509C264D1
                                                                                                                                                                                                                                                  SHA-256:7EFB66D19DCD9CCDA892C2688A1A1EAE0639C5664E8180DE5DA46701C4CD8716
                                                                                                                                                                                                                                                  SHA-512:2E54876F0F2EB5BE51B248E98B1E328526B732421B5D7B6FFEAF5B39D1F78D4CCBE3CFD94A1162729128A37EA26A1C97C736904334F3471B7398440119A337A2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Poppins Regular */..@font-face {.. font-family: 'Poppins';.. src: url(data:application/font-truetype;charset=utf-8;base64,AAEAAAANAIAAAwBQR0RFRgkWCRkAAAFYAAAAQEdQT1MXRyG6AAAjKAAAE+ZHU1VChSeQLgAAWagAACZ0T1MvMtnrd+0AAAGYAAAAYGNtYXA1CTsUAAAB+AAAAtJnbHlmUcOS0wAAgBwAAeoCaGVhZBrJJGEAAAEgAAAANmhoZWEMdQYgAAAA/AAAACRobXR4ZsjwMQAAEpwAABCKbG9jYQsjgYUAAApUAAAISG1heHAEpQEsAAAA3AAAACBuYW1luw0UrAAABMwAAAWIcG9zdDq/aJsAADcQAAAilQABAAAEIwCVAAwAdgAGAAEAAgAeAAYAAABkAAAAAwACAAEAAAQa/qIAZAnt/e35bgoHAAEAAAAAAAAAAAAAAAAAAAQiAAEAAAAEAQab98VTXw889QADA+gAAAAA2KSpvgAAAADbFjbM/e39xAoHBCkAAAAHAAIAAAAAAAAAAQAAAAwAAAAAAAAAAgAIABgAHwADACIAIgADAHkAegADAH0AfQADAJIAkgADAlwCXwADAmcCbAADAnMCcwADAAQDUwGQAAUAAAKKAlgAAABLAooCWAAAAV4AMgFIAAAAAAUAAAAAAAAAAACABwAAAAAAAAAAAAAAAElURk8AwAAA+wIEGv6iAGQEbwJzIAAAkwAAAAACJAK6AAAAIAAEAAAAAgAAAAMAAAAUAAMAAQAAABQABAK+AAAAmgCAAAYAGgAAAA0AIAB+AQcBGwEjATEBNwFIAVsBZQF+AY8BkgH9AhsCWQK8AscCyQLdA8AJAwkLCQ0JEQkUCSgJMAkzCTkJRQlJCU0JUAleCWUJbwlwCXIehR69HvMe+SANIBQgGiAeICIgJiAwIDogRCCoIKwguiC9I

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2171
                                                                                                                                                                                                                                                  Entropy (8bit):5.170488523740939
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:m2sYqYEpGNVMz7eVMz7EVMz71rAVMz7VMz/VMzlEtVMCWt1bQSk4C1uQraPxUFIc:SPdRvtT26hCW8tutJPf6F6eT
                                                                                                                                                                                                                                                  MD5:80420F17AC946CD198A70122064A3848
                                                                                                                                                                                                                                                  SHA1:17A79D51AF96E0388F63BCA01809873348F5FBEA
                                                                                                                                                                                                                                                  SHA-256:830A6EDE3CE0C75AFEA87B7632CF84D975B36CC6BBB68F7FB91EBFA0608DE7A5
                                                                                                                                                                                                                                                  SHA-512:6EA38C3C91F3A6A7D291E7AE04446FABD9BD33D40B3CE9FFAD543572D699A2BC37415B73E3C78F4CD05A27AAF2D1AF24B114D5B604ED25A3CB030CB5ED5F90FF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>..<head>.. <title>SecureSearch Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=edge" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-rebranding.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ss-toast-variants-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-rebranding.js"></script>..</head>.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-rebranding.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6193
                                                                                                                                                                                                                                                  Entropy (8bit):4.97084920450951
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Xxb1BFoFPtYdY01kA55YUr11thN4GjCYWPe:R1BFoPg71kA55nhN4ox
                                                                                                                                                                                                                                                  MD5:5323C0F428E5AB2C5B98D70CCAD96D82
                                                                                                                                                                                                                                                  SHA1:5A6FFB27924A4005AF7D2C3B2D3474296CB8DAB4
                                                                                                                                                                                                                                                  SHA-256:ACC9C869943127467F0EC94E2442E6DC32D612AEA7B3CB4BC79E5C9CFE29FFEB
                                                                                                                                                                                                                                                  SHA-512:5C0D7CAC166D712A24FF32179C32A0222ECCFA546180BC095562540BE0343C4446EA58149E0BE7D459912164D6967CDC4DBA8894FA5DCD245E9967B9B1F05672
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* SecureSearch Toast UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _window = wa.Core.Window,.. _external = wa.Utils.External;.. var TOGGLE_COUNT = "toggle_count";.... ui.SecureSearchToast = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. checkboxChecked: $("#checkbox-checked"),.. checkboxUnchecked: $("#checkbox-unchecked"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. doneButton: $("#done"),.. },.... isCheckboxChecked = function () {.. var isChecked = false;.... if ($el.checkboxChecked.css('display') === 'block'.. && $el.checkboxUnchecked.css('display') === 'none') {..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2101
                                                                                                                                                                                                                                                  Entropy (8bit):5.242260723103398
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:xmp5UoZJx7MdDjTPWfx9gczwPpCRulmZzhs:xArx7M5TPWfx9lzwsvzO
                                                                                                                                                                                                                                                  MD5:8875B943E4A0478DE115297F7AE15374
                                                                                                                                                                                                                                                  SHA1:2A7FE3E91F0311F1E3F0C866433B486ABAD993FF
                                                                                                                                                                                                                                                  SHA-256:46A73A0ED9727F5A8FB11B6BC2C50BFCA61FB7D1E4B378B2A872EF542A2E6184
                                                                                                                                                                                                                                                  SHA-512:A54387EF1EBFF35ACFDC09898ED9E3F48115085099B8C142D29FB24C8405E6FB70548D1B39E762AAD79852882DC7440A2664AA8785FEB811348EC54EDA82E70D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px; /* Window width is 530px */.. margin-bottom: 6px;..}.....content__checkbox {.. margin-bottom: 16px;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}.....card__content #checkbox-question {.. font-weight: 600;.. font-size: 14px;.. margin-bottom: 16px;..}.....card__content .button__unfixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;.. border-radius: 100px;.. display: block;.. margin-left: auto;.. height: 38px;..}.....card__content .button__fixed__width {.. background-color: #1671EE;.. color: #FFF;.. paddin

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2093
                                                                                                                                                                                                                                                  Entropy (8bit):5.211627809076251
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:AswDjYEZGNVMr71rAVMr7EVMr7VMr/VMrlEa0VMCrmglB7vURFWS4CicmQZmqEgF:DOjNlTneCp3CTRSFWSO7QmqPOJa
                                                                                                                                                                                                                                                  MD5:09D7B08CF2AB5A9740F2E1410F640C05
                                                                                                                                                                                                                                                  SHA1:99D525CFBD73E32C52FAFDE0D4E31014A1AEAFE5
                                                                                                                                                                                                                                                  SHA-256:2D34CB6BCC22E9AA2D7726826822591E4BF4D357CB93AC8CBD5640B8BE3CC953
                                                                                                                                                                                                                                                  SHA-512:2176A29ED9EE9CAE03466959D74F8B30D809CC6A9EF36B7E2B5BD96E098360709B47BA51E42DDB94AD2CF46991732729D33282DEEEC3C0EF967B9F7C390B7759
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>....<head>.. <title>SS Toast Variant</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-variants.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-ss-toast-variants-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-ss-toast-variants.js"></script>..</head>....<body oncontextme

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ss-toast-variants.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11553
                                                                                                                                                                                                                                                  Entropy (8bit):4.9747928509257235
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:lAGSRh8MezXoRYhsCSRyTe7TSlR2R1pUnoKWERjW18jEcYyhd0hyfXt:m3hFezXmYhncyTe7TSjg1unoKWyq18j7
                                                                                                                                                                                                                                                  MD5:6B3E4AADE37EE300112C3E9158F9E5DE
                                                                                                                                                                                                                                                  SHA1:EC0B1942E728314C4C059A28AD14D7051AD57846
                                                                                                                                                                                                                                                  SHA-256:495B033EDB2E89A93B5FEA0F356E8A49F5352752DCA4A33E07075599C6DFE570
                                                                                                                                                                                                                                                  SHA-512:89B259322322E060DCD391231DCD2F3F3A78ACF53A98457EB7420F75FB2BF593FF8FBDF609B46057185E7632777599E6026B6AEDB416355BD1B99DDC8DA0A619
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. doneButton: $("#done"),.. toast: $(".toast"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. };.... var variantsMap = {.. // Toast variation phase 2.. 1: {.. InfoTitle: "TOAST_VARIANT_1_TITLE",.. InfoText: "TOAST_VARIANT_1_INFO",.. Question: "TOAST_VARIANT_QUESTION",.. Label: "TOAST_VARIANT_CHECKLIST",.. ButtonText: "TOAST_VARIANT_BUTTON",.. T

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7462
                                                                                                                                                                                                                                                  Entropy (8bit):5.112046421229621
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:OWZxXMHRMrola7b6xEgPGquAED+Y8AAoYE9Yl5hpeA8h9Y/5hbqe51E5T9565Cgn:OW0H2zFguf+c9Ug9K7aO9Y1bZU
                                                                                                                                                                                                                                                  MD5:886734F8EF0F7A2BD7AC8EE63EAFC745
                                                                                                                                                                                                                                                  SHA1:71AAC29E2B35E35315E9CEDF61B1F514FD7371AF
                                                                                                                                                                                                                                                  SHA-256:AB8A4CD13E6BE8A35CFAD9B47251B46C28F9AEF9FF607B87C01AECA35595507C
                                                                                                                                                                                                                                                  SHA-512:39AA1ADAC25DB607A5CF8627768238A5AB51100DF0D4E57D0E29D3A09D1B38FA562AB84E48C6EC0CB37C465E0191AD0DADF1D1123C737E755758851B7186052B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;..}....body {.. background-color: #f2f2f2;.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* version 2 3 */...card__

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3851
                                                                                                                                                                                                                                                  Entropy (8bit):5.043335582612994
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:jMsaURv265bWZNY0TUYoAzgs3CZ4ea9S6ghD2QXIanvOksN:jjbGe9Yo2gs3JeacVDfXIanGk6
                                                                                                                                                                                                                                                  MD5:194D0B9162D444B0DBFC81EEB847DD7F
                                                                                                                                                                                                                                                  SHA1:90F0A30B758221B2F2C4499BF66B1D122329A253
                                                                                                                                                                                                                                                  SHA-256:02DFC1A9187AE8D00620CAFA3653085BE3E32533C33A304C902654666A439E58
                                                                                                                                                                                                                                                  SHA-512:7BFA894BFD24D9CC6959CF166B25EB2DAE771E89524CC398CFD3FD851F3031874E89ABDE29A3DF3CE307D701D85D8240F316BF09D4612ED175DC427BA66C2FA7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>.... <head>.. <title>WA SS Toggle Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-sstoast-toggle.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-sstoast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\weba

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-toggle.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9145
                                                                                                                                                                                                                                                  Entropy (8bit):5.149275800236925
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:lAZ3m0aWPwT0JrrvG1zuLIhHQnJC16yhu3Fo65Dcw+hdlgX+R:mZ4j1yDJsu1oprfs+R
                                                                                                                                                                                                                                                  MD5:4E75CA82B63BF0D7CE816D5E07456841
                                                                                                                                                                                                                                                  SHA1:3392B5074F72124100DEE3CC1F63393C30C58C0E
                                                                                                                                                                                                                                                  SHA-256:6436CD5A82FBA6D79412856952150658ADA7B06AC0C06A2CCFF41684D28733DE
                                                                                                                                                                                                                                                  SHA-512:8A70EAEF47B0722794E87461668C8B9775D52FAFFB24BB9AE7B9C15AF263EBA74C014A12DC5FD179385AE741C64454185290A2C87A35186C122AE39BDD10CED5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. expiredSection: $(".expired__section"),.. expiredDivider: $("#expired-divider"),.. expiredLabel: $("#expired-label"),.. expiredName: $("#expired-name"),.. feature1Label: $("#feature-1-label"),.. feature1LabelContainer: $(".feature__1__label__container"), // dynamically change container if text is too long.. feature1Name: $("#fea

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dialog-balloon.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3034
                                                                                                                                                                                                                                                  Entropy (8bit):4.638682919992348
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:B4j7B2AacfdwtxqApUQVVPhPkzYOEbFQO0HR/1xRzi1CePNXDtw2:scAa+dwtVVVPCxEeO011xReXDW2
                                                                                                                                                                                                                                                  MD5:B90AC515CF2471538F252204450BD9C6
                                                                                                                                                                                                                                                  SHA1:FF6F2C0CEF15E3047F8C4A510D2CCDBE7030F7DB
                                                                                                                                                                                                                                                  SHA-256:0334EFDA0E4D28ADFCAF4C7AED0EDD3EB3EC1BF98981AE8122278A25B4B93AAC
                                                                                                                                                                                                                                                  SHA-512:94581EF550DE590DC11A4496E07D8877C19DA470B661B08AB544B1251FFEE99A657115BFAEA2C9B0B9CA848BE3F6C01B04A4FA51DE47340FF00563E1C728A97C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. button: $("#wa-dialog-balloon-button"),.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $("#mc-dialog-arrow").. };.... var telBalloonType = '';.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.... if (!settings.balloon_type) return;.... init(settings.balloon_type);.... _window.show();.... //Send Telemetry 3.0 for dialog balloon.. var browser_code = _instrument.getBrowserTypeCode();.. var screen_flow = browser_code == 'F

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dwtoast.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2413
                                                                                                                                                                                                                                                  Entropy (8bit):4.801374194851256
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:H45ikVjkpq/nWp1qgVsk0HuKAh51nhtlUT:Yjk+WlcsBhtlUT
                                                                                                                                                                                                                                                  MD5:706EA6AA85B81C7698F191EF1182BEC8
                                                                                                                                                                                                                                                  SHA1:2EA6643CE2EA042DC4B0B0BB048EBBC4ABCE4F3C
                                                                                                                                                                                                                                                  SHA-256:20CEACF0E32F77DF4ECE5DDF4A8EC6411B04916701DEA3919C311BD4C5AFA3B9
                                                                                                                                                                                                                                                  SHA-512:EC75CC071062E8C5BAD474EBF993A0931342EE071B92FCD71565082B509864781DA3B68B009F36BC1853428DCB66023E3530EBB24552F6105B11AF9E3B54351F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Download Warning Toast UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _dw = wa.Core.DownloadWarning,.. _wa = wa.Core.WebAdvisor,.. _l10n = wa.Utils.Lang().checkList();.... ui.DownloadWarningToast = function () {.. var $el = {.. logo: $("#wa-dw-toast .logo"),.. status: $("#wa-dw-toast .status>span"),.. content: $("#wa-dw-toast .content .body"),.. block: $("#button-ok"),.. allow: $("#button-cancel").. },.... show = function () {.. _window.ready(function () {.. var domain = _dw.getDomain(),.. fileName = _dw.getFileName();.... $el.logo.append(_wa.getProductLogoHtml("wacore:mfw\\packages\\builtin\\mcafee-logo.png"));.. $el.status.append(_l10n("PP_STATE_TEXT"));.. $el.content.append(.. "<p

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-options.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21369
                                                                                                                                                                                                                                                  Entropy (8bit):3.8672869876322054
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:LravuBFTItBHDiF9ymq4pZpnXEB25hmmvYXOergIzKN:PavuBcBHDdmRHpXEB2UEI+N
                                                                                                                                                                                                                                                  MD5:135EFC09A3C04100FFE3C123FBFDC6CE
                                                                                                                                                                                                                                                  SHA1:8D940249DB78E559209CB78520E100188487143E
                                                                                                                                                                                                                                                  SHA-256:1C99E219D44E98E1750368C7EE4DCEBDE0BE93675E4CE31F340143704FFCAA8B
                                                                                                                                                                                                                                                  SHA-512:7CDA9587E90D3ABBDB5102D493C0D72CB62B82D4F1C4A9B869ED433620E40616AC3B2C9E237779A2ADC6F707918EA0C2C58101BF2EC1E3693B3BB1FA96184351
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Options UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.OPTIONS).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml();.. _external = wa.Utils.External;.... var OptionsMenu = function () {.. var menuItems = [],.. el = {.. $menu: $("<ul id='wa-options-menu'></ul>").. },.... toggleContent = function (id, delay) {.. $("#" + id, el.$content).. .fadeIn(delay).. .siblings().. .hide();.. },.... itemSelected = function ($item, delay) {.. $item.. .siblings().. .removeClass("selected").. .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-danger.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 210 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12312
                                                                                                                                                                                                                                                  Entropy (8bit):7.968450241648148
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:yRBdas2d1PJ4BYvAHpw+9zCUu3lsOgtPaITUL:6UdVTUoUTHs
                                                                                                                                                                                                                                                  MD5:4FB51E8F6008C7C9C8F0A1075BED12A1
                                                                                                                                                                                                                                                  SHA1:39C35D6482BF2D7B8A347991BC99F4EB408B7FE7
                                                                                                                                                                                                                                                  SHA-256:866910A9732E353EDFE938958BF6F4B6FF03FFA6B90589BD03C44011D2E41C37
                                                                                                                                                                                                                                                  SHA-512:6C39FDEB9036823547E8515A7F0505B41A519F5F70D55A1D2B51A10B9FAC6D8738EB3D78D2DE2BEE55666C5712A4753D72450760B69836C7F1B71577760FD99F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR..............4r.....pHYs.................sRGB.........gAMA......a.../.IDATx...|....vyU.xO.. ..8.%!.8.PJ......t..RHx....@[.......@i...-.<..H..%....x..y.l-3.+.<.G.i...~>.F..5.9.=.\.,,tp.P...rr./~<...h......a........A?.i.m.R.y?9a.y....".......0.,0-........LS,!Y...al...G..k....V.a.NGQ....p8.o.A#..<...<...0.+.`..0.....!...k..Y.x..ax~-....T.8w.t.T^...`..&.a.#.h......}Z.8...(..4.^L2.....&X.M0<.....B.T....d..62......`....,...'f...I<R.....!..t.T..(,.e.."......x..9...Z..(0.BH.]...2....lS.D.'".h)$kU.. 0....:M...z..6`..1.1.|.VI.%.9...3.B.NS&......i...G..i.mS..M...f....x2!.5.....:M......y(......V<...,.%....!.W.d........s.:.BJ.W0...WO.!#.b.E..Z.fP0..r./.j.....lq....M.u....L....3.2PLD.O.Ao.!,.!?.....2...iR.D..[Y...-,. ..d...cC[.%..,,..a..U.m.<.4!%D....`aa..d.L..%".."_.......,.YL.d.|s{gp.L1.......Qv..I....38.q......*pH...j..0!.u..,..XXL.SV.j..p4..1...w...k....$.s...:.e^.Dd..`...g.>.dr......U.b.O.....&.Drr.."_..C..MV..."a\.V.."?.B`.3y.y....E.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-risk.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 210 x 197, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9639
                                                                                                                                                                                                                                                  Entropy (8bit):7.959929359756836
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:8Sx+XNV33b9KE2nQId+RaxmxmDzMeRPGUhtGrnGyzcgJSzJKlkY+BjJJnjYdSPay:7SX9KbIRARfvRtklzcgJS1Ukz7hjYdJy
                                                                                                                                                                                                                                                  MD5:0960D91DFEAF52DB02812BF775B62C55
                                                                                                                                                                                                                                                  SHA1:125D3E9976B984B6BFDD698140626CB92D393722
                                                                                                                                                                                                                                                  SHA-256:9E7C4BF9C4911967D24A948BFFE7268F5925A1B1E3DCD5D9CBEB7721DF32DF24
                                                                                                                                                                                                                                                  SHA-512:C2AE53F305F34A3E6B0EF8E29A1E21A477C4A62F6AD27A69A91C7F1CD601A94DA1012341169F7E11C293D12AEC9B07B14CCB23185829A8C7F05FE0EDC718B681
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.............!J.a....pHYs.................sRGB.........gAMA......a...%<IDATx..{t...._..j..%...`.....!..q.....&.N^..$....Hrv.....v...........l2I&..a.....O.[......l...WU...[.wwuwU...9..]...T..=.D".H$..D".H$..D".H$..D...DR.}}.@.-.iG.k...D........RH..\..&.*.r.M.|..j:.M...a......a..Dkk....)$I.I.pU...w.C.P].p..ok..."bA....>..T.r.!\.&.....R..8..9...8.(..F........;..K..wp.N).rB.){...\gk0....$..]twd..#w.\...Bh.0.....j(.R..*\....7..8.o!..B2-O=.g.}..),.0.....5'..{*.).i.ZW5....UBrP@9..`w.b-....6!.]..O.B1.o[h..5B........r"\A.]..]..B....S{..|....6.\(^B.4.n.o..g...Y+7.q]...N5.R.Hx.....H.Vz\?.....$3..l....Xr.....Z.{.bj".Y.=.v+d...z.J\..1;2...a.(.`].r....U....8..S..../{d1.A/@V*..z..,.o-..MF....&.(.S'..p...V6.w..7.N7.z..i.Lx...vCB..P.(".,..K5pe...l<$q#....B.P..+,.=.H....d..fE.......].FL..I.H........7.G..$...W..>..D..EH.X....H...'....FT]H...9....[.|.5..1.Yl...!...C.......TMHT..*;*...Z....:......q..I.I...G.N>TEHfrA..I.C...G. ....(.K&.$....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast-wss.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 142 x 114, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9195
                                                                                                                                                                                                                                                  Entropy (8bit):7.974458734523204
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:qSgxF7Rxse5mfaPumPCqZplpMCwhsoYl6Va1uaOyplM/0zPMyWEu0:lg77RxsRaJCqD/twhsFl6VaD5KyWEj
                                                                                                                                                                                                                                                  MD5:985990E7B49221E68CA85928ABFB55B6
                                                                                                                                                                                                                                                  SHA1:A625326AFC180A99526B9C1E36C85718A8AE4E53
                                                                                                                                                                                                                                                  SHA-256:6FCA27CE0ADD2712EA1CBAF52291BBC2C9AA3E5B8411348DA4459082E53D456F
                                                                                                                                                                                                                                                  SHA-512:AD415F9B2242675A26DFD9FAB9DCC9E2BA02191EDFB4B938C688458E92379263C9E1357EEDF8E97D4956E3A28E69D59A80C6FD23777371A33CC1A02D2AF45181
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.......r........j....pHYs.................sRGB.........gAMA......a...#.IDATx..].`TU.=.M.d..R.%..{...*M...(.k..UDqw.U..]uuw]...H.^..RB...u..3...L2.2....}.d......0..#.0..#.0..#.0..#.0..#.0..#.0..#.0..#.0..#.0~.h.v..W..#..%....]..M....e..rA.iI.>q8...E......qI.Y...T. ...Hr..]..{.V;.....G...S.J.........Z.Y.6...(...Dv.%%l"`..`.%X...m...a...J.#...,.....G%..:]...I.^9z..-."#.......B...%(a..0:t.0.`<.@.K:?!G.@...42.`..%..X..\>z.3R..N..}.b..%..:A.N.B..>...d.H0X...C..H0"...,..m.EQ...t....N....Fi.v.Z"y#SE..U?M.....mv...S...T.[.7*.'.T.0<.,..E..%:.ce.Go..g...&G.U.A......;.m.E.k6...%..2.tt..#J.w...|X~.R)h.g.a...6.(c........U.UZ..$.1a.........Pq...+.%....`....p8.6..ZNoWl...8.....$.#.$I{.m4.+`.7...0..B...SC.e............2....;..E..A.H3.^.}.W..E..9.....).Bs.b....K.. .q....q. (...... ..........`.....*..s.........C s..6oJ..Q...F.I.&..Q.N;v..... M..~D..P..Z'Ga.<..{%.....<l...')....A..."..ATT..x.z.c..B...A.q.k.....;...M....0....5.6n.P.7.......w.(,.%..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2407
                                                                                                                                                                                                                                                  Entropy (8bit):5.148335532359029
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Uk73uxPuaasQ8+FQv2xfdleIileIjOmkRlYWBheIpJqqeGzeNeIp5eNeII64J:UDj+aOxf7KjiRlYWBxadt+t4
                                                                                                                                                                                                                                                  MD5:ACE11B7FDD8896AFE05BC6A25081BC72
                                                                                                                                                                                                                                                  SHA1:B1C2D5F41C3719AD8EDA01DC4B50602B35BEFB09
                                                                                                                                                                                                                                                  SHA-256:761ED2999CD3F6DB58CCBD00F3CF4874564C30E5B9E21DBD13501E909748FA68
                                                                                                                                                                                                                                                  SHA-512:69B07BB9CE7AE4FE71E93562E80D23410878820593D743634582F9B0FB4F2107B8B5FCCCC3F32B4BB0527B8ADB680CE3884533F2BED58943064F1C521E175721
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:body {.. margin: 0;.. font-family: "Open Sans";.. box-sizing: border-box;.. background-color: #FFFFFF;.. border: 0.833333px solid #BCC3CC;.. box-shadow: 0px 0.833333px 8.33333px rgba(0, 0, 0, 0.254218);.. border-radius: 1.66667px;.. overflow: hidden;..}....h1 {.. font-style: normal;.. font-weight: bold;.. font-size: 16px;.. line-height: 32px;..}....p {.. font-size: 13px;.. line-height: 16px;..}.....main {.. text-align: center;.. background-color: #ffffff;.. height: 220px;..}.....main-logo-container {.. display: inline-block;..}.....main-logo-container .img-wrapper img {.. max-width: 128px;.. padding-top: 32px;..}.....main-divider {.. display: inline-block;.. margin: 5px;..}.....main-description-container {.. display: inline-block;.. text-align: left;.. vertical-align: top;.. max-width: 295px;.. height: 100%;.. position: relative;..}.....main-description-container p {.. font-size: 14px;.. line-height: 20px;.. color:#000000;..}.....main-description-containe

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2529
                                                                                                                                                                                                                                                  Entropy (8bit):5.078446846524373
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cXTxBv26HCe8+DSSqoFbeIwEeIYuAXYgY:p8zFb1DgY
                                                                                                                                                                                                                                                  MD5:7DFFD407F62727E6E1D71AE78001CC1F
                                                                                                                                                                                                                                                  SHA1:D92F03545A15D360453E09679938EEEEEB8B5EEF
                                                                                                                                                                                                                                                  SHA-256:D1456E95B707A89DA12600233EE573004066B7A13CBCDE7FEEAB1CD43789DC08
                                                                                                                                                                                                                                                  SHA-512:3FA0C2E556EA1ED15962A6417643AFD35F389ED796D6C6B23BA4E06348456394F9C88995E14EC1897B7FDC1E0210858C92B8544748AA85B5D189DA099EBCC40A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\webadvisor\\wa-upsell-toast.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-upsell-toast-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\webadvisor\\wa-upsell-toast.js"></script>..</head>..<body on

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-upsell-toast.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11903
                                                                                                                                                                                                                                                  Entropy (8bit):5.080001554604501
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:80/PfJTvqz3NbDdvSNOsxyVVXMT2Opb6/0Q6w:JPfJTvECBxyHcTRA6w
                                                                                                                                                                                                                                                  MD5:44E2C89A41EF766119A1270F68A2BE83
                                                                                                                                                                                                                                                  SHA1:031169D58949342543F3F16A20897B7D127BE532
                                                                                                                                                                                                                                                  SHA-256:1B66F9F4A2EFA6564DFC205AF5EB78A1AB54DA5D156544AB677AD56B4407B0A3
                                                                                                                                                                                                                                                  SHA-512:0CBA3EE2670698FE27E07999392A04B4FC1CD3F3BAF255B7DF154F394B3A52E97BFC074C8A5EF4E60AF91218FE6FA3AB6E590A14599140AFDDE1558C35711FEC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.createUpellToast = function (toastData) {.. if(toastData.campaign && toastData.campaign !== 'none') return new ui.CampaignToast(toastData);.. .. if (!toastData || (toastData && !toastData.cohort)) return new ui.AvScanToast(toastData);.... switch (toastData.cohort) {.. case 1:.. case 2:.. return new ui.DirectUpsellToast(toastData);.. default:.. break;.. }.. };.... ui.extend = function (Child, Parent) {.. Child.prototype = Object.create(Parent.prototype);.. Child.prototype.constructor = Child;.. }.. .. // ----------------------------.. // Base Toast Object definition.. // ----------------------------.. ui.UpsellToast = function (toastData) {.. this.data = toastData;.. this.lang = wa.Ut

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\warning-icon-toast.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PNG image data, 47 x 46, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1793
                                                                                                                                                                                                                                                  Entropy (8bit):7.876784630522941
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:qaOARKiy6Zk/fIEJo8VsjZhQ78P49eiQgPO4sP/ulgafKd6c:/OATy6Zk/1x0TQg+wvPmlga1c
                                                                                                                                                                                                                                                  MD5:0649B7E9A67DE6931312BDB5BE3FA6D6
                                                                                                                                                                                                                                                  SHA1:285B792941D7CCB34ECC8749A367CAFE4A51D4B1
                                                                                                                                                                                                                                                  SHA-256:CBB5964B1888A95703984990FBC9C71448ACBA8A5E19BC0A96E626C2129F7E22
                                                                                                                                                                                                                                                  SHA-512:12B8E6C4F3EBFF51BA6CE1FE66D737461CD0C30F0B9E65443256886DDBF9E1518E3A26D9186CD8F2CA95EA09D35F910372558BE1C997073E0E26603C4DABC22E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR.../..........|p.....gAMA......a.....IDATh..Y]l.E....R....?.y.A@1.mi.)F.....#J.F.'..O.Q..#Q ......>hPH...X....b[b+..@.Q @....{w<g........W...9s.7...93C...7..e.b..\.d.....d!..'......G.....k...2.1J.a.6.1!.{.E.0..r...D.....I.5k.../.@..&QD.*j.oW.....6...}.2...\O..,..f...q....U...1.....Lf..U....bs....:.0!..?Q...j.e..;...X...qN.JM.[..../....=..2T....T?..VcR...qFl.._.T@.s...rP.....L...3!1...L.Z..xlh0.....Tr3..D..V......^.^..t.....3O.ED....8j8....k.E.`...{.>....v8...R...@.8.R_.. ..|&C..?.....rG..( .y....}.z.p.28w.....k..v.7.~.......7F|.. .@.8"..,..L...Q....7.a......oI*.z.f.{.j...`......}g.....!Y.... ..J2p..IJ...2...X..G8..Y.. N}..t...26.....M.._.....c...fs...{....)t[.,....e.&............t%.PX...W)..%..........t.`>.....7...H..s.CW..........u}.nS...~...&O..1...C}.....#..G.IH0.mjj(.._....M...=..C2..==..V&...~1..?...en..M...\.Q.%...B./.g.S...... .#.(....*..q...jb......p;../5.m.T..-...SE.h..(.|le...[.**!...=:TJ..!m..q2..CI.$

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\custom-checkbox.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):292
                                                                                                                                                                                                                                                  Entropy (8bit):5.419707792418915
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:KYCutJFlCutfwEr+gCutF3GHKllj3kkkQ+sCRXU2QcK0bJB0YndswRFOh:lCu77CuuSCu3TlljUkZ+sCRPQf0bJxng
                                                                                                                                                                                                                                                  MD5:2D4716CB6396867898E638FBED581C92
                                                                                                                                                                                                                                                  SHA1:CCE452A7EFED51B864DDFE0A67528BF9ED46A6E7
                                                                                                                                                                                                                                                  SHA-256:A4877EC3224DB3A15202C61314851CFD3F3AD571D5415A6FFC94418B98DB833D
                                                                                                                                                                                                                                                  SHA-512:5750EB789C2F648A6614E034C847177F2631628F61427C168141F4717814AA5BDB29A6EDEA730711E00593723BE863B13EBA4EDAA8E2DC7F029DE2C9DAEF5F1B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:input[type="checkbox"], input[type="checkbox"]:checked {...box-shadow: 0px 0px 0px 1px black inset;..}....input[type="checkbox"] {...accent-color: white;..}....//CF7A624574F35B686A76C33FBAA5D5626E68CB421789FDF19DC592634B8E15619F996FF07166DE1B52F3241BA149933E8DE73A28070A49845286C956C22317BB++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\jquery-3.6.0.min.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (65446), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):89637
                                                                                                                                                                                                                                                  Entropy (8bit):5.297773771322314
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:ejExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1vz:eIh8GgP3hujzwbhd3XvSiDQ47GKl
                                                                                                                                                                                                                                                  MD5:A64BAF7831B8FBBC144FCE258F8001E1
                                                                                                                                                                                                                                                  SHA1:13FFDDA846919FDC59679D1B125280F248929D43
                                                                                                                                                                                                                                                  SHA-256:AE6E5367B413CA6723DE305E5DCA0C0798802ED8D7173F8D54572AF32C724329
                                                                                                                                                                                                                                                  SHA-512:F27F2119AB74FF94F620E0D0158CB78D56D4907F5B7B82770A1D40F7C8AD8D55C891BC9ADC99777CC5FB6291A34A8DA372FDBE3F8937DECB87A8E7FD892DCCA9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}func

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-common.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (33246), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):658029
                                                                                                                                                                                                                                                  Entropy (8bit):5.645591473547629
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:L47MdRhPEceKr1GPHte7zA+0hungs74P2Ej4ITdJwuwvMaSPwCDVrxT6I9kO29Gi:BtvbIo/PWnPo
                                                                                                                                                                                                                                                  MD5:73749C67AB20082E7B11AA59ECAD88CD
                                                                                                                                                                                                                                                  SHA1:5260894A20670E0F2380166E929F76B9AAC1F626
                                                                                                                                                                                                                                                  SHA-256:21A4157938BAD6BA8759799F72725704270B9C49D90097FB7F7E45FF0543E841
                                                                                                                                                                                                                                                  SHA-512:561A0E1BD2ACD1FE4F4790054F6BB45DEC7394417F2AD79323ED1B96D7DE2DD5537F2A1C3D568B7192FE9E262FFCBA1DFA46DFAC9F943B6EAF4B39FAA678BFC5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Open Sans Regular */....@font-face {.. font-family: 'Open Sans';.. src: url(data:application/font-woff;charset=utf-8;base64,d09GRgABAAAAAGEsABMAAAAAsTAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAAABqAAAABwAAAAcbEIkOkdERUYAAAHEAAAAHQAAAB4AJwDwR1BPUwAAAeQAAASiAAAJmCwaFlhHU1VCAAAGiAAAAIEAAACooF6Ikk9TLzIAAAcMAAAAXgAAAGCg5ZlGY21hcAAAB2wAAAGGAAAB2s9AWKBjdnQgAAAI9AAAAEYAAABGE1sNN2ZwZ20AAAk8AAABsQAAAmVTtC+nZ2FzcAAACvAAAAAIAAAACAAAABBnbHlmAAAK+AAATOAAAJGkMGdKhmhlYWQAAFfYAAAAMgAAADYJip5GaGhlYQAAWAwAAAAfAAAAJA9zBj9obXR4AABYLAAAAjcAAAOm2kNYqmxvY2EAAFpkAAABzAAAAdZ4GFVubWF4cAAAXDAAAAAgAAAAIAIHAZduYW1lAABcUAAAAgcAAASAUcWdxHBvc3QAAF5YAAAB7gAAAt15xIzucHJlcAAAYEgAAADaAAABfLpWDR93ZWJmAABhJAAAAAYAAAAG7JdVfgAAAAEAAAAA0WhVmAAAAADJNTGLAAAAANGknRZ42mNgZGBg4AFiMSBmYmAEwpdAzALmMQAADaEBGAAAAHjarZZLbFRVGMf/M51hxoKWqtH4CBoyNrUGjQ1J27GwatpaDZZpi4MOig/iAkJCY0hMExaFgbgwIQYrOTxqCkyh0FmQUpryMkxXLNzhaW3jyuVJV8QFIY6/c9sp4EjVxHz55dw597vf43/OPXMVklSpbn2qSEvru916/rOvenep5oveHTtVv+uTL3droyL4qFiU9/0316GdO3p3K+6vAiIKB2NcoXh

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-core.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):24151
                                                                                                                                                                                                                                                  Entropy (8bit):5.1621785675529
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:ZHbw3tcalAiF0+6ycdaYiY+JiZ0DmrhiWbYM4veoX0qLv5Ms9X+95Synwn2:ZHbw3tcalAiF0+6ycdaYis0DmrhnbB4q
                                                                                                                                                                                                                                                  MD5:FEF95AACA6FE669CF114CB9E796BD485
                                                                                                                                                                                                                                                  SHA1:D9B8B9E986031F12519E275D6249A139CBF9F8C1
                                                                                                                                                                                                                                                  SHA-256:E5FC3A4451EDF51FC28AB4019EA75BE0A4A411DF26FE2BFD2B0BC9F5D7465712
                                                                                                                                                                                                                                                  SHA-512:0A368EE1F64986DD88D0B5AC470FCAD51E23799779304A457D871DD2380C364537D14EDA23DDD52258B54EDA4D7B83A596FB1AFDB04E61CC8FFCD2611105D625
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Core */..(function (wa) {.. var core = wa.Core = wa.Core || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External;.... //Component.. core.Component = function (name, status, key) {.. this.name = name;.. this.status = status;.. this.key = key;.... this.isIgnored = async function (key) {.. var isIgnored = false;.. var startIgnore = await this.settings.get("startIgnoreDate" + (key || this.key));.. var ignoreDuration = parseInt(await this.settings.get("ignoreDuration"));.... if (startIgnore && ignoreDuration) {.. var today = await this.settings.getToday();.. var startIgnoreDate = startIgnore.parseBasicDate();.. isIgnored = today >= startIgnoreDate && today <= startIgnoreDate.addDays(ignoreDuration);.. }.... return isIgnored;.. };.... this.isInFixGracePeriod = async function (key) {.. var inGracePeriod = false;.. var gracePeriodStart = await this.settings.get("fixGracePeriodStartDate" +

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-checklist.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7998
                                                                                                                                                                                                                                                  Entropy (8bit):4.696692835387019
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:j8KiNn2zKMXjRIQIeTZmY2OToGF/8OJISRjla0mo9SWLpmUtpdcSbFn4VZ:IKiN2zKgyTeTEZzSRjg0jScmcdvMZ
                                                                                                                                                                                                                                                  MD5:D9975E21D059E90A256B00C48E4FDD54
                                                                                                                                                                                                                                                  SHA1:44A68F5CAF5326CD90BAB396C93EBD29BC2CC098
                                                                                                                                                                                                                                                  SHA-256:CD6D29FFFBDB412347D51D29D27DD7BDECAA05D85B01134BE1FBC2F9BBE4DEB2
                                                                                                                                                                                                                                                  SHA-512:476AD8B1E514027C0B565D723F606A14B5AAF4E901132698B1BC661C8E73DC2D7170FF258494FA5C2D626CF0EB1DE170D0B7DDD7767DB1C39C47B0E13DEF6B66
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* CheckList UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.closeDelayTimer;.. ui.CheckList = function (options) {.. var el = {.. $checkListWrapper: $("#wa-checklist-wrapper"),.. $checkList: $("#wa-checklist"),.. $messageWrapper: $("#wa-message-wrapper"),.. $message: $("#wa-message"),.. $messageImage: $("#wa-message-img"),.. $closeWrapper: $("#wa-column-four"),.. $close: $("#wa-close"),.. $logo: $("#wa-column-one"),.. $state: $("#wa-column-three").. },.. checkDomLoadedInterval,.. animateDurationInMs = 400,.. self = this,.... setState = function (options) {.. el.$state.. .html(options.state.template).. .addClass(options.state.css);.. },.... setMessage = function (options) {.. el.$message.. .html(options.message.text).. el.$messageImage.. .html("&#187;").. },.... setBorder = function () {.. el.$checkList.css({..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-ui-dialog.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3536
                                                                                                                                                                                                                                                  Entropy (8bit):4.494740738337656
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:kZGJ5nzQQenlzN1vylhovKKHNLzpCZjeVBXfoil:kZ8W0v8RHNLlCZjoJfoil
                                                                                                                                                                                                                                                  MD5:5D2C7932D8D84AD6EF65BEFD0036BD93
                                                                                                                                                                                                                                                  SHA1:E1AB00696037F650159A8E22311C93FB7B760B49
                                                                                                                                                                                                                                                  SHA-256:3B752C707A77973161B5746A73CDB59839541A2BEEC7797336981964FA4D9A1B
                                                                                                                                                                                                                                                  SHA-512:743A3109C00D503B32D93C054532F0FE23506A3D5747E44CDF3294ED9E0F42682E631AE0FD32D2B00E675B5C202F0CFF89C12D7CAF6627276C67A8FBCE2A637B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Dialog UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.... ui.CheckListDialog = function (options) {.. var animateDuration = 400,.. el = {.. $dialog: $("#wa-dialog").. },.... create = function () {.. clearDialog();.. createHeader();.. createContent();.. createButtons();.. },.... createHeader = function () {.. if (options.header) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-header",.. html: options.header.html,.. tabindex:"0".. }).addClass(options.header.css));.. }.. },.... createContent = function () {.. if (options.content) {.. el.$dialog.append(.. $("<div>", {.. id: "wa-dialog-content",.. html: options.content.html,.. tabindex:"0".. }));.. }.. },.... createButtons = function () {.. if (options.buttons) {.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\builtin\wa-utils.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):18974
                                                                                                                                                                                                                                                  Entropy (8bit):4.474059874801466
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:BZwBjF3z+j5csy4h11lidEaCa3z4T2EW85xzC2Rvbat2ReY9c8o9OmFfRo:WJyj5csy4DIE3mUTRbzC2RvbaLU
                                                                                                                                                                                                                                                  MD5:6FA876B654EE2577A67E2F9BAFE775D8
                                                                                                                                                                                                                                                  SHA1:C84A3C671AE1202EF60E5FA586D5E954EC6053EC
                                                                                                                                                                                                                                                  SHA-256:C5342CE6CF56B39FE98D72178DC2ED431FEE3FE94116D775E175E473DC74345B
                                                                                                                                                                                                                                                  SHA-512:9AF6AEDAD9291C38266BA724900FD32A2D9834A6A3EB855984E66AD3950ADB00979B692F2C67ECAEEC3347A1DE42FC8F6C589F3FBFEF491412A06CAA33763B64
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Utilities */..var _langResources_ = {.. checklist: (typeof _lrCheckList_ !== "undefined") && _lrCheckList_,.. options: (typeof _lrOptions_ !== "undefined") && _lrOptions_,.. shared: (typeof _lrShared_ !== "undefined") && _lrShared_,.. uninstall: (typeof _lrUninstall_ !== "undefined") && _lrUninstall_,.. sstoast: (typeof _lrSecureSearchToast_ !== "undefined") && _lrSecureSearchToast_,.. install: (typeof _lrInstall_ !== "undefined") && _lrInstall_,.. webboost: (typeof _lrWebBoost_ !== "undefined") && _lrWebBoost_,.. waiff: (typeof _lrExtensionInstall_ !== "undefined" && _lrExtensionInstall_),.. ut: (typeof _lrUpsellToast_ !== "undefined" && _lrUpsellToast_),.. overlay: (typeof _lrOverlay_ !== "undefined" && _lrOverlay_),.. newTabToast: (typeof _lrNewTabToast_ !== "undefined" && _lrNewTabToast_),.. ssToastVariants: (typeof _lrSSToastVariants_ !== "undefined" && _lrSSToastVariants_)..};....(function (wa, lr) {.. var util = wa.Utils = wa.Utils || {

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\mwb\wa-controller-mwb-checklist.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8697
                                                                                                                                                                                                                                                  Entropy (8bit):4.951690631753836
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:O4n4gMn8LeQ1EU/AsS3zwgPSQyg8qifxE74:p4gMns4sS3znPS08qifxf
                                                                                                                                                                                                                                                  MD5:AED77490021932F6B70456B419E4EC72
                                                                                                                                                                                                                                                  SHA1:D9E2FB4DE3CA0BA2E8782DA5B12DE9BA2C87F6EC
                                                                                                                                                                                                                                                  SHA-256:0A46965A67D037DF02D66FA8159FF59222168C8111FBE47BC2A580FB0AFF80B1
                                                                                                                                                                                                                                                  SHA-512:53F978177BB2D4EA5217DAB4D4C2B77769829A307E26F271B8690803591DD13E4D66FEF45D563C92785C53E8E313CD38CD9305EDD0B2851CE3B7CEF1730A7C3A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* MWB CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.WEBBOOST).get,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. var self = this;.. var browser = ""; .. var wbShown = "WBShown";.. var wbLastShown = "WBLastShownDate";.. var installDir = "";.. .. this.update = function () {.. _window.ready(async function () {.. var args = JSON.parse(await _external.getArgument("template_args"));.. var isInitial = false;.. browser = await _window.getBrowserType();.. browserCode = await _instrument.getBrowserTypeCode();.. installDir = await _external.getInstallDir();.. if (browser === "FF") {.. wbShown

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\mwb\wa-mwb-checklist.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2613
                                                                                                                                                                                                                                                  Entropy (8bit):5.121215845258046
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3Ox0xsUa3l363kKk+kUTkikfE5CYqOcqe5QORDnyJ1:32ExqOcq6Qq61
                                                                                                                                                                                                                                                  MD5:A9719DF99058DE7B9A3C2532EB09E14D
                                                                                                                                                                                                                                                  SHA1:C55C96C03CFE3C1C2C4FCF12E5648AAE806A0BAA
                                                                                                                                                                                                                                                  SHA-256:408CFD06FBA64B9EFCE52CD726D87BF72566E02A5F0303386655EC415DDABBF2
                                                                                                                                                                                                                                                  SHA-512:993DCD65384820427CE60342BFEC51EAFD5EAA578F14CDDF5EA04A5B3459DEB511784B0C99EA797E274EF9CEB8A725E30ADE067465268E544F12F0604E4902AA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-webboost-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript"

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\nps\wa-controller-nps-checklist.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with very long lines (452), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):23452
                                                                                                                                                                                                                                                  Entropy (8bit):4.486451361086621
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:CYEzX7WKmfpGz5C6ylu6MJcDoGeDbC95Qm9o:3e7WL8E6+1o
                                                                                                                                                                                                                                                  MD5:E95C637128E017EA2A4AF08D44B02E66
                                                                                                                                                                                                                                                  SHA1:84A69536E25FDBE2218C86F2B8B3B821BDAEDA9E
                                                                                                                                                                                                                                                  SHA-256:F99EB95CF9F86CB0F18A1299370C836CEBCB34E37FF311FF080A7DCD2BD2B181
                                                                                                                                                                                                                                                  SHA-512:62BD4C127538C0163C33761C9AE99E4EDEC6127BFFFDD09B73173DC8828F792AA68E92EC075A0D857371878D87260E5515A50E4E314753669B7E1B0DD322AAED
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* NPS CheckList Controller */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.. var browserCode = "(unknown)";.... ui.CheckListController = function () {.. var self = this;.... this.update = function () {.. _window.ready(async function () {.. browserCode = await _instrument.getBrowserTypeCode();.. var args = JSON.parse(await _external.getArgument("template_args"));.. if ((await $(window).height()) >= 630) {.. self[args.commandName]();.. } else {.. _window.close();.. }.. });.. };.... this.showNPSSurvey = async function () {.. var html = "";.. html += " <table style=\"border-collapse:collapse;width:450px; height: auto;font-family:Open Sans; color:#53565A;border:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\nps\wa-nps-checklist.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2422
                                                                                                                                                                                                                                                  Entropy (8bit):5.097939445435896
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3kx0xsUl363kKk+kUTkikCCFqOcqehQORDFqO:OiqOcqiQqJv
                                                                                                                                                                                                                                                  MD5:EF1F2F2A4F1E96C065B1B0D237291851
                                                                                                                                                                                                                                                  SHA1:3DA097A79E96CF3162A5503C8647D534180AB62C
                                                                                                                                                                                                                                                  SHA-256:38576E0580D66E40794BE57ECC724501518B7AD70248DA28EB4D2F27DB9C8537
                                                                                                                                                                                                                                                  SHA-512:4066145B54767FC1DA99798BA924259EBB344AA1300B1B7781BB5001476910E341E901922964FD590FA2C7178CA33142C450F12E0F36CF207FD548FF8D02931C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\bu

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5551
                                                                                                                                                                                                                                                  Entropy (8bit):5.146817311828136
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:xs0xQiszL7IsF7IaDNG9ag8sMfgm2bpxu0sHKJxMzuGFqrKEGZI7H3nJaPsC6L3:xsrr5AlNxbbMM5JaUdL
                                                                                                                                                                                                                                                  MD5:F325FDBFF6093DD39C3810F4FD42D39B
                                                                                                                                                                                                                                                  SHA1:FAD74E77575EA06EA0CEA03215F99B3547171C90
                                                                                                                                                                                                                                                  SHA-256:FFCA4F1251360DE3F09303B403B0343EFF5E70A9279EF751CEE74FADCEB0D479
                                                                                                                                                                                                                                                  SHA-512:99C8C24C3249C5A4144F7B46ED46E3CC572BBF4AAAB34C969F0F706F9A321DB7A47A5277B14C45BB1DC1041F70CFC358950E5711E2EC8C8F19A276ECFBE2662F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;.. user-select: none;..}....#dialog {.. display: flex;.. width: 761px;.. height: 565px;.. background: #fff;.. border-radius: 24px;.. border: 1px solid rgb(0, 0, 0, 0.12);..}....@media only screen and (min-width: 700px) and (max-height: 500px) {.. #dialog {.. width: 730px;.. height: 422px;.. }..}....@media only screen and (max-width: 600px) and (max-height: 350px) {.. #dialog {.. width: 547px;.. height: 306px;.. }..}....#card_layer {.. background: transparent url('file:///[WA_FILES]/mfw\\packages\\builtin\\wa-sstoast-toggle-rebranding-grass.png') no-repeat 0% 100%;.. background-color: #FAFAFA;.. width: 530px;.. background-size: 220px;.. border-radius: 24px 0 0 24px;..}....@media only screen and (min-width: 700px) and (max-height: 500px) {..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2274
                                                                                                                                                                                                                                                  Entropy (8bit):5.282371415143711
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:5srbbqNax+k+CQ0NVMzWWrVMzLKWrVMzQ0VMzQeVMzQ+k+2VMzQdk+yjVMCpHgke:qaaxily363k3k5kEk2aCNXpGtgSTCw
                                                                                                                                                                                                                                                  MD5:4B8CE6B0361D3260931A847BD4F1B074
                                                                                                                                                                                                                                                  SHA1:F4DC5C22B8FD998A02EC41E205EF839BA1286E79
                                                                                                                                                                                                                                                  SHA-256:757CCD546E4E9D48537EABBC3EB1180090D33413E8BF8A17445D15ECC328184C
                                                                                                                                                                                                                                                  SHA-512:BC2D11445EC9467612CBF291495F55DB495761BAAD15AF48D019BDF8D8E4F800A469E1DC8CA8895C6F8FD88D1250EBE467298308D11962B7068ADA102597AF27
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/mfw\\packages_web_view\\webadvisor\\edge_onboarding\\edge-ext-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="fi

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge-ext-toast.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5437
                                                                                                                                                                                                                                                  Entropy (8bit):5.109883294557674
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:lAGmLlBEdl33zgfgD6vMHEJAbePrENba+wlZXoGc:lAGmLlBEdl33zgfgD6UkuarEM7lZXe
                                                                                                                                                                                                                                                  MD5:71774B8D7B4F59FDD9082DD5CC733DF5
                                                                                                                                                                                                                                                  SHA1:F21129E2B6B0366D9F8DC038FDCE21DB1835052D
                                                                                                                                                                                                                                                  SHA-256:575A60606003382D7DAD2D57B949EF3F21E067837322BB342442AC40B1F85374
                                                                                                                                                                                                                                                  SHA-512:42ED300968C25B98976BD20A25433D2E8B68D54B9EC9DA13819E23EEE1787F0B580B3B9B7DB26035F6FC3D1463EDB6F3FA39350DB22AF789744E15F9CEC4047A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var toast_variant = 0;.... var newToastDimension = [.. {.. width: "761px",.. height: "565px",.. toast_type: "EdgeOnboardingControlToast".. },.. {.. width: "730px",.. height: "422px",.. toast_type: "EdgeOnboardingLargeToast".. },.. {.. width: "547px",.. height: "306px",.. toast_type: "EdgeOnboardingSmallToast".. }.. ];.... var $el = {.. checkboxInput: $("#set-web-protection"),.. title: $("#title"),.. desc: $("#content p.desc"),.. featureName: $("#feature_name"),.. featureType: $("#feature_type span"),.. featureDesc: $("#feature_desc"),.. doneButton: $("#done_btn"),.. closeIcon: $("#close-icon").. };...... var stringMap = { // check for correct string.. InfoTitle: "S

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_onboarding\edge_onboarding_telemetry.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1753
                                                                                                                                                                                                                                                  Entropy (8bit):5.108114143576874
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:VUV7NSU6+ra+pbXa6oNLwghRo7Atzn4XAQj0+NyKVKcEZJ4fFh:VUVC2a63gxtzn20KIp8
                                                                                                                                                                                                                                                  MD5:51712199DE87F566F578FEF3CB0D90AD
                                                                                                                                                                                                                                                  SHA1:0F9196E6CAF180D2AA385D81278FA8CAF4CACC58
                                                                                                                                                                                                                                                  SHA-256:A0688E2DB7902B91E40605BD499AA4370B237B4059A94D812B64EF4970956699
                                                                                                                                                                                                                                                  SHA-512:6EBBA4DEFFE91B2D6E58F34C06ACE59AA53D2279A92E68A3576D369D244C2B444EB016D6FB4039E8903CB657BE54EFCC863455498FA6F15681BD343015698A30
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:const send_onboarding_event = async function (action_type, ui_type, toast_style) {.. chrome.webview.hostObjects.wa_external.log("edge_onboarding_telemetry.js: send_onboarding_telemetry function");.... try {.. let browserCode = await window.WebAdvisor.Utils.Instrument.getBrowserTypeCode();.. browserCode = browserCode.toLowerCase();.... let isImpression = action_type.toLowerCase() === "impression";.... let closeBtnEnable = await chrome.webview.hostObjects.wa_external.GetSetting(false, "1", "edge_onboarding_close_btn_enable");.... let metadata = "close_btn=" + Number(closeBtnEnable);.... let toast_dimensions = String(await window.WebAdvisor.Utils.External.getScaledWindowWidth()) + "x" + String(await window.WebAdvisor.Utils.External.getScaledWindowHeight());.... let scale_factor = await window.WebAdvisor.Utils.External.getScaleFactor();.. scale_factor = String(scale_factor.toFixed(2));.... metadata = metadata + ",toast_size=" + toast_dimension

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1497
                                                                                                                                                                                                                                                  Entropy (8bit):5.177183687065216
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:xmp5UEWZR78xQ/0elV7k1Ze+fkMFE1g60q30iTxhxs4P0Fu0xx0j000sT06bw0SX:xmp5UEWZp8xo0uOuHMFYg60q30Mx70Ff
                                                                                                                                                                                                                                                  MD5:611F755587781C3F7172053EAAF62428
                                                                                                                                                                                                                                                  SHA1:7A9F9AB01DC784055DE944C783B2EAE4578D25A8
                                                                                                                                                                                                                                                  SHA-256:08BDDD8B53C03EE7B476219CB6AE4B190390C5933F1C71EB13DF696A0E14BCDA
                                                                                                                                                                                                                                                  SHA-512:223FBD0C24514977271A67655C58D0E48F008B2A19F4630992F222653F25B7E0E24BA991698D36334AC11BD745CB997A4ACE356C36F4FF6AC726CD1BAB59F5BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}.....main-container{.. width: 656px;.. height: 392px;.. flex-shrink: 0;.. display: flex;.. flex-direction: column;.. position: fixed;.. bottom:0;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.. align-items: center;.. padding: 0px 35px;.. border: 1px solid #B2B2B2;..}....[class*="flex-item-"] {.. display: flex;.. align-self: center;..}.....main-container .flex-item-1{.. justify-content: flex-start;.. align-self: flex-start;.. margin-top: 32px;..}.....main-container .flex-item-2 p{.. color: #212934;.. font-size: 20px;.. font-style: normal;.. font-weight: 700;.. line-height: 28px;.. margin-top: 14px;..}.....main-container .flex-item-3{.. margin-top: 34px;..}.....main-container .flex-item-4 p{.. margin-top: 32p

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3066
                                                                                                                                                                                                                                                  Entropy (8bit):5.332471412938537
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:wjRaxDlg+3kKk+kgkaCm5wEsCILQq5wEsCI2A5wEsCIIK17gHx:wjKdsT/dsTdsAjx
                                                                                                                                                                                                                                                  MD5:157F08E078E9DD766F030F41C790EBE7
                                                                                                                                                                                                                                                  SHA1:BF3E85E363822B2FBB820C71512CE07DA0AD4906
                                                                                                                                                                                                                                                  SHA-256:78ADC215E8C7C827770BF57BEFB0F334ABA5088CD91F09F7FB1A9DC755617562
                                                                                                                                                                                                                                                  SHA-512:3D1A1F4E8233C898B20ECF89AE9C41C870274871E43ED2F7781461960D9DF17D08F72C618A0725344E275ACDA1B3A9BC0583081460A5B4B061957E390A840EBB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>..<head>.. <title>SecureSearch Score Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap" rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\edge_search\\edge_search_ext_coachmark.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.js"><

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\edge_search\edge_search_ext_coachmark.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3859
                                                                                                                                                                                                                                                  Entropy (8bit):4.878022296204829
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:xe04JN7xWXXZ8NQK8E3NQKbk/5XNmsN4qBNINHN4qPdFe2FX1YYtuK1H6ItuNn1w:EPoHvOGX67qPqP2k1xafsmWY06NQj
                                                                                                                                                                                                                                                  MD5:1DE8953C2AC270FB6F535EB32E9AF1A3
                                                                                                                                                                                                                                                  SHA1:D50A40A2EBDBBC4A3AE77F3B397D77FE13E34D09
                                                                                                                                                                                                                                                  SHA-256:9E41A5D6A23999D3694AB0603D49F373F20F7E2D8E3A87AC036735FCD5B09F08
                                                                                                                                                                                                                                                  SHA-512:962E479515D656EF9961286EFC373774DF1E45020DBAA376B09944D2ACCB4E99919CEC62FB9FAFB97091D0E2687C5F5013C52D911F690CF5674ED04F47CCD549
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* SecureSearch edge monetize phase -2 */..(function (wa,$) {.. let ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _external = wa.Utils.External;.... var browserCode = "(unknown)";.. var provider = "Yahoo";.. var windowHeight = 392;.. ui.SecureSearchTooltip = function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. show = function () {.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("ready: begin");.. .. _window.setWidth("656");.. _window.setHeight(windowHeight.toString());.. .. let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.OVERLAY).get;.. .... chrome.webview.hostObjects.wa_external.log("inside ready");.... var json_to_parse = await _external.getArgument("overlay_data");.... chrome.webview.hostObjects.wa_external.log("after getting overlay data");.... if (!json_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-overlay.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1725
                                                                                                                                                                                                                                                  Entropy (8bit):5.462790400312901
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:+swDxNxulQeNVMr0+WrVMrLKWrVMrQzVMrQXVMrQdpVMCrNM/QoguKORMEyV8QQQ:NOxNx1/Y+3i3cKc+cGCEQgKy/Gn
                                                                                                                                                                                                                                                  MD5:3164B1C1FE786BB558D64B2B731FA9AC
                                                                                                                                                                                                                                                  SHA1:17FD4EF13F15A437F21675EC0F4A668B89F3CB55
                                                                                                                                                                                                                                                  SHA-256:78036339FA65DD3E227C546D7CECC65732997BE2FFD646FA8501F16F2B3BE4DB
                                                                                                                                                                                                                                                  SHA-512:0ADBF9FF8C976DFF567006F3B0D7620AD586E0C26BF40F8D1390A7579E294D2BD933DD319628467ECC9F9689BEF9F5760278CDBA25F6DBCF15FC7599AB0D2B86
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\new-tab-overlay.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-overlay.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4111
                                                                                                                                                                                                                                                  Entropy (8bit):5.089069563471304
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:T0AmdonK4uoOPV1PixEeB0NufP9SdaQbXkT:AATK4bs/jeCQS9bXS
                                                                                                                                                                                                                                                  MD5:C0E7D1F5C34B168AF3F023074148C393
                                                                                                                                                                                                                                                  SHA1:C4ECEEE78EF1575254E88EC8CAA0168A3C561A06
                                                                                                                                                                                                                                                  SHA-256:F5170E917D7EEC60A2B61B3DB2673E703AA5EAA400325AD0A8DE8E9FDBB81C00
                                                                                                                                                                                                                                                  SHA-512:0220A34135BB37A62ED5D6953359F5A89ED7A8CF00BB4B962BC690E0A8D1FB84E7B056A6454DB9EC2619D21C9D55D68541C4F4E171B028150ACBC6BF01D27FB7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {}),.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. content1: $("#wa-dialog-balloon-content-1"),.. content2: $("#wa-dialog-balloon-content-2"),.. arrow: $(".balloon-chevron"),.. },.... show = function () {.. _window.ready(function () {.. var settings = JSON.parse(_external.getArgument("overlay_data"));.. var overlayType = Number(settings["overlay_type"]);.. var extensionType = Number(settings["extension_type"]);.. .. // Polyfill of isNaN for IE version < 12;.. Number.isNaN = Number.isNaN || function isNaN(input) {.. return typeof input === "number" && input !== input;.. };.... // Validate toastCount is valid;.. if (Number.isNaN(overlayType) || Number.isNaN(extensionType)) {.. _window.clo

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2178
                                                                                                                                                                                                                                                  Entropy (8bit):5.349457866120589
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:NOxNxj/U3i3cKc+ccWCCFAf2PKqAqIMImqIuap:cUiJJmzTp
                                                                                                                                                                                                                                                  MD5:2EFE24107B628FAEE2A511BF34E4B606
                                                                                                                                                                                                                                                  SHA1:935ECF23A55CBFEDFF82596BFCAA66BC103ABE27
                                                                                                                                                                                                                                                  SHA-256:FA42C8683189A575181694258C07728530515E76249E6FC1B995612E2855DF89
                                                                                                                                                                                                                                                  SHA-512:532A633CC7B7B60753247B96C7A777F2913D2772B3797FB13399267F330DA98BBB7A94F38D4B6DDC24ECC882992BF4A1B292E734994F1055279ED2EE77A9FAD7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\new-tab-toasts.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\new-tab-res-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="fi

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\new-tab-toasts.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3521
                                                                                                                                                                                                                                                  Entropy (8bit):5.180727388265894
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:m5Y7fVMKxAX955IGIyy8CJ/Z1gu0VKz1hauWSvA8Nb0w4SVzz2eE/NXkfpRC2n:n3AXKffHguIKz1hauWSD0WVf2bXkBjn
                                                                                                                                                                                                                                                  MD5:E78A327457AB6F478909AE11B6AA398E
                                                                                                                                                                                                                                                  SHA1:76D2E940CD73ED9B8FD4BEEBC2E607730A03FC67
                                                                                                                                                                                                                                                  SHA-256:AF69802AB92BCB8ACE0B56A4E0AF914179C370E083E4D2821F5C4A8E9972F25C
                                                                                                                                                                                                                                                  SHA-512:97059E7855FE3DA5A2FCBB912DFAA4EF91E95FCC6CA810A8F7837682A8EEDD5A1376BAF3F10905345ED57F9FFCC48A49E6C1D649E7B9074AF34B232963D3A829
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = (wa.UI = wa.UI || {});.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. balloonCard: $("#balloon__card"),.. headerText: $("#content__text-header"),.. contentText: $("#content__text-description"),.. acceptBtn: $("#content__actions-accept"),.. declineBtn: $("#content__actions-decline"),.. };.... show = function () {.. _window.ready(function () {.. var payload = JSON.parse(_external.getArgument("overlay_data"));.. init(payload);.... _window.show();.. });.. },.... init = function (payload) {.. var lang = wa.Utils.Lang(wa.Utils.Lang.ResType.NEW_TAB_TOAST).get;.. var toastCount = Number(payload["toast_count"]);.... // Polyfill of isNaN for

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1454
                                                                                                                                                                                                                                                  Entropy (8bit):5.2497348247434195
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:xmp5UoZRqxQpxVYHhLcY39U0M+mtFl2zZRVchpKIjvVCfnvv/UQsUMmxSlSh:xmp5UoZwxDHF3uBjFloZKY+YfnHcQeUB
                                                                                                                                                                                                                                                  MD5:A1E5FF65EC605AC3076849A6ED7EAEF2
                                                                                                                                                                                                                                                  SHA1:D333E828330CBB2327FA768507825E3F7035C059
                                                                                                                                                                                                                                                  SHA-256:F82FB767EF7DEA81E368C18BDDF7DA2927B177228F654A77C6361973EBB5CCE9
                                                                                                                                                                                                                                                  SHA-512:414AC9AA25742B7F21625619A756084308FD78BC27491F2319F3D84861A68D877C7AE461226B77E274E7CD710314147B96DA7EE7658E672216CBAF3E461D5AFF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...balloon {.. overflow: hidden;..}.....balloon__card {.. position: absolute;.. right: 55px;.. overflow: hidden;.. box-sizing: border-box;.. background-color: #FFF;.. border: 1px solid #E6E9F0;.. border-radius: 12px;.. height: 200px;.. width: 328px;..}.....card__content::after {.. content: ' ';.. clear: both;..}.....card__content {.. padding: 16px;.. height: 100%;..}.....content__header #wa-logo {.. height: 13px;.. position: relative;.. top: 2px;..}.....content__header #close-icon {.. float: right;.. cursor: pointer;..}.....content__text {.. margin-top: 12px;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-weight: normal;.. font-size: 14px;.. line-height: 20px;.. color: #5A6175;..}.....content__text:last-child {..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1940
                                                                                                                                                                                                                                                  Entropy (8bit):5.410078627773085
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:+s8xMxdARQXNVMr0+WrVMrLKWrVMrQzVMrQXVMrQdmVMCuedmlOK+uEralXRMSuL:N8xMxtUY+3i3cKc+cjCX6OK+punmQaeu
                                                                                                                                                                                                                                                  MD5:6F797D96229BE64F47C8813AB3EA57FE
                                                                                                                                                                                                                                                  SHA1:16062B184CF56864EC259FD67CEC27D4341C4FAF
                                                                                                                                                                                                                                                  SHA-256:E77D78C0F07B62BA4548E82A3D4D8975688E2CA74D44DF56724EBAAFDCF262EB
                                                                                                                                                                                                                                                  SHA-512:F41A9879F26E7A705BD3B5602997EBBF3CC781C13E19C1FEFEDBC5F8F7C51644D323FB4CB644732D7EE85015643242E4DED0D5B8D276B82AA7839B6D10A10714
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ch-store-overlay-ui.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ch-store-overlay-ui.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3096
                                                                                                                                                                                                                                                  Entropy (8bit):5.135378216883125
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:h4D7pOA4nDWFkTpGgWqbV9afhPkDYOEbV3R0GYmk/5LiMCH2qJoNmgxbV9afhPk2:cMA4qOfV9WqxEz0TnMTJoVV9WE6KGXt
                                                                                                                                                                                                                                                  MD5:0293396E4256CBDCFDE5D5331DC3851B
                                                                                                                                                                                                                                                  SHA1:9E3CF1DE3467C46FF083B82B945861DE5D7BDDEA
                                                                                                                                                                                                                                                  SHA-256:23A04AF788D0D9D1A1D801B03610C09B031F35597AC07F13222AEF5C14FD403E
                                                                                                                                                                                                                                                  SHA-512:DF62BAD0201C81C34796C6FEF8942EEE6B451E1993E2A2F3274CA21BAE9CC14DA06F8DD35BFC6B7F4D7316F0D09517421EA2461CE8371BDEDB687B12DD1C5128
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var $el = {.. contentText1: $("#content__text-1"),.. contentText2: $("#content__text-2"),.. closeIcon: $("#close-icon"),.. };.... let browserCode = "(unknown)";.... show = async function () {.. init();.... _window.show();.... browserCode = await _instrument.getBrowserTypeCode();.... //Send Telemetry 3.0 for dialog balloon.. var screen_flow = browserCode == 'FF' ? 'firefox' : 'introduction';.. var hit_screen_id = browserCode == 'FF' ? '300.1.2.1-windows-onboarding-firefox-webpage' : '300.1.1.1-windows-onboarding-introduction-coachmark';.... var analyticsEvent = {.. _event_name: "wa_onboarding_balloon_impression",.. hit_label_8: screen_flow,.. hit_label_18: "Onboarding

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-checklist.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2368
                                                                                                                                                                                                                                                  Entropy (8bit):5.135586629622516
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3kx0xsUl363kKk+kUTkiktCCv/enQORDuwJDEk5N:OGv/WQqKw+k5N
                                                                                                                                                                                                                                                  MD5:8B8A2F738C925E8CF792B97854950F7E
                                                                                                                                                                                                                                                  SHA1:175BA8DC8CA477A517405CD67FA632F59C1B255E
                                                                                                                                                                                                                                                  SHA-256:082927BAEAD7385FC7BF98B5497658B405744F9E4421356FECF1312B9D74955F
                                                                                                                                                                                                                                                  SHA-512:F70C03032489B321767075E8A6761B9EDECBA5012EA583F83B229B14228C3409121075FA16F90E1AD1FA53ED95932AFB8D32A8EFE6DC6E2A6FB40F306D7274F5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-checklist.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\bu

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-controller-checklist.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (333), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):17148
                                                                                                                                                                                                                                                  Entropy (8bit):4.756841654795562
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:cD7PaE5btDT2o1Cm+kYNTth/6x5o+72vY4PWrRd4ZJ2W:Y7PaE5b1T2o1CzksTy5o+7GRP04ZJF
                                                                                                                                                                                                                                                  MD5:8900B6AB2089AE5774987D76655D8BE6
                                                                                                                                                                                                                                                  SHA1:69ECD3D2804A851B31DCD0FFB33BBEA16E096D01
                                                                                                                                                                                                                                                  SHA-256:1D861BB309062425023ADD79D8F8B7AF496A6DC3670D17B63B011DC32128F240
                                                                                                                                                                                                                                                  SHA-512:0ADBCB7735F1A186D1427EDAC231A109EC7F3F07A0EB5F37A1B4223C0F3BE2ED3DE6C618FD2143B6951336AA8776D63BAA01F1F2B99C484A322DD5960377B2F0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* CheckList Controller */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _settings = wa.Utils.Settings,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _l10n = wa.Utils.Lang().checkList(),.. _tmpl = wa.UI.CheckList.templates,.. _core = wa.Core,.. _window = _core.Window,.. _checkList = _core.CheckList;.... ui.CheckListController = function () {.. let threatStateCss = "threat",.. infoStateCss = "info",.. greenStateCss = "green",.. waitImage = "file:///[WA_FILES]/MFW/packages\\builtin\\white_timer.png",.. alertImage = "file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-checklist-risk.png",.. ignore = _l10n("IGNORE"),.. fixNow = _l10n("FIX_NOW"),.. defaultImageCss = "wa-state-img",.. alertImageCss = "wa-state-img-threat",.. keyMap = { "NUW": "WelcomeMessage", "UUW": "UpdateMessage", "CLW": "CryptoLearnWelcome" },.. self = this;.. let browserCode ="(unknown)";.... this.update = fu

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):772
                                                                                                                                                                                                                                                  Entropy (8bit):5.266152347339336
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:xW/FJLjFUoZdTrh8FwIjEHpbXTfMUGAtf8+IdKjjUK+xe+IqFcF143jhZZwbW8eH:xmp5UoZRqC3dDUUhiLKyFc43bZp7KbEh
                                                                                                                                                                                                                                                  MD5:2FE491FC40A4004468CD85A09A672406
                                                                                                                                                                                                                                                  SHA1:76D97997038583C12A70B19461AEB75D12E466CC
                                                                                                                                                                                                                                                  SHA-256:1F9310A0D7C7646689D719A57DC3FB2D3E41C9AB45ECE5D1BB4529F82D5936BB
                                                                                                                                                                                                                                                  SHA-512:5624D6520E3095D84BF9755DDC12291FB6EC36362321F74162EF4923E0AA9EC1356E1201F41E11856D893D26AE10AB17C30963FE083D9F64BF54C51466EF902B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #454545;.. line-height: 24px;..}.....balloon-arrow {.. margin-bottom: -6px;.. text-align: center;..}.....balloon-main {.. box-sizing: border-box;.. background-color: #FFF;.. border: 2px solid #E6E9F0;.. border-radius: 24px;.. padding: 24px;..}.....enable-ext-btn {.. background-color: #4989EB;.. border-radius: 4px;.. border: 1px solid #EFEFEF;.. color: #FFF;.. cursor: pointer;.. display: inline-block;.. font-weight: 600;.. padding: 2px 8px;..}..//8BA1828E4F1364FE4C3094A32E88E67157973A4AC83FAA690E4E509ED61CA2E6A3A40D4C268FFD8AF4F836F117F4708D3A7136E237DC9647BE53DE1A63089448++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dialog-balloon.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1831
                                                                                                                                                                                                                                                  Entropy (8bit):5.443201185141968
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:+swDxMxdI2u5YWrVMrLKWrVMrQzVMrQXVMrQdTMNVMCrnr5OymTQoguT+ORMfrAc:NOxMxG75Y3i3cKc+cdNCzd+TQgT+yA/b
                                                                                                                                                                                                                                                  MD5:B3A9066BA4F6834CACA76E36CF70A3A4
                                                                                                                                                                                                                                                  SHA1:D5FDC5A028A6C2BCD31889A36F86ED57046485F8
                                                                                                                                                                                                                                                  SHA-256:FF683BC097BDEBBF2007D4ADF8AF1B573326B6DA3FFDE4315BBEDA3ABA314D5A
                                                                                                                                                                                                                                                  SHA-512:A0BB33BD979231397878E895B19AAC8D058F546ED2C604CEC446DF489E5D3CE6F97069EB36BAD2405A60E7831D841B461D9F8B7E085BEF9B2257AA7B440D3F82
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-dialog-balloon.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-dialog-balloon-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ui-dialog-balloon.js"></script>..</head>.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-dwtoast.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1617
                                                                                                                                                                                                                                                  Entropy (8bit):5.267204915883037
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:V2skx0xutt5WrVMzLKWrVMzQzVMzQXVMzQdGVMC8jIYc6/F8dHK:3kx0xi7363kKk+knC8jKSFcK
                                                                                                                                                                                                                                                  MD5:51ADA7BDB8B119DE4C9DF6A63539B252
                                                                                                                                                                                                                                                  SHA1:0588C534D5A79CC9E30FE94072DF28884CC68DF8
                                                                                                                                                                                                                                                  SHA-256:CA35BA7EE03B77DD82C3FD3CD3CE9DF3E83B82999420B9B2807245A81EEECF8F
                                                                                                                                                                                                                                                  SHA-512:4F73C92ABCE2055AB9ADC4339A8A1BF2951359894DFCCE3C3D49346B0BD46E00AB456FF9940277D811FCFBC6FAE3E3601E9C5F1515699ED4736F612D1B93A4BF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-dwtoast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-checklist-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ui-dwtoast.js"></script>..</head>..<body>.. <div id="wa-dw-toast">.. <div class="heade

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2483
                                                                                                                                                                                                                                                  Entropy (8bit):5.219173796507417
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:7kxtxC363kKk+knCVr/R+5a5beIwEeIYOzdTsrn:+/Fb1DxTCn
                                                                                                                                                                                                                                                  MD5:21EE04CC9FD2FFFDA6C2FE1B623F93AA
                                                                                                                                                                                                                                                  SHA1:0FF796D19542EEA8067AAA8EC659B23A75407C20
                                                                                                                                                                                                                                                  SHA-256:965A9812B2EB821B736C35D4F0C3229C4EFA2008B963F83B6C905B8F3E259E0B
                                                                                                                                                                                                                                                  SHA-512:658C4893E8DD2B0C2BEA87461C8FF2EF28B2E716C6FC7C5B119FD1FF3D60D49E47A6F747C92485DE33973ED89DE073326E0A65C146657020DF53964A8B6298BD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>Download Extension Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-ext-install-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-ext-install-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ext-install-toast.js"></script>..</head>..<body onselectstart="return false">.. <di

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ext-install-toast.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4885
                                                                                                                                                                                                                                                  Entropy (8bit):4.835123536475242
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:1zDsTVq7EIkGvTkE0oN6El4iTZTzwuyFDk00JarkM0d7XO:qc7EIXTq06ESGZ37MDa8ryd7+
                                                                                                                                                                                                                                                  MD5:BAE2CBB5C50B2DE82E238CE4A970C442
                                                                                                                                                                                                                                                  SHA1:1187B13EAE2FDDBB88D15BA2CF1494A548167236
                                                                                                                                                                                                                                                  SHA-256:CD116597AEA4DA4DB69CAA54DBCBA16E9EB3BEC49CB7ACAAE0BD8E9B9C3BFAB0
                                                                                                                                                                                                                                                  SHA-512:B30B3B4F5C5AF4770A498922DCC144F06ED9292A817660B39081039683863E6AC851B868BB81C40223ACDCE3542F8F454B5497E357E56110D922925E6AFCB91D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Download Warning Toast UI */..(function (wa) {.. let ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.extension_install_toast = function () {.... let browserCode = "(unknown)";.... show = function () {.. _window.ready(async function () {.. // Set toast window size.. setSize({ width: "485", height: "265" });.... // Get settings data.. let toastCountSetting = "ff_extension_toast_count";.. let toastCount = await _settings.get(toastCountSetting, "0") || 1;.... let lang = wa.Utils.Lang(wa.Utils.Lang.ResType.WAIFF).get;.... // Initialize toast... init(lang, toastCount, document);.... _window.show();.. window.chrome.webview.postMessage("draw_background");.. window.chrome.webview.postMessage("set_focus");.... browserCode = await _instrument.getBrowserTypeCode();.. //

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-options.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6769
                                                                                                                                                                                                                                                  Entropy (8bit):4.974425154516147
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:yH5SvRvxVoY2bZX/o0lhOY52Q5YsYmafFZR9OIv:yH5EvxVD2bJQChOsV5BLaf3yIv
                                                                                                                                                                                                                                                  MD5:817D9E6AAC3445BE9EDB4E912C4EFFCE
                                                                                                                                                                                                                                                  SHA1:14AC4215B42332FEDB04D5DD0E7BAB06F96EE38F
                                                                                                                                                                                                                                                  SHA-256:BAADE101BAFF701219501A1DF90E120B23F19A237CA92E1C953C0589C9CDA741
                                                                                                                                                                                                                                                  SHA-512:26F74926C22BBD72E2126D7A97F86F9332CE4C14FC8415EB656B3AC613136B3012B5CF370478F54A594ABF0C8AD7C3900F8A5492797D0C58E60683FF4503BBC8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:#bottom {.. bottom: 0;..}....#left {.. left: 0;..}....#left,..#right {.. bottom: 0;.. top: 0;.. width: 2px;..}....#right {.. right: 0;..}....#top {.. top: 0;..}....#top,..#bottom {.. height: 2px;.. left: 0;.. right: 0;..}....#top,..#bottom,..#left,..#right {.. background: #939598;.. position: fixed;..}....#wa-button-donttrust {.. font-size: 26px;.. right: 2px;.. top: 5px;..}....#wa-button-reset {.. background-color: #00AEEF;.. border-radius: 3px;.. color: #fff;.. font-size: 14px;.. font-weight: 700;.. height: 40px;.. margin-top: 12px;.. width: 145px;..}....#wa-button-trust {.. font-size: 24px;.. right: 3px;.. top: 4px;..}....#wa-close {.. padding: 8px;..}....#wa-options-about ul {.. line-height: 23px;.. margin-bottom: 0;.. padding-left: 12px;..}....#wa-options-content {.. font-size: 12px;.. overflow-x: hidden;.. overflow-y: auto;.. padding: 24px;.. width: 550px;..}.... #wa-option

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-options.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1561
                                                                                                                                                                                                                                                  Entropy (8bit):5.436335174224512
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:csY0xtxdJQeNVMznWrVMzLKWrVMzQzVMzQXVMzQdQVMCmFgtHGOSCeO:3Xxtxk/r363kKk+kNCJtH/eO
                                                                                                                                                                                                                                                  MD5:F752617D495931000B6289C4CB0331A9
                                                                                                                                                                                                                                                  SHA1:BFF1ABD4967BF5D812FD27FCEF348839294C02DB
                                                                                                                                                                                                                                                  SHA-256:FE6FF6E6AAC49A1770050DC303B43E112EF3014F980515EA8596B944E3D6721C
                                                                                                                                                                                                                                                  SHA-512:DCDF94C6280C86509B3D1B12607F1A9EEC67D8EC65AE9BEBF72B50442CD8BA373163D011D9AA346DF12014878B80D528CA769EBF6FAEC9DF5DAA921F591BE449
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-options.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-options-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/java

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-overlay-ui.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2225
                                                                                                                                                                                                                                                  Entropy (8bit):5.389102082736705
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:NOxNxS/Y+3i3cKc+cpC3W0PK+ptCHJCER:Y9i2CB
                                                                                                                                                                                                                                                  MD5:81A5133C79ACDE4F3C65FC850573AE91
                                                                                                                                                                                                                                                  SHA1:1B93EA110F8786895D9D18FE20DA1951B13080FF
                                                                                                                                                                                                                                                  SHA-256:BF7A172CD9AF4BF4B66948294277A38D5D5C48E6E01F16759C5E7838BE4E410E
                                                                                                                                                                                                                                                  SHA-512:B3ADB4E29DD8551814E227D1EA9D18FDD90B86964D8636D8B372F559015703CF5266DCAFF16D391D6AD4A64C372F1C09EB12FB4D001197E25C3304A4C61F95CD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>....<head>.. <title>Accept Extension</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-overlay-ui.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-overlay-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:/

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-overlay-ui.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9619
                                                                                                                                                                                                                                                  Entropy (8bit):5.244395471568787
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:2Ar/3q1FNFmMtuhVXdeWG3trOpnb+LXB7ZmX7L:7Q8XPG3tyo9UP
                                                                                                                                                                                                                                                  MD5:34BDC68A46CC4FFA92664C0E8D85B046
                                                                                                                                                                                                                                                  SHA1:27E2A4B8B72512EA87AC088A8069A6180F566F9E
                                                                                                                                                                                                                                                  SHA-256:56A8061AC7A7A8C2422B8104723669E3F45A34373CD66CBD06917D50F549A858
                                                                                                                                                                                                                                                  SHA-512:68D0FB3EC182175919B42E9C093F13C764EC8A7E7BD0303DCCB17399C26AFD0FFA3BBEE79CC91517BAB0F9CE65BC9411E45677DFFDB6BCAFB3FC1CC523678464
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _settings = wa.Utils.Settings;.. var _instrument = wa.Utils.Instrument;.. var browserCode = _instrument.getBrowserTypeCode();.... ui.accept_extension = function () {.. var $el = {.. arrowUp: $("#arrow-up"),.. arrowRight: $("#arrow-right"),.. balloonCard: $("#balloon__card"),.. contentText: $("#content__text"),.. cardImage: $("#card__image"),.. closeIcon: $("#close-icon"),.. waLogo: $('#wa-logo').. };.... var ENABLE_EXTENSION_OVERLAY = 0;.. var INTRO_OVERLAY = 1;.. var SEARCH_WARNING_OVERLAY = 2;.. var SETTINGS_OVERLAY = 3;.. var TOAST_OVERLAY = 4;.... var WA_EXTENSION = 0;.. var SS_EXTENSION = 1;.... var overlay = {.. types: {}.. };.... overlay.types[ENABLE_EXTENSION_OVERLAY + ""] = enableExtensionOverlay; // enable_extension_overlay.. overlay.types[

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-rebranding-bing.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2132
                                                                                                                                                                                                                                                  Entropy (8bit):5.202568131798471
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UGEp5ULZwx7/SMhdIelE5PmE5IeE5YMvubTVO6bvB:72x7aFelgPmgIegYZTVO2J
                                                                                                                                                                                                                                                  MD5:DE9341556E2C8221926C515B6FDA15A4
                                                                                                                                                                                                                                                  SHA1:C605E762288F97A0285FD8DDF489583952E66117
                                                                                                                                                                                                                                                  SHA-256:97A0BA89258FAF42EFBCAABABBC5E50DC6AC05DCC0553FBCAC2C81578F05F0F3
                                                                                                                                                                                                                                                  SHA-512:570BF4659974D4964E8D5D5FAFFED42C4B04FCD26F88B3FC25495D5233B73B542BA762CBFC8981D1106E62CBDD106C25E538D0D2FC3EEC324680B576BFD0B21A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* CSS file for the new bing rebranding toast that replaces the red SS toast */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Poppins", "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 5px;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 555px; /* Window width is 567px */..}.....card__image {.. display: flex;.. justify-content: center;.. align-items: center;.. float: left;.. width: 150px;.. height: 100%;.. position: absolute;.. background: var(--Grayscale-50-Gray, #FAFAFA);..}.....card__image #green-pc {.. width: 150px;.. height: 150px;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;.. height: 100%;..}.....card__content #info-title {.. color: #343434;.. font-size: 20px;.. width: 100%;.. font-weight: 600;.. line

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-rebranding-bing.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1895
                                                                                                                                                                                                                                                  Entropy (8bit):5.377039973471367
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:Iskx0xdE+QXNVMz3WrVMzLKWrVMzQzVMzQXVMzQdEwrVMCntcIbQSk4CNiebvFU2:Lkx0xEUT363kKk+kHCCnKHYkVQja
                                                                                                                                                                                                                                                  MD5:2E7631BE009F53F4BC0C4BCAB085E75F
                                                                                                                                                                                                                                                  SHA1:AE844FF61CFBFA424D533F690F1FF9086E0AAAD0
                                                                                                                                                                                                                                                  SHA-256:8C8774A11B1A7FB40003F6605298DAE6B02FF60FF778329EB820BEE729945FAF
                                                                                                                                                                                                                                                  SHA-512:63638EEBA0E5586B903CAEB0DF8D7DB5AED0955D3F06C7597F7A60428E0A0B40B75726AC60534D604823A274EB77FFB78F11E75151B88EA808E44FB690F2E19F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ss-toast-rebranding-bing.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-bing-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\weba

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-rebranding-bing.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5141
                                                                                                                                                                                                                                                  Entropy (8bit):5.110834663201895
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:qATI3xOo49YNYTMhVumnb+iAnZE4wVE8g8BbLHcb+ZOXsa1:qAGxOoKYNMMhvnbcZEDE8g8BbLHcbQOz
                                                                                                                                                                                                                                                  MD5:2FD635504865420BFDB9EB0FFB0125F5
                                                                                                                                                                                                                                                  SHA1:D038F72403704565221B0CA62C50120266617128
                                                                                                                                                                                                                                                  SHA-256:6C7D49F190603FFB148D20D906797BA2C1F70D89BD8F0DE33CE5646414ED1EE5
                                                                                                                                                                                                                                                  SHA-512:7E3A456CC137CD4930EE85CB040100C4930D89624B3034701968823E55AEE7661F95E5CBB894E7D0B3980365F9A54230C7110D7C9F908D3F96FB2E8287FA591B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _instrument = wa.Utils.Instrument;.. const BUTTON_ACTION = {.. ACCEPT: "Accept",.. DECLINE: "Decline".. }.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. contentSubFooterText: $("#sub-footer-text"),.. contentbuttons: $("#content-buttons"),.. doneButton: $("#done"),.. declineButton: $("#decline"),.. toast: $(".toast"),.. };.... var langMap = {.. InfoTitle: "SEARCH_TOAST_HEADING",.. InfoText: "SEARCH_TOAST_SUB_HEADING",.. Question: "SEARCH_TOAST_BODY_TEXT",.. SubFooter: "SEARCH_TOAST_SUB_FOOTER",.. ButtonText: "SEARCH_TOAST_YES",.. ButtonDeclineText: "SEARCH_TOAST_NO",.. ToastT

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants-rebranding.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3234
                                                                                                                                                                                                                                                  Entropy (8bit):5.155227261928706
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:xmp5ULZwx7/SMhdu/WlE5PmE5IeE5LMs7MFCRPnE5NSubTRqH7xDZK8t3idcjooI:xT2x7aTWlgPmgIegLhcgPgJT0HqGpKp
                                                                                                                                                                                                                                                  MD5:C94A9247020C241B41D142A338FD4881
                                                                                                                                                                                                                                                  SHA1:BCA9793666FDE520DD7AA00E0894FB2C310E761B
                                                                                                                                                                                                                                                  SHA-256:84C636D52F488E71A2130402156F15A5EFD49DB77444B891A536769F4076F940
                                                                                                                                                                                                                                                  SHA-512:8004EB4733250DE49BB1F15FDC8BA67F26D808FBC22329CC84B5AC2F3BC670CCC51352540A807A07951F949B94CBFCADD0BACBFC4E76673E204F5F22E65FCBB7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Poppins", "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 5px;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 555px; /* Window width is 567px */..}.....card__image {.. display: flex;.. justify-content: center;.. align-items: center;.. float: left;.. width: 150px;.. height: 100%;.. position: absolute;.. background: var(--Grayscale-50-Gray, #FAFAFA);..}.....card__image #green-pc {.. width: 150px;.. height: 150px;..}.....card__image #mc-logo {.. position: absolute;.. bottom: 16px;.. left: 19px;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px 21px;..}.....card__content #info-title {.. color: #343434;.. font-size: 20px;.. width: 100%;.. font-weight: 600;.. line-height:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants-rebranding.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2721
                                                                                                                                                                                                                                                  Entropy (8bit):5.322335097429742
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ekx0xAU6323y3kKk+kOCnK0Qm1jRM3ns2QX8CPfcJol:dm1jRMcfX8C0ol
                                                                                                                                                                                                                                                  MD5:A4002AA3E3F0E30EF1469C1A84AF73EC
                                                                                                                                                                                                                                                  SHA1:FD3D841B4B585962B781F1576D1222996544FD1F
                                                                                                                                                                                                                                                  SHA-256:4AC54B8D6A758524EDA81FE7A5958A06238A95F445AD39A71431F8F170281EF5
                                                                                                                                                                                                                                                  SHA-512:9129BF5EDA0656B7B787B443C61267813271F14D5AB26C6B04C4C421547FA41860DCD5B106CD85A5C047D30B4656AF35F6DEBD05884E99B85BE90C9231CA9A52
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ss-toast-variants-rebranding.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-ss-toast-variants-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\bui

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants-rebranding.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10699
                                                                                                                                                                                                                                                  Entropy (8bit):5.045521916618284
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:cAntBR7h1zIR8p1YVYGl0AV5Y+joOBuooIZEA8g8BbLHcbJOXe:ptP/zIeINl0AV5KOBuooIZ58g8BbLHJe
                                                                                                                                                                                                                                                  MD5:A33E9E81828BFAA795AD2A1E3801FD57
                                                                                                                                                                                                                                                  SHA1:233FCE1A4861DE86473C4C984F229888540B8F41
                                                                                                                                                                                                                                                  SHA-256:A2D6D1E761318360A483B74128CF6DC75FDDE5D7B59E143442189C309EB55E33
                                                                                                                                                                                                                                                  SHA-512:B2078C444175020176BEC719E235F7E67A837BFF4A3857CFB5AB31AC37EC5B37E81E328253C315CB18B6C541773A9AB3EA4DCBAEA440338BAE78E096136C53FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:./* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. logoImage: $("#mc-logo"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. checkboxChecked: $("#checkbox-checked"),.. checkboxUnchecked: $("#checkbox-unchecked"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. doneButton: $("#done"),.. toast: $(".toast"),.. secureSearchSwitch: $("#switch-set-secure-search"),.. switchInput: $("#set-secure-search-switch"),.. };.... var variantsMap = {..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2773
                                                                                                                                                                                                                                                  Entropy (8bit):5.2231906109260615
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:xmp5UoZwx7MdDyTgWfx9gazwPpLDqELO1CX7EnulmlwWW:xA2x7M8TgWfx9ZzwRqzk4wZ
                                                                                                                                                                                                                                                  MD5:2226BB46CA59E0AC878E6FF97E630D47
                                                                                                                                                                                                                                                  SHA1:FEF92A5C29DE29265E7E5D7FA12C6340173AB848
                                                                                                                                                                                                                                                  SHA-256:B9AD6EA414C8575EA1A22CBD380DCA07B70097EC69DE2C4910E6F9FF09A8E381
                                                                                                                                                                                                                                                  SHA-512:364C20867D36D1FAB09615EF0F2F9135D4809063782FA069B027D009A52F5C0D9F33454D2457B90967F390453B630DBF9A68A96E9FF694AA84C13F95888D96DE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 14px;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */...toast {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px; /* Window width is 530px */.. margin-bottom: 6px;..}.....content__checkbox {.. margin-bottom: 25px;.. display: flex;..}.....card__content {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}.....card__content #checkbox-question {.. font-weight: 600;.. font-size: 14px;.. margin-bottom: 15px;..}.....card__content .button__unfixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;.. border-radius: 100px;.. display: block;.. margin-left: auto;.. height: 38px;..}.....card__content .button__fixed__width {.. background-color: #1671EE;.. color: #FFF;.. padding: 8px 16px;

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2556
                                                                                                                                                                                                                                                  Entropy (8bit):5.3460996927668205
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ekx0xeexvU2363kKk+kF3CeYYUrOFfp6NnSmsPzI4qJy:5kMOFUNnRs84q4
                                                                                                                                                                                                                                                  MD5:20DF8C424D9FDC6D9AC7560463CD385F
                                                                                                                                                                                                                                                  SHA1:BA912CD7E92E522083FE0944F4F61F37FA9959F1
                                                                                                                                                                                                                                                  SHA-256:4E76CDD5AC54805CB0ED490F5EA2FC282518B041D5260A059E89E1B2C69ACD02
                                                                                                                                                                                                                                                  SHA-512:8270807EB39F6A301BE40217D9D80C45372E1E39B5A4301F27115702C092F9E20B4B4528A9CD83B3BB59809626C1A738CA15EB3E156C8BC119E60AFE3A1C4012
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>....<head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\custom-checkbox.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages_web_view\\webadvisor\\wa-ss-toast-variants.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-ss-toast-variants-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_we

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ss-toast-variants.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15860
                                                                                                                                                                                                                                                  Entropy (8bit):5.045192882623722
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:pBhtOz/WohfMaTGrTaTe1GXoK+iJIZut8g8BbLH5Vj:nOyoiammeYokJIZs8g8BZB
                                                                                                                                                                                                                                                  MD5:7E5B44F4B207191CAE4F09629B5281F8
                                                                                                                                                                                                                                                  SHA1:9D71C77C3652125B7867C34344CE9F3730728841
                                                                                                                                                                                                                                                  SHA-256:949FEF7557748FA0A329B605F23ABD28D08C4C542375FE865B84107CD40609C5
                                                                                                                                                                                                                                                  SHA-512:B6FF9090000BE937F03E32EACCCA421A16A64D5DD4676AB0B14465B2A4F39116F7D294ADBC13F62A5450F451A54308770BAD0CE349E4EF0304D2B40F3236ADCE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:./* Accept Extension UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. const TOGGLE_COUNT = "toggle_count";.... ui.accept_extension = function () {.. var $el = {.. cardImage: $(".card__image"),.. cardContent: $(".card__content"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. checkboxQuestion: $("#checkbox-question"),.. checkboxInput: $("#set-secure-search-checkbox"),.. doneButton: $("#done"),.. toast: $(".toast"),.. setSecureSearchLabel: $("#set-secure-search-label"),.. closeIcon: $("#close-icon"),.. labelDiv: $("#label-div"),.. };.... var variantsMap = {.. // Toast variation phase 2.. 1: {.. InfoTitle: "TOAST_VARIANT_1_TITLE",.. InfoText: "TOAST_VARIANT_1_INFO",.. Question: "TOAST_VARIANT_QUESTION"

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle-rebranding.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15991
                                                                                                                                                                                                                                                  Entropy (8bit):5.052309647002538
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:5B1uHjA9M61F9HRa9nFhxdzzPWQfwGti6+Sjn7:ghi0jn7
                                                                                                                                                                                                                                                  MD5:D3D2587FDCBD8CF3F8FE881652C68B6A
                                                                                                                                                                                                                                                  SHA1:5AC86E8BFB1E293882245D4643B2A22116CCCFD7
                                                                                                                                                                                                                                                  SHA-256:7C4F4F795264026174D9E91FDB8308176EE04931D0DEDFD106444ABCB69F6DD5
                                                                                                                                                                                                                                                  SHA-512:4BE6AA732893C25F93C543A7030CD6BC848151B6B90EE6C53E1EE3E4783750B59AF998E1DA502847C0168F09723A538EAB342C1FCE07CF05FD06BEB4C9286166
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Poppins", "Open Sans", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;.. width: 761px;.. height: 565px;.. user-select: none;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;.. height: inherit;.. padding-top: 36px;.. padding-right: 36px;.. padding-bottom: 36px;..}.....size_test_card_content {.. background-color: #fff;.. margin-left: 260px;.. height: 100%;.. padding-top: 32px;.. padding-right: 42px;.. padding-bottom: 32px;..}..../* version 2 3 */...card__content .logo2_3 {.. margin-bottom: 8px;.. width: 88px;..}.....card__content .size_test_logo {.. margin-bottom: 16px;

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle-rebranding.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4291
                                                                                                                                                                                                                                                  Entropy (8bit):5.123045962254131
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:raaxkly363k3k5kCZhugy1s8FUYoAkZ6tOms8HDDC2eaNS64V2QXDzanW23W:mhutmYo8jtjDheasZVfXDzanE
                                                                                                                                                                                                                                                  MD5:914FD5A8F27289295D0FAA9296B7CCC2
                                                                                                                                                                                                                                                  SHA1:03F0C2CBA944132B6543581F6B172824DF8BAD38
                                                                                                                                                                                                                                                  SHA-256:5838E641647F67228DE00B3473CABBED6D1498FB8D126737BDCDE618B76E3638
                                                                                                                                                                                                                                                  SHA-512:B03E870D2479648A07561833A9F6ADDF9BD927E1E46C6624625BC2B8B7CF89C8056539E31C0EF3D15AFF848696A7DF1ABBC3E790A114A18EA4BC2C9122B19E36
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>.... <head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/mfw\\packages_web_view\\webadvisor\\wa-sstoast-toggle-rebranding.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle-rebranding.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20314
                                                                                                                                                                                                                                                  Entropy (8bit):5.005269775172544
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:nMYsg4KeJ0FpttzjksroBrcIWqXub7m9IrNshzHsX:DsrKMYcsroBrAqXub7m9IrN+2
                                                                                                                                                                                                                                                  MD5:49D2B3F70DECB62F79587D54B77C161D
                                                                                                                                                                                                                                                  SHA1:A0EB32BFBEAE91CE408536BF26DA67F59C6E8A36
                                                                                                                                                                                                                                                  SHA-256:48660300406DD22B43F5F54E3616A5A4ADA407C226C4C2D6A029603055A94655
                                                                                                                                                                                                                                                  SHA-512:DCE75E0C71AEEE0E5A8AD4C8F599EF76440988BDA5A3FCDB8F6E17170D19907070D3F6AE8CAE31C64ED7759AD5E1E38FE1FA30F0445BF5FEAD737A7017F3312C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. var _misc = wa.Utils.Misc;.. const TOGGLE_COUNT = "toggle_count";.. var browser_code = "";.. var provider = "";.... const toastSizeTestMap = [.. { // 0.. "width": "547",.. "height": "332",.. ToastType: "toggle_toast_ss_toast_size_test_variant_0",.. },.. { // 1.. "width": "625",.. "height": "366",.. ToastType: "toggle_toast_ss_toast_size_test_variant_1",.. },.. { // 2.. "width": "700",.. "height": "416",.. ToastType: "toggle_toast_ss_toast_size_test_variant_2",.. },.. { // 3.. "width": "761",.. "height": "565",.. ToastType: "toggle_toast_ss_toast_size_test_variant_3",.. },.. { // 4.. "width": "352",.. "height": "704",.. ToastType: "toggle_toast_ss_toast_size_test_variant_4",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7437
                                                                                                                                                                                                                                                  Entropy (8bit):5.10415873127051
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:OW0xXMHRMrola7b6xEgPGquAED+Y8AAoYE9Yl5hpeA8h9Y/5hbqe51E5T9565Cg1:OWlH2zFguf+c9Ug9K7aO9Y1ba
                                                                                                                                                                                                                                                  MD5:3843340A9BBFE229C6219CA544750446
                                                                                                                                                                                                                                                  SHA1:812976ECF142D7805F3588176AAC1E4D0F98445E
                                                                                                                                                                                                                                                  SHA-256:2C1AA93A32169DF0138FD57DF55B8A6DC8937F8E0AF4315B9B68127680111D56
                                                                                                                                                                                                                                                  SHA-512:7A12BD7C17322742467EBB9C112D0AC64AE5CAC5E4F69BBEFB6A53236417633B2FC8D4D2AB7999962475B90F4DCF4D238036F5762A64930795CA34E54D7DC25B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* version 2 3 */..* {.. padding: 0;.. margin: 0;.. border: 0;.. box-sizing: border-box;.. font-family: "Open Sans", "Poppins", Arial, Helvetica, sans-serif;.. font-size: 12px;.. outline: none;..}....body {.. color: #212934;.. line-height: 24px;..}..../* Parent container */../* version 2 3 */...toast2_3 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. background: #FFFFFF;.. overflow: hidden;..}.....toast2_3_larger {.. width: 761px;.. height: 565px;..}.....toast2_3_smaller {.. width: 761px;.. height: 500px;..}..../* version 1 */...toast1 {.. position: fixed;.. bottom: 0;.. border: 1px solid #ABB2C3;.. border-radius: 24px;.. overflow: hidden;.. width: 524px;.. margin-bottom: 6px;..}..../* version 2 3 */...card__content2_3 {.. background-color: #fff;.. margin-left: 297px;..}..../* version 1 */...card__content1 {.. background-color: #fff;.. margin-left: 150px;.. padding: 24px;..}..../* version 2 3 */...card__content .log

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4045
                                                                                                                                                                                                                                                  Entropy (8bit):5.136705413245803
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:raaxLly363k3k5kabWZhuvT0/qUYoAxT75CZUea9S64hV2QXDUanjOOR:fbGhYGYoq75Heac7VfXDUanCOR
                                                                                                                                                                                                                                                  MD5:6DA584055743278D479C9416DBCE7F9C
                                                                                                                                                                                                                                                  SHA1:2FF6A9EADE6D045708A75EA6D753342FC1E31BD1
                                                                                                                                                                                                                                                  SHA-256:DF30A6ABE4D7386FAC8EE233F924116DE5EBA6D3DF15FA90B8E3DB1F2AA0D460
                                                                                                                                                                                                                                                  SHA-512:D0296825A89344A47322712DB56F4A33D3AD532049D31A7CBBC22AB6F2A401EF56524BBFB2C26D3899C0A6D87AED590245BF8768B946B17D1DF3862826C21C1C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<html>.... <head>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&family=Poppins:wght@400;600;700&display=swap".. rel="stylesheet" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/mfw\\packages_web_view\\webadvisor\\wa-sstoast-toggle.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\jquery-3.6.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-sstoast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/mfw\\packages_web_view\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="file:///[WA_FILE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-sstoast-toggle.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10410
                                                                                                                                                                                                                                                  Entropy (8bit):5.144798884804033
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:4MAf3m0aWPwT0JrrvhGzuLIhHQnJs1aW9seo65DhOrE/yIrEz2OlgXe:ef4cGyDJkseoBrdIr0se
                                                                                                                                                                                                                                                  MD5:1E4D79B80A1F6AD1AB812603F435E723
                                                                                                                                                                                                                                                  SHA1:1DCAA0916B6ADAF97D7FEF48E3170DD31643C7BD
                                                                                                                                                                                                                                                  SHA-256:C3F4CBEC65E38AC29C62F34E3A6473F96967EC4EA88BF0B4813D08A9E7232722
                                                                                                                                                                                                                                                  SHA-512:8E5D6131C65A1F80A057A48415F5CE8ED1ECABCB6D68F55B0628323E07CD3FC4D51AA7928C61FA3CE0D6E997268DF41B3DADB8D7E503FC8909BDC8428A734C1F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {};.. var _window = wa.Core.Window;.. var _external = wa.Utils.External;.. var _instrument = wa.Utils.Instrument;.. var _settings = wa.Utils.Settings;.. var _misc = wa.Utils.Misc;.. const TOGGLE_COUNT = "toggle_count";.. var browser_code = "";.. var provider = "";.. .... ui.accept_extension = function () {.. var $el = {.. version2_3: $(".version2_3"),.. cardContent: $("#card-content"), // different css for different versions.. cardImage: $("#card-image"), // different css for different versions.. featureDisabledSection: $("#feature-disabled"),.. progressPic: $("#progress"),.. contentInfoTitle: $("#info-title"),.. contentInfoText: $("#info-text"),.. expiredSection: $(".expired__section"),.. expiredDivider: $("#expired-divider"),.. expiredLabel: $("#expired-label"),.. expiredName: $("#expired-name"),.. feature1Label: $("#feature-1-label"),.. feature1LabelContaine

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-av-report.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6288
                                                                                                                                                                                                                                                  Entropy (8bit):4.911633221107463
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:qkKi/9YE82GQyvE7p2Uop1VacAPZnn41/qQNc0:gR4PNYCGc0
                                                                                                                                                                                                                                                  MD5:CEB9CA0D771CAF69F421B3B722DDA716
                                                                                                                                                                                                                                                  SHA1:35A67785A3E3DAF2508DED21C10A54407AA7596B
                                                                                                                                                                                                                                                  SHA-256:52908F8F69C0B3A3AA97BF954F9D0C44F5C05B27721C40B1CBFD718F762907D4
                                                                                                                                                                                                                                                  SHA-512:E419C3F379D272D24DB5C8BAB1A28D0D2D3B7766F3288D553EBE4290B96635CB3D462A9C8F617024CAFE39FD085004C40DF4634D1750EFCC8B9C209B0CAE31C4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.. _lrt = wa.Utils.Lang.ResType,.. _l10n = wa.Utils.Lang(wa.Utils.Lang.ResType.UT).get;.. .. ui.AvReport = function () {.. var settingUrlBad = _settings.get("upsell_url_bad_scan", "1");.. var settingUrlDefault = _settings.get("upsell_url", "1");.. var url = (settingUrlBad == '' || settingUrlBad == undefined)? settingUrlDefault : settingUrlBad;.. if(url == '' || url == undefined){.. url = 'https://www.mcafee.com/consumer/en-us/landing-page/direct/aff/WA_MTP_StaySafe.html?affid=1523&ccoe=direct&ccoel2=campaign&csrc=wa&cctype=mtp_test5&ccstype=mini_vulnerability_scan_91277'; .. } .. .. open = function () {.. var data = JSON.parse(_external.getArgument("report_data")); .. showReport(data);.. _window.show();.. },.... showReport = fun

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dialog-balloon.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4316
                                                                                                                                                                                                                                                  Entropy (8bit):4.710661775758201
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:+cAFwUkCqVVPCxEeO0pv1xRsxIE3BXDXjZXGG:hASUrqfjetptxRIXDXjZXGG
                                                                                                                                                                                                                                                  MD5:576EA20B947CE856A4FC1F3BCA64B7F6
                                                                                                                                                                                                                                                  SHA1:F63DF63B5DE1F41AA24113D8BDF2B7EEEC99B297
                                                                                                                                                                                                                                                  SHA-256:7F285CB833C1209D2C02D17D358726462CF1FEF4944FC22196A48B76106C4347
                                                                                                                                                                                                                                                  SHA-512:957A4BE4D7D2E24D360678F4AC7924BCCEF626681002667287E62B12026F1AE943266BD0DE3C203C9E90DD11740C2A73E8476E2D6352C5D98C5336463058AA84
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Accept Extension UI */..(function (wa) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument;.... ui.accept_extension = function () {.. var telBalloonType = '';.... show = function () {.. chrome.webview.hostObjects.wa_external.log("inside show");.. _window.ready(async function () {.. chrome.webview.hostObjects.wa_external.log("inside ready");.. var settings = JSON.parse(await _external.getArgument("overlay_data"));.... if (!settings.balloon_type) return;.... init(settings.balloon_type);.... await _window.show();.... // Send telemetry for dialog balloon showed.. browser_code = await _instrument.getBrowserTypeCode().... //Send Telemetry 3.0 for dialog balloon.. var screen_flow = browser_code == 'FF' ? 'firefox' : '

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-dwtoast.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:C source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2708
                                                                                                                                                                                                                                                  Entropy (8bit):4.976828408398036
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:N45ikP03NTwwiIw0X+Zgleg0q3nwYfwR3AhYeYEfTiNAE1ed1RNADSuM+:RdUl3GsKirE0ShuJ
                                                                                                                                                                                                                                                  MD5:59AF173A81AA4FC1002AC326EFE62BD6
                                                                                                                                                                                                                                                  SHA1:AB46FDD81C8CD5322B495D42FD3A0467829CFE0B
                                                                                                                                                                                                                                                  SHA-256:58737651B1A969FDEDD53D37537EF13F549BC230F46AAEB6BC0E013D91865821
                                                                                                                                                                                                                                                  SHA-512:065719FF68BBF28D45AC6005395C71A64B01C54EFD908F04A2FFA7F8D859AC7829837BA1C65D54200544F52E24982978860A042829AFB39173549AB2AE5AE054
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Download Warning Toast UI */..(function (wa) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _window = wa.Core.Window,.. _dw = wa.Core.DownloadWarning,.. _wa = wa.Core.WebAdvisor,.. _l10n = wa.Utils.Lang().checkList();.... ui.DownloadWarningToast = function () {.. .... show = function () {.. _window.ready(async function () {.. let domain = await _dw.getDomain();.. let fileName = await _dw.getFileName();.... document.getElementsByClassName("logo")[0].innerHTML = (_wa.getProductLogoHtml("file:///[WA_FILES]/MFW/packages\\builtin\\mcafee-logo.png"));.. //$el.status.append(_l10n("PP_STATE_TEXT"));.. document.getElementsByClassName("body")[0].innerHTML = (.. "<p class='content-header'>" +.. "<img width='20' align='middle' src='file:///[WA_FILES]/MFW/packages\\webadvisor\\warning-icon-toas

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-ui-options.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21381
                                                                                                                                                                                                                                                  Entropy (8bit):3.8681212052565064
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:LravuBFTItTHDiF9ymq4pZpnXEB25hmmvYXOergIKB:PavuBcTHDdmRHpXEB2UEI6
                                                                                                                                                                                                                                                  MD5:E17CC75340EA8C62160BA8B706CADFB2
                                                                                                                                                                                                                                                  SHA1:9AB96311356C9045ADF9F8D475567E0DE45B50A4
                                                                                                                                                                                                                                                  SHA-256:ECDDE28C2752BB014D39ACEACFE08F9502D6E1FFBD2D36B3D18F921A00DD7F0D
                                                                                                                                                                                                                                                  SHA-512:C41AF41D92D599F2CCC3D1C44FB8119FE863CA33C882D6808712C8280E16DCB7B7AB348A572FD83726E094C461D8089F72C3237EA062D518F641902AEDFC0C58
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Options UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.OPTIONS).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml();.. _external = wa.Utils.External;.... var OptionsMenu = function () {.. var menuItems = [],.. el = {.. $menu: $("<ul id='wa-options-menu'></ul>").. },.... toggleContent = function (id, delay) {.. $("#" + id, el.$content).. .fadeIn(delay).. .siblings().. .hide();.. },.... itemSelected = function ($item, delay) {.. $item.. .siblings().. .removeClass("selected").. .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-upsell-toast.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2680
                                                                                                                                                                                                                                                  Entropy (8bit):5.237427075220709
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3Xxtxc/4363kKk+krCe4T+DSSqor5beIwEeIYuAix7x:O8ztb1/7x
                                                                                                                                                                                                                                                  MD5:BAC103DB6F861B68E3BFF6B80CC7163B
                                                                                                                                                                                                                                                  SHA1:F39514FE1BCE1EA0CB1799F416ED328F6635BFEA
                                                                                                                                                                                                                                                  SHA-256:4C54A5A7DE9A27B39CB5434F7047E8A33767BF6F5B113529D3724A0FEE1A37C7
                                                                                                                                                                                                                                                  SHA-512:7F41D0A6DDC61352C1A30326B50A0517426E28B3E686413CACD85D214A7C16FC8BD36C3C6BF5F09904671EDADB8E316BC76DACF439A64B13015CF81316ED4EF6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>Download Scanning Toast</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=9" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="file:///[WA_FILES]/MFW/packages\\webadvisor\\wa-upsell-toast.css" />.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-upsell-toast-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/jslang\\wa-res-shared-[loc].js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="file:///[WA_FILES]/MFW/packages_web_view\\builtin\\wa-core.js"></script>.. <script t

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\MFW\packages_web_view\webadvisor\wa-upsell-toast.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15043
                                                                                                                                                                                                                                                  Entropy (8bit):5.1288350061480426
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:+0/PfJTvqz3NbDdvSNOsxyVcNvKTvY6TdR/OsxTtwXMT2OpUF/0Ul:zPfJTvECBxyuNvKTvY6TjBxWcTRK
                                                                                                                                                                                                                                                  MD5:C75DD64D0805B8CAAD75C26B994D5829
                                                                                                                                                                                                                                                  SHA1:908943FCF860DEFAF3C8FF65AB38A9A5924A08D3
                                                                                                                                                                                                                                                  SHA-256:1AA32F82F2BAD433B057BCF7B1D1B97520343DBE5CC40873474456E9CD65400E
                                                                                                                                                                                                                                                  SHA-512:8C6A5BD24139A794FA0C5B85F1DAE2860BF71C72A5439BEFCA1C988C4D6DC4C4BC23531CD474CCE897261436B142E950352B470321F98A5E4171F86A75F5041B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _window = wa.Core.Window,.. _external = wa.Utils.External,.. _instrument = wa.Utils.Instrument,.. _settings = wa.Utils.Settings;.... ui.createUpellToast = function (toastData) {.. if(toastData.campaign && toastData.campaign !== 'none') return new ui.CampaignToast(toastData);.. .. if (!toastData || (toastData && !toastData.cohort)) return new ui.AvScanToast(toastData);.... switch (toastData.cohort) {.. case 1:.. case 2:.. return new ui.DirectUpsellToast(toastData);.. case 3:.. return new ui.GtiUpsellToast(toastData);.. default:.. break;.. }.. };.... ui.extend = function (Child, Parent) {.. Child.prototype = Object.create(Parent.prototype);.. Child.prototype.constructor = Child;.. }.. .. // ----------------------------.. // Base Toast Object definition.. // ----------------------------.. ui.UpsellToast = function

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticsmanager.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5441936
                                                                                                                                                                                                                                                  Entropy (8bit):6.506710019612722
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:016kzANE8yhtlohyWQ0iMuVjb3yyPZSeACMjWpjMvc7pgHiDj00FLy4JxviqxP1d:M5o2S5CMjyI0DhiAP1QCHom8ti5
                                                                                                                                                                                                                                                  MD5:B928B80C5DF851A97642E3E97DFF1B6B
                                                                                                                                                                                                                                                  SHA1:79807701066824CB26924CE448F6425C55D42D22
                                                                                                                                                                                                                                                  SHA-256:7F1396B074C4D49F8CE7D7FBF9F8905A20B50A03AD6C5FD657CB31DC068B5D42
                                                                                                                                                                                                                                                  SHA-512:895B9A958A2517A5AFD9A7FB1F8F3D6749A2B2540F44D26C8C643BFAD718ADF2A59137ACBF2836B29B82D13F0374E4698860D6D7206FD7AD7D8F065AD445EA4B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......NJ...+j..+j..+j.ASo..+j.U...+j.Un..+j.Ui..+j.Uo.w+j.ASi..+j..^n..+j..To.O+j.ASk..+j.ASn."+j..+j..+j..^n.K+j..^o..+j..+k..)j...o.[+j..Tc..+j..Tj..+j..T...+j..Th..+j.Rich.+j.................PE..d....YWg.........." ...$.N?..........{6.......................................T.....hbS...`A..........................................L.D.....L...... T.p.... Q......&R......0T.8}....G.p.....................G.(.....C.@............`?.......L......................text....L?......N?................. ..`.rdata.......`?......R?.............@..@.data...$.....M.......L.............@....pdata....... Q.......N.............@..@.didat..p.....T.......Q.............@..._RDATA..\.....T.......Q.............@..@.rsrc...p.... T.......Q.............@..@.reloc..8}...0T..~....Q.............@..B................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticscontextconfig.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4109
                                                                                                                                                                                                                                                  Entropy (8bit):5.532740544042154
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:fDHfl13RqCJ0Q6kQ22E0AOY0T3AiNJI3XVtjjakIXzr9Ml72Yq38lrr/XZ1yiODU:fDIZB1JSt/akIX/SfsuuXA
                                                                                                                                                                                                                                                  MD5:C03BD6B041B92FBFE8FA15532762A8F9
                                                                                                                                                                                                                                                  SHA1:2F4DFD37F7FCFA8FB270717A6CB281A4E5EA8B58
                                                                                                                                                                                                                                                  SHA-256:15FBA1DF5671D8CE05DB40365BAF5A57C9D35230AC74D432058B8CF48BB3A5BE
                                                                                                                                                                                                                                                  SHA-512:512480E8526EFC1422A9351484E4C53F0D4ABECEB350ECCE7B47652789186C1A95816F4845BF9F3FDB03667EEEFB8B411DFC789A9514703EC32F5632DCBBDCDE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ........A.h5.>.5...5...=...5...=...5...5...=...5...4...5...>...=...=...=...5...=...5...=...5...5...=...5...4...5...>...5...>...=...=...=...5...5...=...5...4...5...>...5...>...=...=...=...5...=...5...=. .5.!.=.".5.#.5.$.=...5.%.4...5.&.>...5.'.>...=...=...=.(.5.).5.*.=...5.+.4...5.,.>...5.-.>...=...=...=...5./.5.0.=...5.1.4...5.2.>...5.3.>...=...=...=.4.5.5.5.6.=...5.7.4...5.8.>...=...=...=.9.5.:.=.;.5.<.=.=.=.?.7.@.6.@.L....context_config.contexts....contexts..wa_smart_toast_attributes....setting&context_wa_smart_toast_attributes.handler.SmartToasting.wa_mss_plus....setting.context_wa_mss_plus.handler.MSSpStatus.user_account_id....setting_name,CloudSDK.cache: GET /account/v1/details.key.account_id....settings..handler.AnalyticsWPSSetting....db_name.vso.hash_id.IDENTITY.property_name.accnt_id.handler.WSSSetting....wps..handler.AnalyticsWssWps.setting.context_user_account_id.wss..product_productkey....setting_name1CloudSDK.cache: GET /subscription/v1/details.key.product_key....setting

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticswpssetting.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1732
                                                                                                                                                                                                                                                  Entropy (8bit):5.803537322068206
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:AnBciTKqN5+eO96lrbNiFiuUDqKMZO58Aa4Jq7X:ABci+SOMEFsD5MZOs4c7
                                                                                                                                                                                                                                                  MD5:F95591D0A3A0594302407DF873650871
                                                                                                                                                                                                                                                  SHA1:FA985B428AD5FC22E30365D4FF0E39D25B2F7D8D
                                                                                                                                                                                                                                                  SHA-256:78B7D8928C3412B9CB2A0399680F0A87CFEE16BF491C85A880385F5292AD9D4C
                                                                                                                                                                                                                                                  SHA-512:A6FB50E9B3C5027CE5F3E294E1CFB554FA7D068A924AFBD6248C15CF1012CC49DFAA4CD214FA2A6F817B5AD4A6C1E8AFE6CF6E2E78E0C61AEF43039BE6CFDC36
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........e....X...'...L...6.......9.......B.......X...6...9.......9...'...B...'...L...........X.......X...6...9.......9...'...6.......B...&...B...6.......D...X.2.6.......B...6...9.......9...'.......&...B...6...9.......B.......X...6...9.......9...'.......&...B...'...L...6.......B...H...6...9.......9.......'...6.......B...&...B...F...R...8.......X...'...L...8...6...9.......9...'...6.......B...&...B...6.......D...,AnalyticsWPSSetting: value returned is . = .pairs.NO_WPS_KEY&WPSSetting: JSON parsing error - .decode.json_parser%WPSSetting: wps json setting is .tostring"WPSSetting: wps setting value.NO_KEY.NO_WPS_SETTING WPSSetting: wps nil setting.info.log.core.get_setting.wps_utils.NO_INPUT_SETTING........L...@.......6...-...B...X.......X...+...L...E...R...+...L......ipairs........D6...9.......9...'...B...5...3...'...-...9.......X.$.6...-...9...B...X...9...9...6...9.......9...'.......&...B...6...9.......9...'.......&...B...-...........B...........B.......X.......X...E...R...-...9......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\analyticswsswps.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1308
                                                                                                                                                                                                                                                  Entropy (8bit):5.5549248879182
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:64svoMGnu0xHB1bKNQnuEKSNAdoCsqXRb7UcVzoFsqXRAKJDMOrDYyMyJ1+s9n:1u0xjuE+oeXRJ1oLXRnJDMO3YnyJR9
                                                                                                                                                                                                                                                  MD5:9F762363448B21B52ED22BEEF55CADB0
                                                                                                                                                                                                                                                  SHA1:5114D43B90400D2EE8E6DBB0ECA387B4B6B43ABF
                                                                                                                                                                                                                                                  SHA-256:E7FA982865963C175239D51404B3887FCDE39649677FF283269DD03FA4BF8E93
                                                                                                                                                                                                                                                  SHA-512:6389B363BFCFB30D61AF3479932B984F4182DB9E00B7AA45475EBB991602F7688AB8601700486BF9DBBD32B7D25099DD5D1EBA377C7F44874B9AA0292DC84BFB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........m-...9.......9...'...B...'...6.......9...B.......X.0.-...9.......9...'...B...-...9.......X...-...9...9.......X...6...'...-...9...9...&...B.......X...9...-...-...9...+...B...9...B.......X.=.-...9.......9...'...B...X.6.-...9.......9...'...B...X./.-...9.......9...'...B...-...9.......X...-...9...9.......X...6...'...-...9...9...&...B.......X...9...-...-...9...+...B...9...B.......X...-...9.......9...'...B...X...-...9.......9...'...B...L.........]AnalyticsWssWps: Expecting wss subconfig and wss handler in context config, but got nil.:AnalyticsWssWps: Nil wss context handler encountered..wss*AnalyticsWssWps: WPS is not installed]AnalyticsWssWps: Expecting wps subconfig and wps handler in context config, but got nil.:AnalyticsWssWps: Nil wps context handler encountered..err.get_context_string.new analyticstelemetry.context..require.handler.wps&AnalyticsWssWps: WPS is installed.is_wps_installed.wps_utils.$WssWps: main get_context_string.info.m_loggerR.......6...9...........B...3...=

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\browserinformation.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5024
                                                                                                                                                                                                                                                  Entropy (8bit):5.770690003003992
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:ph4Uw0908YNdY4a8PbjZDoFeuZCkv886A4A7AaAXzAMAwhsGU3JF5uXrK3yWK/8R:/xhdYN8YbuwW6zOJF5uX0yw5QCGIh75
                                                                                                                                                                                                                                                  MD5:866CC52507CA218A57C37DBC6D1B0F18
                                                                                                                                                                                                                                                  SHA1:4255A5A017EFCEE25D17184B7100171794016CE0
                                                                                                                                                                                                                                                  SHA-256:B02F6980B1584CD74BF035C853763AFBB3C790E6A2A4CA3009DA2327938D2467
                                                                                                                                                                                                                                                  SHA-512:84683E36908F16C787E3BB89F9B86288E694130F15A0EFD0C67882940994470F85BF1C68208D50F0DBA1883637B8644E0931143B0D1AB45B0345411D5F1C5D2B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........(6...9.......9...'...B...5...5...=...5...=...5...=...7...6...-...B...H...-...9.......6...8...9...6...8...9...B...6.......9...+...-.......&.......B...F...R...K..........SetOption.settings.value.key.get_browser_version.pairs.reg_info.ed....value.version.key(Software\\Microsoft\\EDGE\\BLBeacon.ff....value.CurrentVersion.key%Software\Mozilla\Mozilla Firefox.ch....ff..ch..ed.....value.pv.keyNSoftware\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96};Inside Browser Information set_browser_version_setting.info.log.core........-6...9.......9...'...B...5...7...6...-...B...H...-...9...6...8...+...B...6.......9...+...-.......&.......B...-...9...6...8...+...B...6.......9...+...-.......&.......B...F...R...K............SetOption.settings"get_supported_browser_version.pairs.browser_ints....ff...ch...ed..CInside Browser Information set_min_max_browser_version_setting.info.log.core........<6...9.......9...'...B...-...B...-...B...5...-...=...6...-...B...H...9.......X...4...<.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\browserversion.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):983
                                                                                                                                                                                                                                                  Entropy (8bit):5.811447092108564
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6J2msRGv1RWv8KD8RY7o7dOfTSOqyKRb9e3C4idAlu9:CR0jD8y85OfTSOqyObZ59
                                                                                                                                                                                                                                                  MD5:A25D8091FB26EE6A7458652C3C1BF9B8
                                                                                                                                                                                                                                                  SHA1:FF482DC8A1A5B26431547A51F839486B0BD103AD
                                                                                                                                                                                                                                                  SHA-256:23230778AB8040779191D967776816727B9FFF3ECEA33D2EA6FB8BAA7E3A2669
                                                                                                                                                                                                                                                  SHA-512:81C79694AC181B5C4608EDCFCEFB3EE32150943E4F23819982CAF35642E9587606EEC974FE21A300ADFAE1FD2E223F9EC298EBC2DE63832B85DAC218BCB3FB66
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........H4.......X...4...5...>.......X...4...5...>...5...>...5...>...5...>.......'...6.......B...X...6...9...9...9.......)...9...B.......9...B.......X.......9.......B...........X...6.......X...X...E...R...'.......X...6...9.......'...B.......X.......X...6...9.......9...'.......&...B...6.......D....tostringMCould not determine browser version. Returning default value. Browser = .err.log.%d%.%d.match.string.0.0.verion.QueryValue.IsValid.options.root.Registry.Win32.core.ipairs.....options.....root.HKLM....options.....root.HKCU....options.....root.HKLM....options.....root.HKCU....options.....root.HKLM.iej.......'...6.......9...........B.......X...6.......B.......L....tostring.GetCurrentBrowserVersion.utility..........6...'...B...4...3...=...3...=...2...L...."get_supported_browser_version..get_browser_version.mfw.core.Win32Helper.require...//8FC43CD86ADF4C255D43DFF442E6AF1F4BB3F901EDBC2D3217794054192A6CB20C93D1516BE49D8123645F7C275274C167D61D5D2558EA67367D467C5C428385++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\contexthandler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):422
                                                                                                                                                                                                                                                  Entropy (8bit):5.250436371747685
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:6lK3t4LqtAoIulNhWjGWA6q4Tf9q4Tf9qy/jmhSAz9eTWTWXUKWdenWImU+1W1Uy:6I9OuHhWqWBtJjmhzRbaEDGDmQ1UBE
                                                                                                                                                                                                                                                  MD5:4DD5FF4438678AB1E72D2FCD25608644
                                                                                                                                                                                                                                                  SHA1:7AED7C79EDD11115A478AE2DBB597855BF4EA7BC
                                                                                                                                                                                                                                                  SHA-256:D2839001CCD1C7F54048938D7107F0B8DD89F15C3272F58FEA3C5310DA67E05B
                                                                                                                                                                                                                                                  SHA-512:975D509D422E51B1041010B321FF88E8201EA573F0A7C71398BC646CCD93A7BED234BAB3C55E87F03E9773C89BDB5DF0F3E7DC1B9BAF93ED369E30B7E95752E5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..@.......6...'...B...K...'get_context_string not implemented.error........-...L.................K.....x.......4.......=...3...=...3...=...3...=...2...L.....set_context_config..get_context_config..get_context_string.m_logger;.......4...7...6...3...=...6...2...L.....new.ContextHandler...//3080B3F3C14226C41C47FDBD3F5B14D73EE65B632CE3EAF4D1C1E5818E51DB3A224A6B2FEA110F68D8860A1A0785A0C44213C7D29E188A5E32D600C39C979631++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\externalutilityfunction.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):897
                                                                                                                                                                                                                                                  Entropy (8bit):5.5657914963715145
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:68i5J1Gn4Lel9awpSLdVf507iDaXU0XlLRNMSJ1xF7VDG:ti5J1venD4Vf5Coj2RqSJx78
                                                                                                                                                                                                                                                  MD5:15EFA1987698A34AEE0CD6A4DC3C50F9
                                                                                                                                                                                                                                                  SHA1:43B47EEE1ED9D2FE0ECAD31A1CCBCC410FCCC663
                                                                                                                                                                                                                                                  SHA-256:7652C7B9C7A89EF7299DE4EDB39AE0FF0CF74935A836EAA58A514E5A098C5FE4
                                                                                                                                                                                                                                                  SHA-512:A1BC05E7064B5611A158F398227EB8E86B2CCC28B0BA2D8BBFB0E07F423CBEE888742860F87617D76991A07D9A0BE8DC6544766F76965FC60850CD08462A6589
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........>-...9...B.......X...9.......X...9.......X...-...9.......9...'...B...'...L...6...9...+.......X...9...8.......X...-...9.......9...'...9...'...&...B...6...9...D...........B.......X.......X...-...9.......9...'...9...'...&...B...6...9...D...6.......D.....7) return invalid result. Returning default value...tostring0) does not exist. Returning default value. External utility function (.utility._G.defaultQInvalid configuration supplied to external utility function context handler..err.m_logger.func.default_no_value.get_context_configR.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.ExternalUtilityFunction.analyticstelemetry.context.ContextHandler.require...//F11BE6B6083D669E81B3318260DB49C1A6BA6886ABA9AE0B562547EF3DADCCD84B64E5D3EA49856CFA12C71534154BE7476D1A063F866AADDAA2BA393C20A894++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\featuretrackingfeature.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7498
                                                                                                                                                                                                                                                  Entropy (8bit):5.613792909770243
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ZjWEqmnipj7pRakfL6HQVS65L6D0Y08N0IVX6Mak6Sj2bA6XCoG3ipGHbFT6Zvv5:RWdmnqRakfOHQVS65OD02N0IVX6MatSI
                                                                                                                                                                                                                                                  MD5:0CBCBE117A18F9ABED1941BA5DAD6724
                                                                                                                                                                                                                                                  SHA1:D172160C5746773442053B0D3BAD363506A23DD6
                                                                                                                                                                                                                                                  SHA-256:156F8108183292BBED329C4F77DB61A773DC53B370C3BF707E480224CAE7012E
                                                                                                                                                                                                                                                  SHA-512:4E220E5D820F56690F1604035BDF5122FEC482EF1F8A189A2AC97C98AA8B3050FF54893CD51141AF16711DAD37708AB1617A7BDEDA5B5DE393BF675403DD1564
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..V.......-...........-...-...8.......X...-...-...8...-...-...-...8...8...J...K..........d.......4...6...-...B...H...........<...F...R...6...9.......B...)...3...2...L.......sort.table.pairs.........]'...-...B...X.V.'...).......)...M.K.8...9...9...9...9.......X.,.....X.*.....X.(.'.......X...6.......9.......B.......X...'...X...6.......9...........'...B.......6.......9...6.......B...6.......B...A.......X.......'...&...X.......'...&...X...8...9.......X...-...9.......9...'.......'...&...B...X...-...9.......9...'.......'...&...B...O...........'.......'...&...E...R...L........=2) was detected when processing FTF dimension..Invalid information for (.err%) when processing FTF dimension.'Skipping version information for (.info.m_logger.version.0.1.tostring.IsMatch.regex_helper.GetOption.settings.get_setting.wps_utils.wps.setting_source.enablementCriterion.enablementSetting.scope..,.........6...9...........B...6...9...3...3...=...2...L.....get_context_string..FTF_Registry.FeatureTrackingFeatur

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\hashedmachineid.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):488
                                                                                                                                                                                                                                                  Entropy (8bit):5.505647062582451
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6jot8h2HMHGU4iCkSR7zt0GJWJJKvx/JAT8V4JK5yfH:672sHG/wSByGJ1/Vzyv
                                                                                                                                                                                                                                                  MD5:A0D19CE46D298D28D47F331342797B4E
                                                                                                                                                                                                                                                  SHA1:DAC13ACF4870EA3737DF06481B735DDF4B11C60C
                                                                                                                                                                                                                                                  SHA-256:40D623385CBF2B317E52A4DE925DC5DE7E4274BA3B7BE40D248B453AFAD8A9F1
                                                                                                                                                                                                                                                  SHA-512:1953CC8E6C4F59AAC53E2814CC75E1D35017FC091A5F65EBB069EF0CFD789ED0E0777D310CAC2B713EFDAEB14CF6D00BA328D604CCE94B287CFE588DBFFD2AF7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..O.......6...9...9...9...D...#get_analytics_hashed_device_id.MiscUtils.utils.coreR.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandler.........6...'...B...6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.HashedMachineID.logic.MiscUtils.mfw.core.Win32Helper.analyticstelemetry.context.ContextHandler.require...//42289B8895B1C7516C40DE9647D457D33DA846606CEE4E4E1023BCB7D8500F556F540615A20611BB1DF5308BB061071F509368AB30AA0CFB7D9D44E0270727FE++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\msspstatus.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2001
                                                                                                                                                                                                                                                  Entropy (8bit):5.683033574229011
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6iSHUuceVdlgG13dShqVJCaZRetV6mclRiXvAZeyUepCGOODGAcncnlMAGJ1LFY:o/c8lgG2qfCasDclRiXv57/7AznlIJc
                                                                                                                                                                                                                                                  MD5:039A8A6A04B7518B71F13F9CF2E9D2FC
                                                                                                                                                                                                                                                  SHA1:8F6585AFD091DA5C60A0EDDAC7374D4A600F25A1
                                                                                                                                                                                                                                                  SHA-256:EAB606A14D5DA138B3F9A84C5E91581ABFAF6E47DE64D1979617E68C5F7A0983
                                                                                                                                                                                                                                                  SHA-512:4B1F17BD3E170F0B004E9AA950966D9D104C554D5907612AA029A908CFD248A0EDAE2F2EB2E59ECADFB3141185EAA44B8C50934632A7B1015C1A8D16E13C09AE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..k...........9...'...B.......X.......9...'...B.......X.......9...'...B.......X...+...X...+...L....|.&.%%.find........1-.......B.......X...-...9.......9...'.......&...B...+...L.......9...'...'...B.......6...9...'.......'...&...B.......9...'...B.......9...B.......9...'.......&...)...+...B.......X...+...X...+...L........Directory of .find.close.*a.read." 2>nul.dir ".popen.io..\$.gsub%Unsafe directory path provided: .warn.m_logger........*'...6...9...9...'.......)...*...B.......9...B.......X.......9...'...B.......X.......X...6.......D...X...-...9.......9...'...B...'...L...-...9.......9...'...B...+...L..... MSSp not found in registry..version_not_found1MSSp 'DisplayVersion' not found in registry..warn.m_logger.tostring..DisplayVersion.QueryValue.IsValid.HKLM.Registry.Win32.coreYSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan............'...-.......B.......X...'...L...-...9.......9...'...B...+...L.......3MSSp default installation directory not found..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\samrecoverable.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):847
                                                                                                                                                                                                                                                  Entropy (8bit):5.708275070666962
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6AnfqeIYFxO8waLvpV53SaTMzJ1JSsX3Drp:znfqlY7lwaLvpX3DgzJrFnR
                                                                                                                                                                                                                                                  MD5:9633786E7B2D8F01C93BED81B46CAF28
                                                                                                                                                                                                                                                  SHA1:6F5D13B9073941A42AF8DC28ABC03AB0D319C6A9
                                                                                                                                                                                                                                                  SHA-256:FDA3EB21E2C11ADA68801D7D68FED22631BC1AFE935A9D9B16AA1EFF230FF627
                                                                                                                                                                                                                                                  SHA-512:9C2A9983F1F0FC0635DDF591D7C8EAD5FB46DAD54C00705DD3DD08D2C79DC279FC72CFC298B991FB2999BA2FB515BDE4FA194273695BC352258F6421B54D74C7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........;)...6.......9...+...'...+...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...)...B...6.......9...+...'...+...B.......X.......X.......X.......X.......X.......X...)...6.......D....tostring.oem_recovery_v2_disabled0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WA_INSTALL3*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_UNINSTALL4*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_ACTIVATION0*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_EXPIRY.*ShowSearchSettings.GetOption.settings.R.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandlery.......6...'...B...4...7...6...3...=...6...2...L.....new.SAMRecoverable.analyticstelemetry.context.ContextHandler.require...//47798BE70729F8A1EEFD6036B941C76072E7D2AA74B9DCBE45CA772C9271F8D22A1E1777B9CF55BC242E1D326BD02269E8BE9330CEEC96BA9DB8708760A46ADA++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\sequencenumber.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):520
                                                                                                                                                                                                                                                  Entropy (8bit):5.460800424784102
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6bkleqAuDPPVIVJn1qW9icHJXOefoij4MDrWjJWJJKfmKB+3kEkjN0Zru:6AeqBcn1qW9icp+egTMvWjJ1fWqN+K
                                                                                                                                                                                                                                                  MD5:8CED50C7DCF9AF1463B742D73D307648
                                                                                                                                                                                                                                                  SHA1:BC506813F7FDB583A34A6C3F64EB7ED5B2FB09E7
                                                                                                                                                                                                                                                  SHA-256:81B816CE3A963016ED31CFFBCE98258125EA7ECC81528770241D70636DEB564E
                                                                                                                                                                                                                                                  SHA-512:8F5BB331E06EC06C3C31FD8BB8203436A47C48C8261B470A5665FD83E121F88DFCD1AB4FCD91D8B16B76D95BA2A3627EE8F91BE86FBF072B30E103B2A4F43C2B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6.......9...+...'...+...B.......X...'...L...6.......9...+...'...)...B...6.......D....tostring context_product_sequence_id.0.*AnalyticsSequencingOn.GetOption.settings.R.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandlery.......6...'...B...4...7...6...3...=...6...2...L.....new.SequenceNumber.analyticstelemetry.context.ContextHandler.require...//7ED560EC7ED4140568726798C41191271970B2B3A2CA8082D40711DC7A015F3B538C0B6F25B9D40CE2CEC10A9B37B6639B9D5832AF7B155D762D9893E9091CFA++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\smarttoasting.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):972
                                                                                                                                                                                                                                                  Entropy (8bit):5.4279273266494865
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6XWL2ZIiFTncarkwIRwVxneUsqPGGIhOBf49WMmlUJ1pA8GW:WWL+IiFTcarkwIRwVxneUsvGIhM49z7D
                                                                                                                                                                                                                                                  MD5:43926FBC1D75C72914DC526D8A1F4E5D
                                                                                                                                                                                                                                                  SHA1:BB85D6E30D1A49B8E7F657700648F25629C86B5C
                                                                                                                                                                                                                                                  SHA-256:E4B140B78FACE5B057234BA67C5814DB152C69B989C63D4C21186CEA4514F84A
                                                                                                                                                                                                                                                  SHA-512:100A67368B18A0A4196502C0F76A30CA010D673CE0411D308387F096FF00E16F5DD7484ED9F76DE1D1513E1E74C132BF87FE3C0F28E3EDA87A3D70B5F375CEB4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ........../5...6.......9...+...'...'...B...=...6.......9...+...'...'...B...=...6.......9...+...'...'...B...=...6.......9...+...'...'...B...=...6.......9...+...'...'...B...=...6...6...9.......B...C....encode.json_parser.tostring.ml_model_version!smart_toast_ml_model_version.ml_iteration_version.smart_toast_ml_iteration.selected_config_id.smart_toast_config_id.api_configuration_version&smart_toast_server_config_version!client_configuration_version....api_configuration_version..ml_model_version..ml_iteration_version.!client_configuration_version..selected_config_id..unknown&smart_toast_client_config_version.GetOption.settingsR.......6...9...........B...3...=...2...L.....get_context_string.new.ContextHandlerx.......6...'...B...4...7...6...3...=...6...2...L.....new.SmartToasting.analyticstelemetry.context.ContextHandler.require...//618E7BA1E3117C447104D23D8FEEF00B82E662888D67C182F0CE87C845271F7EECE0EAF31D15FB2B2723CD066FE2F2593527F4AC9516E7A093E00A95C77A10F7++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptionexpirydate.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):594
                                                                                                                                                                                                                                                  Entropy (8bit):5.596923483315471
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6uPWQZbCntmkkkkkaTzorpsV4M7RIJ+K0Ng2Lh085pBVz:6uP9bCngkkkkkNreKMqJ10S8Lb
                                                                                                                                                                                                                                                  MD5:80BCA5731A602CD79F2A2DA337402C96
                                                                                                                                                                                                                                                  SHA1:130DFB22FC0C0A3BB981F4CF528DF4D90121BC7A
                                                                                                                                                                                                                                                  SHA-256:61634B00689F0416EBD55AE68997674C381861926B9DB90926D6CBD01950DAF5
                                                                                                                                                                                                                                                  SHA-512:F26F763964B0E3E74F52326706F916FAD17FCA17EAC36AF50EC2917B2775FCFF04C047ED156E61D4E0720ED4A76138016A1DE6322781AF77C219F08CA8D04166
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........&-...9.......9...'.......&...B.......6...9.......'...B.......X...6...9.......)...)...B...'...6...9.......)...)...B...'...6...9.......)...)...B...&...L......-.sub.^(%d%d%d%d%d%d%d%d).find.string+SubscriptionExpiryDate: input date is .info.m_loggerI.......6...9...........B...3...=...2...L.....format_output.new.WSSSetting}.......6...'...B...4...7...6...3...=...6...2...L.....new.SubscriptionExpiryDate*analyticstelemetry.context.WSSSetting.require...//08BBB25746BEDB8D6E20EBEC76AE08313EB9543AFD946830A86CF53D60A442475667B8EA9B4382B231C7DE19146F7BA5E838F75C9E6B65A483088B3AE6E505BE++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptionstatus.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1106
                                                                                                                                                                                                                                                  Entropy (8bit):5.524719903516146
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:68K9YrN+Iuz8iWm4CDopXVXHLhN8FlKCzqWb2lLzJJvUJ1o1poO:FKuN+sppLhN87KCz52lLFJ8JGvT
                                                                                                                                                                                                                                                  MD5:C9DAF06D7876220352BAEF73C942A405
                                                                                                                                                                                                                                                  SHA1:8BCF45E754780188F7556A89DF5E3C5292FA7804
                                                                                                                                                                                                                                                  SHA-256:25D5A6478B95AA2812B5B71D0B829B8DD60F04F916E540C3B637DA0BB5498F31
                                                                                                                                                                                                                                                  SHA-512:52CC2B5E59325CC9B4134AFE2C91B53F3D7404671891613527990F70B7D4EAA706089FF36C3D25102A36DE3CBF22FA426095266ED1C47396AC0690C3156470F2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........J).......X.......X...6...9.......B.......X...6...9.......'...B.......X...)...L...6...6...9.......)...)...B...A...).......X...)...L...6...6...9.......)...)...B...A...).......X...).......X...)...L...6...6...9.......)...)...B...A...).......X...).......X...)...L...6...9...5...=...=...=...B.......L....day.month.year....hour...day..month..year..time.os.sub.tonumber.%d+.match.len.string..4.......6...9...6...9...'...B...C....!*t.date.time.os.........-...9...'...'...B.......X.......X.......X...L...-.......B...).......X...'...L...-...B...'.......X...'...X...'...L..........expired.active..INVALID_DATE.UNSPECIFIED.NO_APP.NO_SUITE.settings.vso.get_sub_db_setting{.......6...9...........B...6...9...........B...3...3...3...=...2...L.....get_context_string...WSSSetting.new.ContextHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.SubscriptionStatus*analyticstelemetry.context.WSSSetting.analyticstelemetry.context.ContextHandler.require...//B23AB20321960D98689F7675

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\subscriptiontype.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):538
                                                                                                                                                                                                                                                  Entropy (8bit):5.533769534729744
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6xnSlRXZQXFcg89rg0lr7JJvUJWJJK8IR6PiiVH6Wkdh:6M1aOPDlnJJvUJ1WiuHg
                                                                                                                                                                                                                                                  MD5:C95DAAEA59951DE6DA7198F68FADF0DF
                                                                                                                                                                                                                                                  SHA1:76C384BF454AB2196AD781D7ED581611218083FF
                                                                                                                                                                                                                                                  SHA-256:A03587A466C47394325A3AE0EA6564B6EE7781ACDA52DBFB10FDD27F24B15596
                                                                                                                                                                                                                                                  SHA-512:BFEE79901D005E04839174ECAB6C70CBDA02235A403D9261D6C3E59114028FC5A9D9CB04FC15D7A40A5F8E4167DDBDEFB6C595F8C06B2742688E96D6783AD0D0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..l.......-...9...'...'...B...'.......X...'...X.......X...'...L......paid.0.1.free.trial.vso.get_sub_db_settingq.......6...9...........B...6...9...........B...3...=...2...L.....get_context_string.WSSSetting.new.ContextHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.SubscriptionType*analyticstelemetry.context.WSSSetting.analyticstelemetry.context.ContextHandler.require...//11EF221A65A8089498DFA65ABA8462CA418FBA7BD92C7F7DB9F4579FA226B34A88F3ED0E7EF1811D41C3BC7BAF0C60E4040249C986F94027FC1851E720355E7F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\suitestatus.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):857
                                                                                                                                                                                                                                                  Entropy (8bit):5.605404148897678
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6K2KHgolfJ+6HmReFYfaHSSTXy6/ynul82t/CCGfOzmik2lrDQxL30GJWJJKyudf:6LSgolbGXSPyKOq8s/le2l4xAGJ1O2jP
                                                                                                                                                                                                                                                  MD5:603393BD8D0BCB5264BB142C09E4B0C4
                                                                                                                                                                                                                                                  SHA1:B5F29709DEA7649807C5865F272A4274B4874E77
                                                                                                                                                                                                                                                  SHA-256:16EC82174D4D3681E3D9CF35193DAA0CEC0AF6E78CDC70C068D66D8CE160A6FE
                                                                                                                                                                                                                                                  SHA-512:AA716B29E1BA8079F3F281CF4DDF60D043CE8F6E138CBB839C655FAF401E004F63D5F6C93D15B177B0CAED4C47356614CB8512EFC9ECB2DDB4AD7BE366A962A7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........&)...6...9...9...'...'...)...*...B.......9...B.......X.......6.......9...+...'...+...B.......X.......6.......9...+...'...+...B.......X.......6.......D....tostring.*Freemium.*Orphaned.GetOption.settings.IsValid5SOFTWARE\McAfee\MSC\Settings\ApplicationInfo\MSC.HKLM.Registry.Win32.core......Y.......-...9...B...6.......B...........X...+...L...+...L......tonumber.get_suite_status..&.......-...9...D......get_suite_status.........6...9...........B...3...=...3...=...3...=...2...L.....get_context_string..is_suite_installed..get_suite_status.new.ContextHandler.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.SuiteStatus.mfw.core.Win32Helper.analyticstelemetry.context.ContextHandler.require...//D62E179CA9F974ADA822EE17391FDFE2DB517C1F6813ECF1706058473BD8BFE9177D7862D5EF6109598C14026F7F41E96B0C820F28150A65432AEBBC84D4DF05++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptionexpirydate.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):472
                                                                                                                                                                                                                                                  Entropy (8bit):5.5653649919561845
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6YkglNLnYklpsvcRu3U4M4rJ0NRu3pKFDHWlXb8h:6JglN7YkleZ35MSJ0NRu3k2oh
                                                                                                                                                                                                                                                  MD5:2A3473A5C4CFEF019E934480007F9F20
                                                                                                                                                                                                                                                  SHA1:9ADB42E46C3773630526AF9445E9997334D47CC1
                                                                                                                                                                                                                                                  SHA-256:44468A6FFE1B3EC0B7675294A5FDF0B46A53602E3F8961A04A4EA2D63F2BE4D7
                                                                                                                                                                                                                                                  SHA-512:BDCB4828078FAF8D7E7F2411D76F2C251B99F7D7B71034DADA31AD77F7E9B0CBA26F59BD6AF79E8C1C9F944D1A766507E083422EFB50F8E2324B86FDD403E356
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..m.......6...9.......'...B.......X...6...9.......)...)...B.......L....sub.^(%d%d%d%d)-(%d%d)-(%d%d).find.stringR.......6...9...........B...3...=...2...L.....format_output.new.AnalyticsWPSSetting.........6...'...B...4...7...6...3...=...6...2...L.....new.WPSSubscriptionExpiryDate3analyticstelemetry.context.AnalyticsWPSSetting.require...//87D046D26C7DAED16B25681CBE5E60A60A7DDF56F91176923720189008293AF6DA7AFDD1C98C84758AC2BE8E2111149CF7F32E06244607B383081B978BF56970++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptionstatus.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):582
                                                                                                                                                                                                                                                  Entropy (8bit):5.585042877052748
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:67k+e+rvD2xZBzroBWpsvcRu3I4Mv1J0NRu3pKWTdhA2qTC:6hVvD+ZB4BWeZ3NMv1J0NRu3kGqTC
                                                                                                                                                                                                                                                  MD5:ABB076906A20B54903AB7E03979D0F29
                                                                                                                                                                                                                                                  SHA1:6E288784662F4CAB02DF225899EF261B89035F0A
                                                                                                                                                                                                                                                  SHA-256:AAD6C1E611CDFE275D8D708ABBACE0B1F6FEB4F6FA6E509AEFF4B7D6D5C610A8
                                                                                                                                                                                                                                                  SHA-512:B86497766AA7E4C4EDAABFCCA612DB2C32C19908D0F22467F337F1365F310A2B6059EAB979298F0EF9D332E44B8B169E69D490EA5F33371552DDF2B307D57D6F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...............X...L...6...9.......B...5...5...6.......B...X.......X...'...L...E...R...6.......B...X.......X...'...L...E...R...L....expired.active.ipairs.....trial-expired.paid-expired.....trial-active.paid-active.lower.stringR.......6...9...........B...3...=...2...L.....format_output.new.AnalyticsWPSSetting.........6...'...B...4...7...6...3...=...6...2...L.....new.WPSSubscriptionStatus3analyticstelemetry.context.AnalyticsWPSSetting.require...//3EDABBBFF1370903FE86FBF74ED65B089A8ADCA584AD7ABA40788E4DF778A1DB9BBB5BFEBC323BBED49CFD3C03BBBD003EF9B5A00DCE710E742D4D8BF0CFE72D++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wpssubscriptiontype.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):576
                                                                                                                                                                                                                                                  Entropy (8bit):5.590487718848391
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6/kx+rvDcoK29ppsvcRu3m4M2YJJJ0NRu3pKcYipivfRCxQQ8Au3:6/kmvDdPpeZ3XM2WJJ0NRu3kcY+YfRCM
                                                                                                                                                                                                                                                  MD5:42521526124AA6D77D4115EBA907F000
                                                                                                                                                                                                                                                  SHA1:3BA7CA231758D4174A709250DD6506C257C85CDB
                                                                                                                                                                                                                                                  SHA-256:4A4B8E1A965CE846A3A9E69F03DF45AC99BE319C1A7612BAD86AB6FB18198399
                                                                                                                                                                                                                                                  SHA-512:64A644A236232E02DC903293A490E649766C28615FE8A27BE9BD7BBCB2026BA64D7826292D3A226359D97C7F0E7944B99888848DFFFDA3EC2A02B00098B15DF3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...............X...L...6...9.......B...5...5...6.......B...X.......X...'...L...E...R...6.......B...X.......X...'...L...E...R...L....paid.trial.ipairs.....paid-active.paid-expired.....trial-active.trial-expired.lower.stringR.......6...9...........B...3...=...2...L.....format_output.new.AnalyticsWPSSetting.........6...'...B...4...7...6...3...=...6...2...L.....new.WPSSubscriptionType3analyticstelemetry.context.AnalyticsWPSSetting.require...//BDE5DC05FE6A42D5F6E58E62E92580FCC150A2A8517874E86447691279B3B88A7F242E05CEE69EB6C73ACEFFB87B3F0F8F123456A87A8F5655E54E0EDCA5EA79++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wsssetting.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1244
                                                                                                                                                                                                                                                  Entropy (8bit):5.804731252510459
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6x6wckmg85AjHwRf8FlNXqzngq4YlP+rYWbemAENhRVtBmwJMUJmT0LhcYF:Y6wK5AzCU7ZuglvAElVtBmw+UJTLf
                                                                                                                                                                                                                                                  MD5:75D07C1C909A665D1A5C343A51F969DE
                                                                                                                                                                                                                                                  SHA1:45F38DCAB0450BD6CB84CDAA0CB9A0AFCB043BFF
                                                                                                                                                                                                                                                  SHA-256:4A79D42E9FAE445195459A33DD27365EE3A1B282E6C8902EF86B0FD5060439F5
                                                                                                                                                                                                                                                  SHA-512:AA3012D30C588FFDEF10B9D64E715A9C878DD1B01075AACFDB71690C30380D6A76615D329B2B9F08D51E4A3CF46E4B179B4E0640041B1D5918E83D3ECE75CEBB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........L...........='...-...9...B.......X...9.......X...9.......X...-...9.......9...'...B...L...-...9...9...9...B.......X.......X.......X.......X...9.......X...9.......X...6.......9.......B...........X...-...9.......9...'...B.......-...9.......B.......6.......D......tostring.format_output?MD5 function incorrectly hashed data. Using default value..MD5Hash.utility.MD5.hash_id.UNSPECIFIED.NO_APP.NO_SUITE.get_sub_db_setting>Invalid configuration for the WSSSetting context handler..err.m_logger.property_name.db_name.get_context_config.UNKNOWN........('...-...9...B.......X...'...L...6...9...9...'...'...)...*...B.......9...B.......X...'...L...6.......9...........B.......X.......X...'...X...6.......B.......L......tostring.UNSPECIFIED.GetProperty.subdb.NO_APP.IsValid#SOFTWARE\McAfee\MSC\SubManager.HKLM.Registry.Win32.core.NO_SUITE.is_suite_installed.............6...9...........B...3...=...3...=...3...=...2...L.....get_sub_db_setting..get_context_string..format_output.new.SuiteStatusr.....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\context\wssversion.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):644
                                                                                                                                                                                                                                                  Entropy (8bit):5.652130140454056
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6Ox2oFtgLNzzPYXxFvO/cQTlr7A01JzKYAGMGuqi:6ZoFeLhzPQxFczTlZ1JmRini
                                                                                                                                                                                                                                                  MD5:53D0C97359B37EBD03D53099EABA7518
                                                                                                                                                                                                                                                  SHA1:B0C3CD4892A4414F3D628055EA9CB53101ED8AB3
                                                                                                                                                                                                                                                  SHA-256:2FE36EB967BA08195BD1CD26194CA3897CB95CACBE5BCFAF619E253B934CD3B6
                                                                                                                                                                                                                                                  SHA-512:4ED75E085631D7CA1EE647F7D21D7BF0C79BA0CE8F284AEAE11F484323BF9A36A201007D1487257D8DAFBC7930BFD89A9AECBDCF47BC791EA6814616B849EA5F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........#-...9...B.......X...'...L...6...9...9...'...'...)...*...B.......9...B.......X...'...L.......9...'...B.......X.......X...'...L...6.......D......tostring..ReleaseName.QueryValue.no_ver.IsValid.SOFTWARE\McAfee\MSC.HKLM.Registry.Win32.core.no_suite.is_suite_installed...O.......6...9...........B...3...=...2...L.....get_context_string.new.SuiteStatus.........6...'...B...6...'...B...4...7...6...3...=...6...2...L.....new.WSSVersion.mfw.core.Win32Helper+analyticstelemetry.context.SuiteStatus.require...//E1AB425AC221CB94D9BE0A4D5DD6E5564817DC3184E7E5D97497B00335F5E9C95AF28F59D56F465C7D1E20C580344EF0EE8687F7379A9917A5D5417545DC946C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticseventhandler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2311
                                                                                                                                                                                                                                                  Entropy (8bit):5.607016714665769
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:mkeaI12J4DXRBQJwyXJ/eJVMTbzscly3AZEhV6oEkiJAOtX2ihZFZ:m3BdrQtXdeyrscw3FV6oEkyAOtX2sZFZ
                                                                                                                                                                                                                                                  MD5:D5B01276FA721A4744C79F1D7990B0E0
                                                                                                                                                                                                                                                  SHA1:F97234C015E996E46B7263F6480AA52A5F25CCA0
                                                                                                                                                                                                                                                  SHA-256:FCD95A9124D220F8ACCBC16F89128B68459E2F43101F3FD3C524EB476C570698
                                                                                                                                                                                                                                                  SHA-512:F41FBA96C32246080BE584CC846A49D7AA1061EBB9023E4E1BA18B7A9B501D7F2AD07A0889F4C7915AAB2BD9EF7B7AAA9D6764901A75F44A1C54A11C9AF8A3A4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........'...6.......9...+...'...'...B...........9...'...'...B.......6...9.......'...B...X.......X...+...L...E...R...+...L....([^,]+).gmatch.string.%s+.gsub.analytics_deny_list.GetOption.settings.........M6...9.......9...'...B...6...'...B...6...9.......9...'...B...6...9...B...H.7.-...9.......9...'.......&...B.......X.%.9.......X.".9.......X...6...'...9...&...B.......X...9...-...9.......B...9...B...6.......9...+...9.......B...X...-...9.......9...'...9...&...B...X...-...9.......9...'.......&...B...F...R...K.....4Invalid configuration supplied for the context #Nil handler found for handler .err.SetOption.settings.get_context_string.new analyticstelemetry.context..setting.handler.Processing context .m_logger.contexts.pairsgIn AnalyticsEventHandler's process_context_attributes before for .. pairs(context_config.contexts)6analyticstelemetry.context.analyticscontextconfig.require:In AnalyticsEventHandler's process_context_attributes.info.log.core........-...L.................K...........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticseventsconfig.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8124
                                                                                                                                                                                                                                                  Entropy (8bit):5.407648093940651
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:74/aZONpo7az5gqKcgF9D5aVF2Jl+PLIO:74CupGaz5gqKcgfD5aV0Jl+Dz
                                                                                                                                                                                                                                                  MD5:0434B934FA55C30022B59F58EE0FA261
                                                                                                                                                                                                                                                  SHA1:D5A6C5F4A0C729EFE9D9812F3FAC4307C751443F
                                                                                                                                                                                                                                                  SHA-256:789EF271CAD1744AF73D7267B78B957A6FCF354FFC09ED9059C870BA702992B6
                                                                                                                                                                                                                                                  SHA-512:486C385DAC6402E25E5C78BC635F8EE7064972F06E031185111F14A393C736C41CD21A422D14C74F0D0AC42DBC70FBB1EE916824F3E27AE433C993D309D9E218
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...>.........5...5...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...=...5...5...=...4...5. .>...=.!.=.".5.#.5.$.=...4...5.%.>...5.&.>...5.'.>...=.!.=.(.5.).5.*.=...4...5.+.>...=.!.=.,.5.-.=...5./.=.0.5.1.=.2.5.3.=.4.5.5.=.6.5.7.5.8.=...4...5.9.>...5.:.>...5.;.>...=.!.=.<.5.=.=.>.5.?.=.@.5.A.5.B.=...4...5.C.>...5.D.>...5.E.>...5.F.>...=.!.=.G.5.H.5.I.=...4...5.J.>...5.K.>...5.L.>...=.!.=.M.5.N.5.O.=...=.P.5.Q.5.R.=...4...5.S.>...=.!.=.T.5.U.=.V.5.W.=.X.5.Y.=.Z.5.[.=.\.5.].=.^.5._.5.`.=...4...5.a.>...=.!.=.b.5.c.5.d.=...4...5.e.>...=.!.=.f.5.g.=.h.5.i.=.j.5.k.=.l.5.m.=.n.5.o.=.p.5.q.=.r.5.s.=.t.5.u.5.v.=.w.5.x.=.y.=.z.5.{.=.|.5.}.=.~.5...=...5...=...5...=...5...=...5...=...5...5...=...4...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...5...>...=.!.=...5...=...5...=...5...=...5...=...=...7...6...L....events_config.events...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticshandleonnavigate.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):439
                                                                                                                                                                                                                                                  Entropy (8bit):5.430304555816182
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6IWlL3uknxUyPpPD4M9CCDiEiMJsYJJKq43JCO:6bL3uu3P6M9HDiEvJsP7n
                                                                                                                                                                                                                                                  MD5:A24DC4B2C5942DDFBC216372AD3005EE
                                                                                                                                                                                                                                                  SHA1:742ED4AB2A4F4BA5E0D173913131DB32E63B7A01
                                                                                                                                                                                                                                                  SHA-256:42046CA4BCC5A3C9AE63CB3C0FAED0B285FD2E451313EDD6B54B8D7763BC58FC
                                                                                                                                                                                                                                                  SHA-512:2FB594DEFD2F4E6BC182CA1EDB743625B4A0DD9F57777F74937A72BFD15A4755E4DFE4B9F6CB314CFDAE4836A3870FF8F9FFD8CE2E8A4D0CD28416CCE7CAA27D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..>.......6...'...D...)handle_on_navigation not implemented.error_.......6...9...............B...3...=...2...L.....handle_on_navigation.new.AnalyticsEventHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.AnalyticsHandleOnNavigate4analyticstelemetry.events.AnalyticsEventHandler.require...//DAE8FB8DBFC7B08C4AA8C548C3A9DE382C3ACD00B3123B98F6787D3A2922AA2039919A250A062B7EA31E7B15728BAB2E825DB50A3B3EAC834C99EF7E5858A0AD++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\analyticstelemetryhandler.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2050
                                                                                                                                                                                                                                                  Entropy (8bit):5.674368122563602
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:3K1O3RnzJe0E/+dvxd4xzyA9JG0JbXS9mf+ZS9oFGtQt6MjG+VkJLrTmHC:Vex/0+fRiYd+QFuk1faC
                                                                                                                                                                                                                                                  MD5:1543285A5B33D0EABD10FC958BDE7136
                                                                                                                                                                                                                                                  SHA1:F455B99AE46422FF116AE192EB2364491CD7CC35
                                                                                                                                                                                                                                                  SHA-256:0C8E7B105016154A353432AD17B4D0F97A6AC67B4B10D47D636AD3135D07DA31
                                                                                                                                                                                                                                                  SHA-512:314F2A4FBF80C2A6CC26802DA05939F8037126F99F43F22152C98BC676493F37281CCD09C7F7088F2AEBC89183AEA08B8395336BA4D70764BEF27EBD64A76F64
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........66...9...8.......X...8...L.......9...'...B.......X.......9...'...B.......X...'.......&...6.......9.......'...B.......X.......X...+...<...L...6...9...)...B...'...6.......B...&...6.......9...)...9...9.......B...+...L....currentline.short_src.Log.utility.tostring%Failed to load package. Error: .getinfo.debug..include.external.mfw..^core%..^mfw%..find.loaded.package......!...6...9.......9...'...B...6...9.......X...6.......X...6.......X...6...9...)...B...'...6.......9...)...9...9.......B...)...L.......X.......X...6...9.......9...'...B...)...L...6...9.......9...'.......&...B...6...9.......)...+...B.......X...6...9.......9...'.......'.......&...B...)...L.......X...9.......X...6...9.......9...'...B...)...L...6...9...9...8.......X...6...9.......9...'...9...&...B...)...L...9.......X...6...9.......9...'...9...&...B...)...L...6...'...9...&...B.......X...6...9.......9...'...9...'...9...&...B...)...L...9...6...9...........B...9...B.......X...6...9.......9...'. .9...&...B...)...L...)...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\blockpage.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2153
                                                                                                                                                                                                                                                  Entropy (8bit):5.703014440133593
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Oe7guhyIJ6flj14j6Q6ARRhQ00MuhXuS5g+i3BJ0sPJQ7:Oe1FqjWbdRRC0ns3di330sPM
                                                                                                                                                                                                                                                  MD5:056744ECEA4B7360AC01351866B61C3D
                                                                                                                                                                                                                                                  SHA1:A7950CE3BE6118E33697ED22C95D6DA6C69A0143
                                                                                                                                                                                                                                                  SHA-256:C89C6258D669F50DB8E95D66EA26DC66A90CFB2464ACD8D77D785A325DA1DED3
                                                                                                                                                                                                                                                  SHA-512:2592AF53E62D260127EFAB58505DD500D3BFB9C8CF81C2AB244F74A37087119E061B134BC58D230CE3CD526AB8B7041C4BDEEF4D1A88793323A476AD2185FAFF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6.......9...+...'...)...B.......6.......9...+...'.......D....SetOptionInt"*AnalyticsCounterPagesBlocked.GetOption.settings.........%+...6.......9...+...'...+...B...........X...+...L...9.......X...9.......X...6.......9...'...D...X...9.......X...6.......9...'...D...X...+...L...K....msad.ads.blocked.Frame.msad.sites.blocked.PublishMessage.wssEventSender.Top.level.Typosquatting._event_name.*AnalyticsSendWss.GetOption.settings......).|-...9...B.......X...-...9.......9...'...B...+...L...9.......X...-...B.......X...-...9.......9...'...B...-...-...B.......X...-...9.......9...'...B...9.......X.(.'...=...9.......X...'...=...9.......X...'...=...9.......X...'...=...9.......X...'...=...X...'...=...9.......X...'...=...X...9.......X...'...=...X...'...=...X...'...=...'...=...9.......X...'...=...X...'...=...5...9...=...9...=...9...=...9...=. .9...=...9.......X...9...=.!.9...=.".9...=.#.9.%.....X...'.&.=.$.-...9.'.....B...-...9.(.D............transmit_analytics_event.set_analytics_event.de

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\browsernavigate.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2034
                                                                                                                                                                                                                                                  Entropy (8bit):5.619001010095783
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UsDTHkRkQtT4vdeR6oJdULzkDeJe7gujLMsHiKfJJ5MJ30cbJfF7n:Us/HVQh4vyALzkDme1j/C0JJ5A30cbJZ
                                                                                                                                                                                                                                                  MD5:1F53FFA42A301E65B399C0021AC9D85F
                                                                                                                                                                                                                                                  SHA1:A8090738A676C7563964690F4A3A92F66CD42B8C
                                                                                                                                                                                                                                                  SHA-256:3B22238152C23349CA96AF7105650CB6DEC67C683DF8BF2C26CAC0C5385F61C2
                                                                                                                                                                                                                                                  SHA-512:FF2995B57460E6F3DD0F3532DB3C808930B09D020A7C3F906B3F629C95FD8B11A10805135A33C9B820F8183CB7E72DF9886CFD64688866F7A7B984639751E8FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........*6...9.......9...'...B...-...9...B.......X...-...9.......9...'.......'...9...&...B...+...L...9...-...9...........B...9...B.......X...-...9.......9...'.......&...B...L.....'Failed to handle analytics event: .handle_on_navigation.new.handler. Handler: BBrowser Navigate handler does not exist for analytics event: .err.m_logger.get_analytics_eventIIn Analytics BrowserNavigate Handler's process_registration function.info.log.core........06...9.......9...'...B...6.......X...-...9.......X...-...9.......9...'...B...K...6...6...9...B...H...+...9.......X...6...'...9...&...B...........X...9.......X...-...5...=...=...<...F...R...K........config....handler..config..handle_on_navigation.analyticstelemetry.events..require.handler.events.pairseA global analytics configuration mapping analytic events to event handlers has not been defined..err.m_logger.g_analytics_configSIn Analytics BrowserNavigate Handler's build_navigation_registrations function.info.log.core.........6.......9...+...'..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\commonlogicloader.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1419
                                                                                                                                                                                                                                                  Entropy (8bit):5.79482391332802
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6NpCk+enQBwRdS0ZSF2j5G6n8VGLoL9m/eB+kJRiuWeTSKUZSFgT46A3zh6fTZ2m:qCvenawRdS0ZSw1F8VGLZGB+2CKUZSmd
                                                                                                                                                                                                                                                  MD5:24079788DC3C924FD3BFE6C5724F4E81
                                                                                                                                                                                                                                                  SHA1:C6AE7F3E466866CA55B4610BBFED214BE1810949
                                                                                                                                                                                                                                                  SHA-256:0FB28CBFCE9A25007E85E54CD839D6195EFE3FD91D431BA70C53C9B281087186
                                                                                                                                                                                                                                                  SHA-512:7C27B87E24696E2AF8115DE2B4E0ADF4B13771A534C125A0AABDCCBD56DCF017C9E6A69CDF636B21804EAFBCA47CEBAE19296538632D608BC6D0C4938869C00F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6...9...8.......X...8...L.......X...+...6.......9...............B.......X.......X...+...<...L...6.......)...B...K....error.include.external.loaded.package.........6...9.......9...'...B...5...'...6.......B...X...6...6...........B...E...R...K....requireFromLogic.pcall.ipairs.\logic\.....MiscUtils.providers_selector.base_provider.ss_logic.oem_business_logic.type_tag_utils=Inside Analytics's CommonLogicLoader's requireLogicFiles.info.log.core........]6...9.......9...'...B...'...6.......9...B.......&...6...9...'...)...B...6...9...'...B...6...9...9.......'...&.......B...9.......X.5.6...9...:...9...B...).......X.-.U.+.....9...'...'...B...6...9.......9...'...........&...B...6...6...........B.......X...6...9.......9.......B...6...9...9...........B...........X...6...9...:...9...B.......X...X...6...9.......9...'...B...K....loadSSProvidersCode end.FindNextFile.err.requireFromLogic.pcall.Loading script: ...luc.gsub.cFileName.string.handle.*.luc.FindFirstFile.Win32.WIN32_FIND_DATA[1].n

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailycounters.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2671
                                                                                                                                                                                                                                                  Entropy (8bit):5.863752214121039
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Nv/cUjFEmVSJhJ2TqHsZHNJGoXWpFs9hEi20hjXVFOI0B2gzZ9i5JEpJmhL:Np2h4TqH4zGRpKTbj/Vga/EpK
                                                                                                                                                                                                                                                  MD5:5C8DF7C70B138ECB45611F1C99CDF879
                                                                                                                                                                                                                                                  SHA1:0B37D4EA4E269D4959BC81A3115E348A4D5627B5
                                                                                                                                                                                                                                                  SHA-256:83FF1310D76F529F9BC6512E29F75F27B191026342E0CAAB35656404532F8072
                                                                                                                                                                                                                                                  SHA-512:0994475671831EF29CBB77A8757E5B8005699C9D94B20616C4C243D3D5365B424EE707316269D6C9645E2A5D9D6D1FB9A07A1FC82DB80F89D784E03B80B9B963
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........d6...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...-...9...B...+...)...'.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9...9.......X...9.......X...+...9.......X...6...9...B.......6.......9...........'...9...'...6...9...9...B...&.......B.......6.......9...........'...9...'...6...9...9...B...&.......B...+...L......SetOption.lower.string._.GetOption.settings.tonumber.default_no_value.in_context.prefixQAnalytics Daily counters handler called with an invalid event configuration..Analytics_DailyCounters.get_analytics_configBAnalytics Daily Counters handler was passed an invalid event..err.m_logger.triggerType.browser.get_analytics_event;Inside Analytics Daily Counters handle_analytics_event.info.log.core.......%...6...9.......9...'...B...-...9...B...+...)...+...'...5.......X...9.......X...9.......X...9.......X...9...........X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailyping.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2592
                                                                                                                                                                                                                                                  Entropy (8bit):5.570588287292458
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:q8RJ0a2Qh6wIHQB9NoCZJdxrLz+vFBLRN9Wh2h9lSeXXfRzjF3JKRjd+PJlOJ6yY:q8/AQh6+LNJZZLz+9dpSe/pjfKPKlO0Z
                                                                                                                                                                                                                                                  MD5:5BCB480176060509A8F25D89458128DB
                                                                                                                                                                                                                                                  SHA1:6277D5A16C6BAF28724AF14B30C799E9B8882115
                                                                                                                                                                                                                                                  SHA-256:91487D6FA7401AAF7D639FE3D19E12C7E82C8E2093BF42E4517CB6056D62CCDF
                                                                                                                                                                                                                                                  SHA-512:98EF1BDC00E6193E375C9A83CACF10597C19C3F9F82C8E256ADFD1287A845ED03CC967AA8B2BE4084D254CCA30BA86D2637B1EEE3C538B5AB2F73042DA3606D1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........(-...9...B.......X...-...9.......9...'.......'...9...&...B...+...L...5...9...-...9...........B...9.......B...-...<.......X...-...9.......9...'.......&...B...L.......XTelemetry 3.0. Daily Ping's process_registration failed to handle analytics event: .send_on_ping.new....metric_value..extra..handler. Handler: CTelemetry 3.0. Send on ping handler does not exist for event: .err.m_logger.get_analytics_event.........4...6...-...B...H.......X...9.......X...9.......X...9...8.......X...9...9...<...F...R...L......metric_value.ping_metric_id.pairs.........6.......X...6...9.......X...-...9.......X...-...9.......9...'...B...K...6...6...9...B...H...+...9.......X...6...'...9...&...B...........X...9.......X...-...5...=...=...<...F...R...K........config....config..handler..send_on_ping.analyticstelemetry.events..require.handler.pairstTelemetry 3.0. A global analytics configuration mapping analytic events to event handlers has not been defined..err.m_logger.events.g_analytics_config........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingbrowsernavigationcount.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1145
                                                                                                                                                                                                                                                  Entropy (8bit):5.896058509059003
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6UUM9qnTXtfq2BeVhrhjClvVvgP0VvAqScukUJdI3GgVv+vJ/vJ5508Ht+z:TOHEVhMEAAqSDdc3vcJXJAzz
                                                                                                                                                                                                                                                  MD5:C9C350BDA2597A50FA2AB170BA780E5A
                                                                                                                                                                                                                                                  SHA1:7DDF190329C5C549B85D8FB961B887B32CBF32F8
                                                                                                                                                                                                                                                  SHA-256:53BE02E74F7E94C261A4EAE6FCA5D0F42FA33E32CAD5B1E1DF80BA533B9E012C
                                                                                                                                                                                                                                                  SHA-512:30FB4B8042CF5C14BB1AF8DA2C6F18C75D5A044162778708A9D2FFF8F939B67FDC32FDE768BADE2C234B333653A1A702229963A7E9F22854730C4423E01BDC41
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........?6...9.......9...'...B...-...9...B.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...4...6...-...B...H...6.......9...+...6.......&...)...B...<...6.......9...+...6.......&...)...B...F...R...9...=...6...6...9.......B...A...=...+...L........encode.json_parser.tostring.metric_value.ping_metric_id.SetOptionInt4ANALYTICS_BROWSER_NAVIGATION_COUNT_TODAY_PREFIX.GetOption.settings.pairs\Analytics DailyPingBrowserNavigationCount handler called with an invalid configuration..err.m_logger.ping_label.get_analytics_config:Inside DailyPingBrowserNavigationCount's send on ping.info.log.core.........6...9...............B...'...7...5...3...=...2...L.....send_on_ping.....ch.ff.ed4ANALYTICS_BROWSER_NAVIGATION_COUNT_TODAY_PREFIX+Analytics_BrowserNavigationCountToday_.new.SendOnPing.........6...'...B...6...'...B...5...7...6...3...=...6...2...L.....new$DailyPingBrowserNavigationCount....send_on_ping./analyticstelemetry.events.SettingsDBLookup)analyticstelemetry.events.SendOnPi

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingbrowserused.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1385
                                                                                                                                                                                                                                                  Entropy (8bit):5.647811771424218
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6CelnIXFF/xolSVxjGJUkEdWyJYlvV3HVEguLuSE8GJV6vJ/vJ5H6hIm/Fch:70IXn8IGy6eHLucbJXJdy/k
                                                                                                                                                                                                                                                  MD5:8254A852D48CCB91AEE447BA5358DC05
                                                                                                                                                                                                                                                  SHA1:AEEE33315A653283EA929F68895580AF1885A47A
                                                                                                                                                                                                                                                  SHA-256:DB505E7F28335D556C377DD845042C0D40B07538E6038D81C15CE3A8C8547073
                                                                                                                                                                                                                                                  SHA-512:D561F92E71DEDD99B75B4FE1A0FB6E292C8F0B0A130B6FADDA947650ED246581F428CC5CB1FAFFCE72D25DA71CCC6F6F2FB07518D752F40D9776DA652208E2D8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........'6...9.......9...'...B...6...9.......B.......5...7...6.......9...6...8...B.......X...6...9.......9...'.......&...B...+...L...-...9...+...-.......&...+...D........get_setting$Process is running for browser .IsProcessRunning.utility.browser_processes....ch.chrome.exe.ed.msedge.exe.ff.firefox.exe.lower.string9Inside DailyPingBrowserUsed's get_browser_used_today.info.log.coreD.......6.......9...+...-.......&...+...B...K......SetOption.settings........36...9.......9...'...B...-...9...B.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...4...6...-...B...H...-.......B...<...-.......B...F...R...9...=...6...6...9.......B...A...=...+...L............encode.json_parser.tostring.metric_value.ping_metric_id.pairsNAnalytics DailyPingBrowserUsed handler called with invalid configuration..err.m_logger.ping_label.get_analytics_config/Inside DailyPingBrowserUsed's send on ping.info.log.core.........6...9...............B...'...5...3...3...3...=...2...L.......send_on_ping....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\dailypingmetriccounter.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1533
                                                                                                                                                                                                                                                  Entropy (8bit):5.591046055711385
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6qZ0GoJPeM2Q+ycfXlvVulvDJNn7IBTbWcB5f396BBqmkctcXlvV54SGXjuZwiJn:t0GoJWM2Q+yHJNnWbv96G1kSGa5JjFJ/
                                                                                                                                                                                                                                                  MD5:5481A7F0DB5E38C2E0B4D487ADA34CFA
                                                                                                                                                                                                                                                  SHA1:0BC321BD4CC8DC159967B5F522CDAD180EC648EE
                                                                                                                                                                                                                                                  SHA-256:E30194B320783BEE0646634015D1A944380277765C1FB976374FAA19380C62B3
                                                                                                                                                                                                                                                  SHA-512:AA4458E7D1A708F985CBB936296C600970F6F29AFECD0D36990B3C1617B25F40CDEDF5E3ED3EC8B34736DF4631FA912E3EC8D2BE4C9E80719F1A85F5B0F50A50
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........C-...9...B...+...)...6...9.......9...'...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9.......X...+...9.......X...6...9...B.......6.......9.......9.......B.......9.......X...9.......X...9...6.......9.......9.......D......SetOption.max_value.GetOption.settings.tonumber.default_no_value.in_contextSAnalytics DailyPingMetricCounter handler called with an invalid configuration..err.m_logger.setting_name.ping_metric_idAIn Analytics DailyPingMetricCounter's handle_analytics_event.info.log.core.get_analytics_config.........O-...9...B...+...)...+.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...9.......X...9.......X...+...9.......X...6...9...B.......9.......X...9.......X...+...6.......9.......9.......B...9.......X...9.......X...9...9...=...=.......X.......X...6.......9.......9.......D...X...+...L...K......SetOption.metric_value.max_value.GetOption.settings.reset_count.tonumber.default_no_value.in_co

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainmembership.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4617
                                                                                                                                                                                                                                                  Entropy (8bit):5.830734673267187
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:GQEBjpEGPxKTKVUhwq6avqws1aoibd6IKloknBNlMveTGXryHeEnvxJwFvOcgQS6:GQOEGPxKTK6WaNs4Vd5Kl1bEdbREJWlH
                                                                                                                                                                                                                                                  MD5:5675171C0D8D4695A4E2C75BF56D4487
                                                                                                                                                                                                                                                  SHA1:CEA4EC1801BA52D8D31EDC3E3CE234CCBE09B169
                                                                                                                                                                                                                                                  SHA-256:4DD4426315AA9B87979C7A1CC3355159D3A1539DDF65AFB8969BD4B01B4EB680
                                                                                                                                                                                                                                                  SHA-512:866A19877D5EBEDF6CDF105C2839D3A245C852CDF536176D9DD26B8821D2A718BD4679E88D4B3777963A2DAC510F58EEB629D2CC7F3C0D728401BDF19434B30C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........5...=...=...=...L....hit_label_21.hit_label_20.hit_label_19....hit_label_21.._event_name.wa_domain_membership.hit_label_20..hit_label_19.^.......-...............B...9.......B...9...D......transmit_analytics_event.set_analytics_event........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........EAnalytics DomainMembership ver_to_send < ver_sent so not sendingEAnalytics DomainMembership ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings........<4...6...9.......B.......X...-.......9...'...6.......B...&...B...L...6.......B...X.$.6...9...........B.......X...-.......9...'.......'...6.......B...&...B...X...-...8.......X...'...5...=.......X...'...=...=...6...9...........B...E...R...L........insert.table.type.value..name....value..type..name..unknown.: .Error getti

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\domainnavigatedcounter.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3032
                                                                                                                                                                                                                                                  Entropy (8bit):5.870910964820613
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:IWmazRGpYrvwvziT45n1y27j6F01AwQS0ZBdJgGlKqdA/kvUgZDf2jCHJJ1mjA:IU4pWczlN7jUQPQSggkKqdAIZDf2GHJN
                                                                                                                                                                                                                                                  MD5:2C8911B3980EEF3A29CE473B4CD9217A
                                                                                                                                                                                                                                                  SHA1:F139C36C58654B67B49CD9207A1899E40ABE0F57
                                                                                                                                                                                                                                                  SHA-256:E3BC027E22AB082BD1331AF8527DB62369D72D573A7F33A3E0DC1F9B8654CEBD
                                                                                                                                                                                                                                                  SHA-512:7DD6CF875534AAF205D9BE680734BDD50F4637FC8AE310877FB5730221DD92290359EEE0D1827684078308F6034639D3E7AEA25B1546749617FA27B19BB91E38
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..n.......6.......B...H...6...9.......9...B.......X...9...L...F...R...+...L....domain.urlMatch.match.string.pairs........+...L...........=-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......9...'...B...+...L...+...)...-...9...-...B.......X...+...L...6...9...-...'.......'...9...&...B...6.......9...............B.......6.......9...............B...+...L............SetOption.GetOption.settings._.lower.string^Analytics Domain Navigated Counter handler was supplied a malformed event for processing..err.url.browser.get_analytics_eventOEntering Analytics Domain Navigated Counter handler's handle_on_navigation.info.m_logger.........D-...9.......9...'...B...+...)...+...5...).......)...M.4.)...-.......)...M...6...9...-...'...-...8...9...'...8...&...B...6.......9...............B...).......X...5...-...8...9...=...8...=...=...-...9.......B...-...9...B.......X...6.......9...............B...O...O...+...L..........SetOption.transmit_analytics_event.set_analytics_event.hit_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\downloadscan.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1661
                                                                                                                                                                                                                                                  Entropy (8bit):5.6353792956433075
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:oeQDKesU4NION1YmRj2AZGrZ+8JHlDiJelgJxV:oeXeN4NpRRjY40dyeSJ
                                                                                                                                                                                                                                                  MD5:A5EF78E0F756F9435BF466F4699494E2
                                                                                                                                                                                                                                                  SHA1:222D52D9293B97166D3C30BC96DCCD76389029C4
                                                                                                                                                                                                                                                  SHA-256:3104A3FCF530FA3503BCF18352E464716C6D461CA8BC44572EA0DBDD9DD34F6D
                                                                                                                                                                                                                                                  SHA-512:7FD8FD52148917CF69E9E8974F20FF7C3575294B252383EBBD7AD7E0AD8F3C9F20C3913EAF4C1A77F3267EFCD8C28ACDC7E99EDF9FBBF72F0ABC83792E379F8C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..X.......6.......9...+...'...+...D...&*DownloadScanSendProcessTelemetry.GetOption.settingsU.......6.......9...+...'...+...D...#*DownloadScanSendFileTelemetry.GetOption.settings........7'...+...9.......X...9.......X...6.......9...'...B.......X.......L...X.$.9.......X...9.......X...'...6.......9...'...B.......X...6.......9...+.......)...B.......6.......9...+...........B.......X.......L...X...+...L...K....SetOptionInt.GetOption.settings.msad.files.blocked&*AnalyticsCounterDownloadsBlocked.Blocked.msad.files.safe.PublishMessage.wssEventSender.AcceptRisk.interaction_type.DownloadBlock.name..........B-...9...B.......X...-...9.......9...'...B...+...L...-.......B.......X...-...9.......9...'...B...9.......X...-...B.......X...'...=...9.......X...-...B.......X...'...=...4...9...=...9...=...9...=...9...=...9...=...9...=...9...=...9...=...-...9.......B...-...9...D............transmit_analytics_event.set_analytics_event.ui_type.hit_label_24.colour.hit_label_23.hit_label_22.hit_label_21.browser.h

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\heronerrorslog.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2427
                                                                                                                                                                                                                                                  Entropy (8bit):5.734071337426371
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:6/W/iBelQ1lYQ0M7atJAaPpJ5JjWJHZF8ko8jVpPUmQrWDJXRgAn3JusvOi:jlQlAJHJSD8k9jWa1XSg3t
                                                                                                                                                                                                                                                  MD5:A125C112C55E27E0FDDD2E541480EE53
                                                                                                                                                                                                                                                  SHA1:5FC3996D4205DD73544E4FE80A1916AB3EC569D8
                                                                                                                                                                                                                                                  SHA-256:FBD236FAB0A1A641C46DFCE6CB173491474A9CBD3173C77BC33509C115953886
                                                                                                                                                                                                                                                  SHA-512:DA1F328764D4E4891463960CFDBD8710D01AC6698B43DD4A5D1AC9F1F2BAFAF50A7D25F111351CC47B6893CD554CAF741AFB8F216D28A3ADEAA2CB83CD399A61
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ........#...6...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......9...'...B...+...L...-...9...B.......X...-...9.......9...'...B...+...L...+...9.......X...9.......X...+...'...9.......X...9...6.......9...+...-...+...B.......X...-...9.......9...'...B...+...L...6.......9.......-.......B.......X.......X...'...X.......'...&...'...9.......X...'...9...'...&...'...9.......X...'...9...'...&...'...9.......X...'...9...'...&...'...9.......X...9.......X...9...'...9.......X...9...'...9.......X...9.......X...'...9...'...&...'.......'.......'.......'.......'.......'.......&.......'. .....'.!.&...6.......9.".....-.......B...+...L..........SetOption.}.{.,"metadata":.,"line_number":.,"error_code":.,"error_type":.,"function_name":."file_name":.metadata.error_code.".null.,.[-HeronErrorsLog heron telemetry disabled..GetOption.settings.default_no_value..in_contextGHeronErrorsLog handler called with an invalid event configuration..get_analytics_configPAnalyt

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\installedextensions.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1361
                                                                                                                                                                                                                                                  Entropy (8bit):5.7222381194006
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6iagPrR/Jr3yCJOxTnZBCjsVudecYHfxQ6FF9K6FXyvjocu/yYXl3JB1J5ZzGBeN:hPrP3BsZBCjocBqK3joD/yYXbvJB
                                                                                                                                                                                                                                                  MD5:9AC09FB2FE4AB5D79A8823E8E56C9BB4
                                                                                                                                                                                                                                                  SHA1:F800A112729815F419DA876E0E87FC0DB50B0BBE
                                                                                                                                                                                                                                                  SHA-256:C4A499FEA4EE42E78FFA0996B3DA2D6150023C4BCA326B7A9FE80D3B16906227
                                                                                                                                                                                                                                                  SHA-512:B11CABF05F7AF0028475EE1BE4DF6597A9644DAA5ABDF0A8150DB8E18F6E224615D675D119E2B2A00B6369939476053978D1AAC8DC49EACE9B2CBB5B408D3356
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........+...L...........V-...9.......9...'...B...6.......9...+...-...)...B...6...-...B...H.B.6.......9...+...-.......&...)...B.......X...-...9.......9...'.......B...X./.6.......9.......B.......X...-...9.......9...'.......B...X. .-...9.......9...'.......'.......&...B...5...=...=...=...-...9.......B...-...9...B.......X...6.......9...+...-.......&.......B...F...R...K............SetOptionInt.transmit_analytics_event.set_analytics_event.hit_label_21.hit_label_20.hit_label_19....hit_label_21.._event_name.wa_installed_extensions.hit_label_20..hit_label_19.. is *extensions json payload for browser: ANil installed extensions payload so not sending for browser .get_extensions_info.browserSettings8Ver_to_send <= ver_sent so not sending for browser .pairs.GetOption.settingsHEntering Analytics InstalledExtensions event handler's send_on_ping.info.m_logger.........6...9...............B...'...'...5...3...=...3...=...2...L.....send_on_ping..handle_telemetry_event....CH...ED..1Analytics_Installed_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\lowsearchusertargeting.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3307
                                                                                                                                                                                                                                                  Entropy (8bit):5.672005510352201
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:p9hLYo14yWoUDkcqroiepVs+5ahLiD70tWQrdkI1:9PTWoUDDXD7Kdl
                                                                                                                                                                                                                                                  MD5:5A35BF4618BFCEAB37688CB5A8511FA3
                                                                                                                                                                                                                                                  SHA1:62E09C8AC3C5A9603E0793A444DFE4A19B48B04C
                                                                                                                                                                                                                                                  SHA-256:539F34F12F104A2B32CE52E9FBB3642BB0CD48E2F5598681EE9287215BD3CD60
                                                                                                                                                                                                                                                  SHA-512:CCA0106170395258F6B1FAAF23BB2B9D6BE742391CD915124E25391B0E15580C41F4C0623B2C01E928D5FE7DF1D99B69705CAF2A9C1E877E7E2B4F775C3F17CD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ........0...6...9.......9...'...B...'...6...6.......9...+...'...)...B...A...6...6.......9...+...'...)...B...A...6...9.......9...'.......'.......'.......&...B.......X...6...9.......9...'...B...K...6.......9...+...'...+...B...6.......9...+...'...+...B.......X...'...X.......X...'...6...9.......9...'...6.......B...'...6.......B...'.......&...B.......X...6.......9...+...'...)...B...6...9.......9...'...6.......B...&...B.......X...6.......9...+...'...)...B...6...9.......9...'...6.......B...&...B...6...6.......9...+...'...)...B...A...6...9.......9...'.......&...B...6...6.......9...+...'...+...B...A.......X...K...6.......B...6...9.......9...'...6.......B...&...B...6...6...9...'. .....B...A...6...9.......9...'.!.....&...B...5.".=.#.=.$.=.%.=.&.=.'.6...9.......9...'.(.B...-...9.).....B...6...9.......9...'.*.B...-...9.+.....B...6...9.......9...'.,.B.......6...9.......9...'.-.....&...B...6.......9...+...'.......B...6...9.......9...'./.B...K.....9send_low_search_user_targetting_telemetry() exitin

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\navigatedtoday.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1396
                                                                                                                                                                                                                                                  Entropy (8bit):5.560263627552033
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6j+e/agXgQCWpI4M6JUhheWdJs1bWWSAJWIKY7jJw8JNHuuZJvJZHrRO2vJsKH4L:u+e/vPNMEUhhfdcb3VA7Y3Jw8JzZJv32
                                                                                                                                                                                                                                                  MD5:B6555ECDDF3AE6C3F7207673E9DFEC54
                                                                                                                                                                                                                                                  SHA1:601D2A773577A56E823BF13A2544F27DF122519E
                                                                                                                                                                                                                                                  SHA-256:25C34EBF0EF869FE78E293563719F2C36C4DD4EB53EB7B2FD954E35D9C491F98
                                                                                                                                                                                                                                                  SHA-512:26BD9959A208FDC9C8890B6B8FFE87B4CCBD92C9DE2295B4624D34EB437D4C52D2F36BB268FE37F1B7D9DC530B41B1645B984B241CAC220CB7D93FE6B6E46244
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........M6...9.......9...'...B...-...9...B.......X...9.......X...6...9.......9...'...B...+...L...6...9...9...B...7...6.......9...+...-...6...&...+...B.......X...6...9.......9...'...B...+...L...6.......9...+...-...6...&...)...B.......6.......9...+...-...6...&.......B.......X...6...9.......9...'...B...+...L...+...L.........aNavigatedToday Telemetry 3.0 handler unable to increment BrowserNavigationCountToday setting.SetOptionInt.GetOptionXNavigatedToday Telemetry 3.0 handler unable to set BrowserUsedToday setting to true.SetOption.settings.lower.stringXNavigatedToday Telemetry 3.0 handler was supplied a malformed event for processing..err.browser.get_analytics_eventAIn Analytics NavigatedToday Handler's handle_analytics_event.info.log.core..........6...9.......9...'...B...-...9...D......handle_analytics_event?In Analytics NavigatedToday Handler's handle_on_navigation.info.log.core.........6...9...............B...'...'...3...=...3...=...2...L.....handle_on_navigation..handle_analytics

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\pushnotification.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3033
                                                                                                                                                                                                                                                  Entropy (8bit):5.6445036663431125
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:REIVPXKEKVUIc7JExkuuajjtBjqb87lzXdM2LCkPTbxY4eSZrlMWuar7uLnU/XaM:REGPXKEKVUN8uoBjk8XMCCovbeK5MxnE
                                                                                                                                                                                                                                                  MD5:CB3840772AA5D70D563B31E6E6D5BED4
                                                                                                                                                                                                                                                  SHA1:FBC3D845B022E0A3E38DC01E832D11A2F813778B
                                                                                                                                                                                                                                                  SHA-256:148F560CDC77D62088B201D549C866D488E6D7EBB0547CE1E7F4B46B777B5A13
                                                                                                                                                                                                                                                  SHA-512:B8764F8C09DF899665060CA268BF630A00854F0A484D543FDC99AD7C0E36D4CFE1C48D178AFE0C5A851895396AD6050842274304CA2621A1D07B08420B109349
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........EAnalytics PushNotification ver_to_send < ver_sent so not sendingEAnalytics PushNotification ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings.........'...6.......B...X.......'...6.......B...'...&...E...R.......X.......9...)...)...B...........'...&...L....].sub.",.tostring.".ipairs.[........()...4...6.......B...X.......9...'...B.......9.......B.......9...'...B.......9...).......B...........X...6...9...........B.......E...R...-.......B...........J......insert.table..:.sub.//.find.ipairs..........5...=...=...=...L....hit_metric_0.hit_label_21.hit_label_19...._event_name.wa_push_notifications.hit_metric_0..hit_label_21..hit_label_20.ch.hit_label_19.^.......-...............B...9.......B...9...D......transm

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\remapattributes.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1355
                                                                                                                                                                                                                                                  Entropy (8bit):5.59101889177688
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6JO8dwKfhwo8uuGEE0eVEKvRRMjjgOvEW4d5Z+S69gxuuHJjMfJsPHUxn:ADDfhCuDEE0eHRMjjTu+gx9HJQfJ5xn
                                                                                                                                                                                                                                                  MD5:DB20AA1CD1B6E51D8D5BE03DE5C8BF87
                                                                                                                                                                                                                                                  SHA1:F041DE9EA9B6ADEC749448232A3B8C84EF1BC3FD
                                                                                                                                                                                                                                                  SHA-256:66BDADE4994B6045BED335BE31A7F9AB0B4FDB2F01818C95D624F97B00D58503
                                                                                                                                                                                                                                                  SHA-512:1E67BB6971A4FFB120ACEA3DCF58FDC12F7EDC6913591D5EF5751945B02B9CE2CBCDF5FD98CBD92D4C09B35173B690E35B3D1A216388E620363A3DFB7EE4F98E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ............-...9...B...-...9.......X...-...9.......).......X...6...9.......9...'...B...+...L...9.......X...9...=...4...-...9.......X...-...9.......X...9...=...9...=...9...=...-...9...........X...9.......X...-...9...:...=...X...-...9...:...=...-...9.......X.:.)...-...9.......)...M.4.-...9...8...........X...6...9.......9...'...B...+...L...-...9...8...:...8.......X...-...9.......X...-...9...8...:...'...<...X...6...9.......9...'...B...+...L...X...-...9...8...:...-...9...8...:...8...<...O...-...9.......X...-...9...=...-...9.......B...-...9...D........transmit_analytics_event.set_analytics_event.hit_screen8Malformed event passed into RemapAttributes handler.default.set_default_for_not_mappedNRemapping part of config passed into RemapAttributes handler is malformed.remapping._event_name.Impression.browser.hit_label_20.hit_label_19.name.hit_label_18.as_is.interaction_type.action_type9Malformed config passed into RemapAttributes handler.err.log.core.event_names.get_analytics_event..a.......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchreset.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3387
                                                                                                                                                                                                                                                  Entropy (8bit):5.518921565811051
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:+cEGPlKkKVUr0/VjzpzRILXFfj2NIWjRN5RlDk9w03ngpYjRI26VNPNBYwixtPmn:PEGPlKkK6gRzpzu05Pu91nY7HWU
                                                                                                                                                                                                                                                  MD5:8E6128F8F2A9F879C6306590A8D5177B
                                                                                                                                                                                                                                                  SHA1:146103A6B4E2B54A4814780DDA0FC58082A443EE
                                                                                                                                                                                                                                                  SHA-256:EE3DEE8BC57ADDE2453A4C96278587CBD80129DAE0EC3B17E6F6BDC8EBB64C22
                                                                                                                                                                                                                                                  SHA-512:8C6B4F52A7C57B3E35E9C220768962EEFABD791B601CCBD25D836EE3D0C3F599B048069DE64BBBC0CA26F24B6BFAA4D41736074C40633B6F1BDB207A12726C3D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6...9...6...9...'...B...A...6.......9...+...-...)...B...).......X...)...L...!...L......GetOption.settings.!*t.date.time.os........$6.......9...+...-...)...B...6.......9...+...-...)...B.......X...-...9.......9...'...B...+...L.......X...-...9.......9...'...B...+...L...+...L.........<Running processes ver_to_send < ver_sent so not sending<Running procceses ver_to_send = ver_sent so not sending.info.m_logger.GetOption.settingsg.......6.......9...+...-...)...B...6.......9...+...-.......B...K........SetOptionInt.GetOption.settings..........-...9.......9...'...B...6.......9...+...-...+...B.......X...+...L...-...9...B.......-...9.......X...6...9...6...9...'...B...A...6.......9...+...-.......B...6.......9...+...-...)...B...+...L...6.......9...+...-...)...B...-...9.......9...'.......&...B...-...9.......9...'...-...9...&...B.......X.O.-...9.......X...-...9.......X...-...9.......X.C.-...B...).......X...-...9.......9...'...B...+...L...'...-...B.......X...6.......9...B...........X...-.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchsuggestcounter.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1653
                                                                                                                                                                                                                                                  Entropy (8bit):5.796504876010033
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:JDSzV16a2/zAij2Hacz8SDAJJEyJ/QQN4:JuzV1BMrj2/8W0JEySY4
                                                                                                                                                                                                                                                  MD5:71FFCE9BE0676300990DB112319B18EA
                                                                                                                                                                                                                                                  SHA1:4A7B0BC0A058D21AD3DF2719D0A3B41B1D027C99
                                                                                                                                                                                                                                                  SHA-256:0861A21D2679E49EF9E1202C6F90E29FA73AD66518CEAE8943F95707F718BFF5
                                                                                                                                                                                                                                                  SHA-512:3499CB79844B6D341397CE896119FD7A418324D45AA4E6E171E2B07C8AAB064DBA496A9403621AE15336DBC3D4A6679EF9733A16B24B78411DEEE4D438846B76
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........A-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...+...)...6...9...-...'...9...'...9...'...9...&...B...6.......9...............B.......6.......9...............B...+...L........SetOption.GetOption.settings._.lower.stringHAnalytics SearchSuggest Counter handler was passed an invalid event.err.search_type.interaction_type.browser.name.get_analytics_eventDEntering Analytics SearchSuggest Counter Handle Telemetry Event.info.m_logger.........J-...9.......9...'...B...+...)...+...5...5...5...).......)...M.8.).......)...M.3.).......)...M...6...9...-...'...8...'...8...'...8...&...B...6.......9...............B...).......X...5...8...=...8...=...8...=...=...-...9.......B...-...9...B.......X...6.......9...............B...O...O...O...+...L........SetOption.transmit_analytics_event.set_analytics_event.hit_metric_0.hit_label_21.hit_label_20.hit_label_19...._event_name.wa_search_suggest.hit_metric_0..h

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\searchterm.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5468
                                                                                                                                                                                                                                                  Entropy (8bit):5.684573016098276
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:vEc6Kr6/joo1pKtk8LhEPeL4wM9IKV1BkU+DdZdggkqJtzLULlPT:vBZr6cq8txNMKKrOU+RZdjJBLMZ
                                                                                                                                                                                                                                                  MD5:3778F3C22BF093A34BB5692A9B4DA2C6
                                                                                                                                                                                                                                                  SHA1:97D933306ADDD6D6359EC3753721ECCFD9CCE583
                                                                                                                                                                                                                                                  SHA-256:B724C5CD2F574A01A88ED238DDDE988A440AD027F9190ADDDF345AF8D188CA93
                                                                                                                                                                                                                                                  SHA-512:F095FDC6F063824231C2380DF76E0B7788F18D30B638383097F0E193F90C110B5AD7850E0816FEB285A527AB9C00445D27D559EC205A2DD9324FE9BC82A69409
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..8.......6...9...6.......)...B...C....tonumber.char.string+...........9...'...-...D......%%(%x%x).gsubc.......6.......B...H...6...9.......9...B.......X...L...F...R...+...L....urlMatch.match.string.pairs........06...9...........B...7...7...6...9.......6.......B...6...9.......'...B...7...7...6.......X...6...9.......)...6.......B.......-.......B.......6...9.......'...'...B.......6...9.......B.......L......lower. .+.gsub.first2.last2.&.sub.first.last.find.string.2.......-.......-...8...9...D........firstIndicator........F'...6.......B...X.>.+...6...9...B...X...+...6.......B...X...6...9.......'.......'...&...B.......X...+...X...+...X...E...R.......X...+...X...E...R.......X...6...9...B...X...6...9.......'.......'...&...B.......X...+...X...E...R.......X.......X...9...X...9...'.......&...E...R...L.... .category.exclusion.%f[^%w_].%f[%w_].match.string.inclusion.ipairs.........+...L.............-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\securesearchhit.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8197
                                                                                                                                                                                                                                                  Entropy (8bit):5.709606313879427
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:UD2A/mLB7AVWy/c9AbQLW/rNwGYF3B6YfX:gPAUVWyc9AbBeGYtfX
                                                                                                                                                                                                                                                  MD5:3F35B8392D1798597572ACDDEE5C3120
                                                                                                                                                                                                                                                  SHA1:F5DB76148679A62E1615EF8BFFA87109841A9E80
                                                                                                                                                                                                                                                  SHA-256:165B85E77E30395DD43C0B979A82E895BA0522F133538DAC1AE02D4224959D10
                                                                                                                                                                                                                                                  SHA-512:17431A9A7A00D35DFC00F7F191FD313A04F4C50A6EAFD4EF8471EDA7F41DADEA30B467A16069AA7C7F06DE04CB01260A2EE370BECBE3A559A1C9641F9AA871DB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6...6.......9...+.......)...B...A...6...9.......9.......'...6.......B...&...B.......6.......9...+...........B...K....SetOption.tostring. - count: .info.log.core.GetOption.settings.tonumber.........$6...9.......9...'.......&...B...9...9... ...).......X...U...........X...6...9.......9...'.......'.......'...9...&...B...5...=...=...9...=...L.......month..year..day..day., day: ., month: /Secure search hit add_month result, year: .month.year-Secure search hit add_month, num_month: .info.log.core..........!6...9.......9...'...B...6...9.......B...6...9.......B...6...9...........B...6...9.......9...'.......'.......'.......&...B.......L...., difference:., target_time: /Secure search hit days_until, start_time: .difftime.time.os!Secure search hit days_until.info.log.core...........~6...6.......9...+...'...)...B...A...6...9.......9...'...B.......X.f.6...9...'.......B...-.......)...B...-.......)...B...6...9...-...........B...A...6...9...-...........B...A...6...9.......9...'...B...6...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\securesearchtoast.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2753
                                                                                                                                                                                                                                                  Entropy (8bit):5.78394166018439
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:5sSiaIqULiwOSJJWkGqCq+RkvjjQH7UjULso2X16RYDQJ8v029vJPbtD:5sRaIqx9gJWkGqH+Qjc3L6IYDk8v029n
                                                                                                                                                                                                                                                  MD5:8237CA728FE9B37944D872D8AA34D726
                                                                                                                                                                                                                                                  SHA1:1CA63A24AFBB2BE70766D915EC34163C63E53155
                                                                                                                                                                                                                                                  SHA-256:1C2A9D2D80B9A406F7956F778CF70102AB4DD4CF4F688F93D366F1C6C6A8C02A
                                                                                                                                                                                                                                                  SHA-512:76E339E13FFB4DC10702B25D2F715AEFFC749F0D24FB0AECF2DFA56DDA45C03E771BD55E67C1608E9442CF79ED2862BAD6D0F9BDF968FEC2D46A23118D4888A2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ........@...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...'...'...9.......X...9.......X...9...9.......X...9.......X...9...9.......X...6.......9...+...-...9...&...9...B...X...9.......X...9.......X...9.......X...6.......9...+...-...9...&...'...B...=...6...9...B...-...9.......9...'...6.......B...&...B...6.......9...+...'...+...B.......X.A.6.......9...+...'...)...B...)...'.......X.#.6...9...!.......B...6.......9...+...'...)...B...-...9.......9...'...6.......B...'. .6.......B...&...B.......X...-...9.......9...'.!.B...'.".....X...'.#.....&...X.......'.$.'.#.....&...-...9.......9...'.%.....&...B...'...9.......X...6.......9...+...'.&.)...B.......X...6...9...!...B...).......X...6.......B.......6.......9...+...'.&.)...B...X...6.......9...+...'.&.....B...5.(.9.'.=.'.9...=.).9...=.*.9...=.+.9...=.,.=.-.9.......X...6.......B...=...6.......B...=./.-...9.0.....B...-...9.1.B...'...9.....2.X...'.3.X...9.......X...'.......X...6.4.9

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendimmediately.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):571
                                                                                                                                                                                                                                                  Entropy (8bit):5.368387435739017
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6t5LzIKSSj3d2k0uknxFJ+PF4MVIRMJsYJJKHLrdas5MHS:6t5Pj3MbuuHJjMVtJsPHLxas5eS
                                                                                                                                                                                                                                                  MD5:C79B4D9ABAB7F9088963396633373130
                                                                                                                                                                                                                                                  SHA1:138EDF86F524355BD7E037FC1E21DCB1D6AC077B
                                                                                                                                                                                                                                                  SHA-256:31C8327F3757FE4A889D6BFC13E8B778A9CD09119FED103F8B60DDB10B7270E2
                                                                                                                                                                                                                                                  SHA-512:E762F3A14D737C26B94524120F0BD65613DD1BAB3E1877F588B9579C2A67CFDDEF973A4D50A78BF886ADB67398F1974A20B77310EFEBA690F3B06AD55384595E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........-...9...B...9.......X...+...=...9.......X...+...=...9.......X...+...=...-...9.......B...-...9...D......transmit_analytics_event.set_analytics_event.flags.timeout.analyticsSDK.get_analytics_eventa.......6...9...............B...3...=...2...L.....handle_analytics_event.new.AnalyticsEventHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.SendImmediately4analyticstelemetry.events.AnalyticsEventHandler.require...//5AF2B3F30CA2477B8884BB0D801B1721C9FC6976C639E9179DE8ECBB599B8CA365CD6F815DF94702B8EF29344880D003B55FE2897CE4189C2F8870D5FFB199E9++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\sendonping.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):407
                                                                                                                                                                                                                                                  Entropy (8bit):5.443442104534436
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6AWHuknxcW7NPl4MXFQMJsYJJKV7gehAoiljaDq:6FuuOMXFZJsPtBOoU0q
                                                                                                                                                                                                                                                  MD5:E8DF367056FE2ABFE9304728B0181C4E
                                                                                                                                                                                                                                                  SHA1:7D1D9096FD18F373FF19DDB5406C8D4176A50461
                                                                                                                                                                                                                                                  SHA-256:DFC8D29D6C889BC0A5700446E389197DE191EF1B5CFDBA64CF2167E8334C3FEE
                                                                                                                                                                                                                                                  SHA-512:23D4D5C28F8B2D3F3242BE50DE34B8E54FCDADB78D2DF8E20D0FE26ACCE27506CF9E364434EA614F5B7B80C215DC6B98101C5EC2A94003DC93B0A30C33CAA2D0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..6.......6...'...D...!send_on_ping not implemented.errorW.......6...9...............B...3...=...2...L.....send_on_ping.new.AnalyticsEventHandler{.......6...'...B...4...7...6...3...=...6...2...L.....new.SendOnPing4analyticstelemetry.events.AnalyticsEventHandler.require...//21398B440EA28FAF8D99DD7EA2BD636471BA9D882AE2E076332081F8193BDFD81EC66AC532DD528EEA1411464872F558A57639C30F53475D3F51EA51B5001805++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\settingsdblookup.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):405
                                                                                                                                                                                                                                                  Entropy (8bit):5.508156056649387
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:67klvhpCl2IWm7RYvfOH6eaA0lbDPeX3t7/:6EeJViWH6blbLq
                                                                                                                                                                                                                                                  MD5:A288B56AD5CE337137C0A3B8F600F5C3
                                                                                                                                                                                                                                                  SHA1:B9D7D321EA5B63355C10BEC920E4231F35E70490
                                                                                                                                                                                                                                                  SHA-256:87B778D9AEE383BBF5D607B9F6FBFD6788C48E87BD673B0F4F3EA682A9DDB1E8
                                                                                                                                                                                                                                                  SHA-512:955FFEC02DDB6E6C9998B570031FE8169657D1C8454AD0FB6A17B9DA6C0051DAD058C6B7C800F307C74BE613979317CE320B85EA6A4CC9A265140230B147AA3B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........'.......X.......X.......X...6...9.......9...'...B...X...6.......9...............B...........X...'...6.......D....tostring.GetOption.settingsAInvalid parameters supplied for get_setting helper function..err.log.core.(.......4...3...=...2...L.....get_setting...//2F60F4770EC82BE45FE951736A149B465D3E892E3CA2FFC2A21C625294129A5F4E4AEF90C0A32469DA9727A56B1BA8853AE964C8267917CB5AA0FF71CBC4BC88++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\smareputationcounter.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1675
                                                                                                                                                                                                                                                  Entropy (8bit):5.812628804473798
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CiDSFhorowIgf3Nah9LbjM1qj+IQdXoiz8SDAJJKrkJcOahg:PujxRgfE7bjM1qjYdXz8W0JKYSXg
                                                                                                                                                                                                                                                  MD5:F1530A4A72D6FC8A138963122A592426
                                                                                                                                                                                                                                                  SHA1:28012084AD424E7E45498BD34B46DC6C4894CB85
                                                                                                                                                                                                                                                  SHA-256:2C5CAA83B99DFF814D665F8615F9CC6F6C0C4E91A9DD9BE54032B49305C0B591
                                                                                                                                                                                                                                                  SHA-512:CDFA76E2B91E3B753E6529D2624917B213459A6143985D8DC7733C0AD074BC145E886631F3CA1A7A5E44E3726F9C736FCEE907EFB2CF2A68C6848579CF552EE5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........C-...9.......9...'...B...-...9...B.......X...9.......X...9.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...+...)...'...6...9...-...'.......'...9...'...9...&...B...6.......9...............B...9... ...6.......9...............B...+...L........SetOption.GetOption.settings._.lower.string.defaultFAnalytics SMA Reputation Counter handler passed an invalid event..err.count.color.site.browser.get_analytics_eventEEntering Analytics SMA Reputation Counter Handle Telemetry Event.info.m_logger........Q-...9.......9...'...B...+...)...+...5...5...5...5...).......)...M.>.).......)...M.9.5...8...=...8.......9...B...=...+...).......)...M.".6...9...-...'...8...'...8...'...8...&...B...6.......9...............B...8...<...).......X...+.......X...6.......9...............B...O...-...9.......B.......X...-...9...B...O...O...+...L........transmit_analytics_event.set_analytics_event.SetOption.GetOption.settings._.lower.string.hit_label_20.upper.hit_label_19...._event

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\toastcheck.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2284
                                                                                                                                                                                                                                                  Entropy (8bit):5.688225802861164
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:QZmvjPkSALczlpJbZ1ef/czmg2bRTHZ1IJWvD8PJD99nJlQXB:QZmvAZoJ7bmg2bRTPsWvDo59ne
                                                                                                                                                                                                                                                  MD5:C29B48B46920AB4EAD3A21EEB77D1A00
                                                                                                                                                                                                                                                  SHA1:7F075528E4F14A5AB87D4EA8034307CD978B3876
                                                                                                                                                                                                                                                  SHA-256:E4C90BDFFA953F6D93BDCE6DCCD1E960F369C5FE514CCEB4263D31E6BB690B5E
                                                                                                                                                                                                                                                  SHA-512:3DBEE74CE0A17FA8AF1A10C158321000AF1D4AC31609A695970CCD0F0B2A5A30D981C85EEA3FEDE58134C8276B0591394CCFC9DBD0E374364961B38CB1B8F5F1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..#.......-.......'.......&...L......_w.......-...........B...6.......9...+.......)...B.......6.......9...+...........B...K......SetOption.GetOption.settings.>.......6.......B...X.......X...+...L...E...R...+...L....ipairs........i6...9.......9...'...B...-...9...B.......X...9.......X...9.......X...-...9.......X...-...9.......9...'...B...+...L...5...-...=...6...9...B...X...4...<...6...-...B...X...-...........B...6.......9...+.......)...B...8...<...6.......9...+.......)...B...E...R...E...R...4...=...6...-...B...X...6.......9...+...-.......&...'...B...9...<...6.......9...+...-.......&...'...B...E...R...9...=...6...6...9.......B...A...=...+...L..............encode.json_parser.tostring.metric_value.ping_metric_id.None.Last_Failure.SetOption.GetOption.settings.ipairs.Schema_Version....Schema_Version.IAnalytics ToastCheck send on ping called with invalid configuration..err.m_logger.triggers.ping_label.get_analytics_config0Inside Analytics ToastCheck's send on ping'.info.log.core........U6..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\wssanalytics.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):767
                                                                                                                                                                                                                                                  Entropy (8bit):5.4781836322079815
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6kQ5GlsglzZ7GlsggGlN6W0oHQp3JhEJ9AnuyzRu+nGpIjbDckndhhlSJg0qNPPO:6N5VglN7VggGl1QTSJ9AnuZ+nzDcunhc
                                                                                                                                                                                                                                                  MD5:813010E03F53082949F857AB3AD34D0C
                                                                                                                                                                                                                                                  SHA1:2C0AEB8AD7C01A7B0C4CCC7E6E8889CCD1AA72DD
                                                                                                                                                                                                                                                  SHA-256:C5AF7F0E7FCC80D0A2F47DED1F8665F7AC0969E9F722B8AD89013F90B36FB33F
                                                                                                                                                                                                                                                  SHA-512:08A435E9ED068E072D689955CCDE370D6690D15EBC3A03EEDC9E1093C8079943F9A20B2A05068E4BEBB8CDF8E669CDBC173D5D188F3B91C72911817D31A94207
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........#-...9...B.......-.......X...-...9.......9...'...B...+...L...-...-...9...8.......X...-...9.......9...'...B...+...L...6.......9...-...9...D..........PublishMessage.wssEventSender>Invalid message passed to WSS Analytics analytics handler.messageQEmpty analytics telemetry information returned when processing WSS Analytics.err.m_logger.get_analytics_event.........6...9...............B...5...3...=...2...L.....handle_analytics_event....msad.files.safe..msad.sites.safe..new.AnalyticsEventHandler}.......6...'...B...4...7...6...3...=...6...2...L.....new.WSSAnalytics4analyticstelemetry.events.AnalyticsEventHandler.require...//CAB46F8B4979A9367CD8CC9D65DE914508BF352E34B41B25FF46C215AEE55DE9481C9C8B7B95518D8C91B46ECB0154E69B12E21F660EA42EC64BF3F864536427++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\analyticstelemetry\events\wssanalyticsraw.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):616
                                                                                                                                                                                                                                                  Entropy (8bit):5.509919989918288
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6Tkq5GlsgyP26WfEFyi9AnuyzRu+nGpIjbk0uknxFJ+PF4MaoMJsYJJK9M64UcV3:6X5VgyP2cyi9AnuZ+nzbuuHJjMaRJsPI
                                                                                                                                                                                                                                                  MD5:33255E585532FAD946CFA0C6C30D1805
                                                                                                                                                                                                                                                  SHA1:FA0C203AAA2D0CFE0E241081FE116BD8706540B9
                                                                                                                                                                                                                                                  SHA-256:7A1C49F3197F47A2DFA2B9A612C238CD248B3C4F60C8A83217ACEEB13759D32C
                                                                                                                                                                                                                                                  SHA-512:D45E3C14E15758679313407C1A2F7AC16C5CC9BA6A391109E0959D216061C35FD67F0CFA3AD0EF9DE2001E664EE89A4C8E4FEA9DD5CB348E149DDBA4E45B5783
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........-...9...B.......-.......X...-...9.......9...'...B...+...L...6.......9...-...9...D........message.PublishMessageRaw.wssEventSenderQEmpty analytics telemetry information returned when processing WSS Analytics.err.m_logger.get_analytics_eventa.......6...9...............B...3...=...2...L.....handle_analytics_event.new.AnalyticsEventHandler.........6...'...B...4...7...6...3...=...6...2...L.....new.WSSAnalyticsRaw4analyticstelemetry.events.AnalyticsEventHandler.require...//4C5EF8E50932A718928AC60DE5F3A3091AA4F2F5662105885F24C1C87AC0E7C510992B1F2E63BE4D10838A77FB022A976EA602993EE8EA650CFBAE6F4D302649++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\browserhost.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3931160
                                                                                                                                                                                                                                                  Entropy (8bit):6.517200498178353
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:viT3zh7BuogehP0Dm+ItKnrLCzWUNCY1x9CH1S5j8QaAqZHLzee6dy:yuogeRd/S+jRaA6Gy
                                                                                                                                                                                                                                                  MD5:CA79242AD42B4477057E398550249B54
                                                                                                                                                                                                                                                  SHA1:6145A551BFE7014EE23AB9AEAB4CAFE177B315CF
                                                                                                                                                                                                                                                  SHA-256:146BC884337E506A0473149D28F84528301759FF31086A033865EFB1E44B2720
                                                                                                                                                                                                                                                  SHA-512:29BAEE39940B7688C40E57587F77E4490A364970C8E6CA2DE55709DE19352F2B3E5D91A8B3E3188C1B4953EB471817716F6B359B0F1A6D04DFFF2E59C9869C42
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$......./..Pkd..kd..kd.. ....d......yd......ad.......d.. ...fd.. ...vd..q...jd......yd......jd.. ...xd.......d..kd...e......:d..q....d..q.#.jd..q...jd..Richkd..................PE..d...'YWg.........."....$..,..........P%........@..............................>......S<...`..................................................*7.......=......0;. )...L;.......=..t...N4.p....................O4.(....g1.@............ ,.X...8$7......................text.....,.......,................. ..`.rdata...*... ,..,....,.............@..@.data...$....P7..h...<7.............@....pdata.. )...0;..*....8.............@..@.didat.......`=.......:.............@..._RDATA..\....p=.......:.............@..@.rsrc.........=.......:.............@..@.reloc...t....=..v....:.............@..B........................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5985656
                                                                                                                                                                                                                                                  Entropy (8bit):7.997073443075553
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:98304:T+PQByUNM+wti12AJyTJs6mEzHohlciWocwyJ6TW9TFIfvxzNfuTeaFfPzemlu:i4ByU6+JyTKbEDoXciWoSdF+vhNf4TeV
                                                                                                                                                                                                                                                  MD5:EFADC0D22983A99516DDBFBA3FD6F1A5
                                                                                                                                                                                                                                                  SHA1:A64D75E07B8535FC7F71F33684CEB852E6784FA9
                                                                                                                                                                                                                                                  SHA-256:B4F29215D91B81325283EA358CB73753D53392874637C501F3009F0718091461
                                                                                                                                                                                                                                                  SHA-512:479F98D3D2C868F7189F09669A92F941979679F60525229F917F8B351BFCDEC8873E8D69D3153515F660A80D666E5F4A0DF8CC00F59EC1B423AE1DFD48C8B6E8
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:PK............................app_launcher.js|Uak....._1..?.,r\...x.4.B.>..O.R......2;.+\.........Z.v.sfV^..... ...ww......Ow.........>.....{..-C^......<.7......#...!..j.:...G...`..........h....k.s.B...@q..@...HV...M.a'..~."E,'.N].."%.9[.O.R.O.....h@.j...,o',.9...../.^bLR.0i3.'.....)D........=K..M.V...B.;1.#`.Ta......3;;va...Hq..N...E..<.d.O%<...XX.2..`....FI.+W.H.t...`l3Fc.v6me.E....!1.5...O.e..c..]w.L.M........N.c.B.U...6.`..H...H.<D..&.S...1L."t. ..Q3zVg..k..A.-.X.....i'h.Y$..p:l..i/=. Y.i$B.]....Is&U.......H...I.....J.l....Q`.x.Gh......H.l..n|.!<u.....5...]b..T....F..W....u.7'......|-<s,.....p}.....&.?...;. ....@..%%T...v.[.jz........Tk..p.UA..T.P.jvu..T..**....:SU.|..2....../..4.X...\....w-.^;\...y.bPTR.Rz&.K..f...C._.v..|~....0Y.y...W......u......fC.~..}..i.vL.]...+.cS.s..s.(.P...Cxm..?.4.c..:j..\>..9Iz.\-...}.\!pT.,...W..Fw..K..*p(..P.}9..E.(..Hf..*M.UP'.\.OC._.rm..y.P.....~.....;.8....a...O.,.Xe:S\(.r.%..."y...Ynu...G...@..#VY.(.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):358
                                                                                                                                                                                                                                                  Entropy (8bit):4.783729084285157
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:3FF2b4FPeee/KabRVdUvFFyFlLulkNCZDZKMjeQoFeNCBHu4H4WsNCHERN2l7Y:1YJKadislLAj+9QoFdBOKjkRN2l7Y
                                                                                                                                                                                                                                                  MD5:4BCE68B8CBF044EB70958BC6018D0F01
                                                                                                                                                                                                                                                  SHA1:46B4482884D6062CF15E618B8035BD1E675A3EA9
                                                                                                                                                                                                                                                  SHA-256:FE5A9A409388CD8E5D6AF76E3FC8E8708F697F2577886BC3B826B4D591CB4306
                                                                                                                                                                                                                                                  SHA-512:0F3E86AEB29E202E2E36E4E1859AFED3F17CE65246E90291CA8413287B94798A42309EB27E5CFB67A0B48A8C6D14174FBFC3F36EBE25B7BD8D7800BB78671047
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "webadvisor",.. "path": ".\\BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fdhgeoginicibhagdmblfikbgbkahibd/",.. "chrome-extension://dbghilognjpbmkdcpjgodiieiflmlaeb/",.. "chrome-extension://iiloambhgijcaodolaknfhmcficdnaca/".. ]..}

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\edge.com.mcafee.webadvisor_v2.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):357
                                                                                                                                                                                                                                                  Entropy (8bit):4.7907114893123115
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:3FF2Eas4FPeee/KabRVdUvFFyFlLulkNCZDZKMjeQoFeNCBHu4H4WsNCHERN2l7Y:17aWJKadislLAj+9QoFdBOKjkRN2l7Y
                                                                                                                                                                                                                                                  MD5:BEEC1609B6AA63B29247C7C4805CBF32
                                                                                                                                                                                                                                                  SHA1:A9AF06A9D648857FDFBB8BD0D1B6A49840FF0232
                                                                                                                                                                                                                                                  SHA-256:BFFE531435235BF8801946B9BC8654A79727FD6D591DBB7BE173BE9A55FC6974
                                                                                                                                                                                                                                                  SHA-512:36BBB47F67D2B112AF77759E637318CD79560156B3B5A1007FEE0CB0A9FDE3E26C99D980D2160DF0A730304A43D3D16D2F28742E44A5303B81C0FEAE78A176FA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "webadvisor",.. "path": ".\\BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fdhgeoginicibhagdmblfikbgbkahibd/",.. "chrome-extension://dbghilognjpbmkdcpjgodiieiflmlaeb/",.. "chrome-extension://iiloambhgijcaodolaknfhmcficdnaca/".. ]..}

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.478002392539657
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLPbKq8GLfrCt:7rrSOX8BC0Bj5dXEC0BjyKS0b/8oCt
                                                                                                                                                                                                                                                  MD5:3410423B9D7B023BA74C63F07F99235D
                                                                                                                                                                                                                                                  SHA1:5109BA37F63F1FF50C07F925FBB4F81B4D304A10
                                                                                                                                                                                                                                                  SHA-256:BECD6B3499F92B282494A55D59C826E2CC293119D04164E7FF586AF13E436D8E
                                                                                                                                                                                                                                                  SHA-512:2D7858B7E603666FBC6BBE29E36E62EB8DDDF4308F5D0AFADBFC3631D5A5C916F79FD15818226F4382548C6B97EE4C82E9D429E3F3CE0B3C07AEC274AA7189B1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//170C272373DD9D70DD07D3078B003D50C1703FC86F85DAA23AD470B978AF27482F6639AD74CEFC108CAD71CF5282E7443B9659D3F66218FECB7BF63D25FDA524++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.45820186251319
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLRinpsFkS6dxq:7rrSOX8BC0Bj5dXEC0BjyKSoFkvq
                                                                                                                                                                                                                                                  MD5:2CE0087562892070D641D509DB32DD54
                                                                                                                                                                                                                                                  SHA1:7D9ECFBB816010CFFB98627FD39A86D371E117AE
                                                                                                                                                                                                                                                  SHA-256:A624B6BFC871D5E57FD7E1AF5B0328DBAF7723C9D7192021B08673EA4F079A26
                                                                                                                                                                                                                                                  SHA-512:C70C4B74237C077877D436B2C7B6B2B1E7B7B22C4955B5A19352F4768A4D21AA7F76E5C8FD43B571DCB008FAA22C2080F0F509795D83DDEC6B17310E8FE35F21
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//DE4789EFC404036F254F89D75AB1E47C57D3CA6A942662C9EC6F89BC6DB6A0D7B1DFA6DA422823197A9FEF248699D117FF9A2764D737AE5996DA82C2FA1AD905++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.4461883658600305
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL2TdEhuGhwVbj:7rrSOX8BC0Bj5dXEC0BjyKSREhWVbj
                                                                                                                                                                                                                                                  MD5:61C640F0D948B87E20F9FBFFEB77A330
                                                                                                                                                                                                                                                  SHA1:9F5ABDA83E0C7F0F3D83170E3339A7AF2912C7B5
                                                                                                                                                                                                                                                  SHA-256:992438959C209FD4517A0E7023436301425CC6D27757F26783FE360D7422E0B5
                                                                                                                                                                                                                                                  SHA-512:5BF2939DF94222647EC27DB611EF50D4C6AB6B571F327A38572518A9A414869A08343DBF2BBE3F939D62A8FEB48E7CD621FE8BC2DAE9FDB97046E70F7454D705
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//EFC1EE5B000C51F38E99D71E91304386AC8C570D5DD9CDC91758712E81CDB04BCEA17EB3C7D3EDC62DA96FACAE8331434DC71D1A739FBF611C48686DB31A7A8B++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.463440158175525
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLxThs/VgKX29QO:7rrSOX8BC0Bj5dXEC0BjyKSa1s/SBX
                                                                                                                                                                                                                                                  MD5:AB213B8B678499E34545107A3F29DD6D
                                                                                                                                                                                                                                                  SHA1:69C9B45E6D29DAC2B8C13FDBEF0F61B9404F8B03
                                                                                                                                                                                                                                                  SHA-256:230237CD0094158BC14ACD53455E1DA1FB0D6F66A8C22660993A8BD1A2F7EFD4
                                                                                                                                                                                                                                                  SHA-512:A6D1E6D065F3F933C7E383A658E206CA0E7F21FCD9E32D197EA73F51B7EA6191B5E9F24ABF501FE07193DB77F417BEA69B9620A8DA8014A8C84E41566159EBD1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//8C8EDC53C2A798D8B8D350BAFC5F57DEA5A52F21A530381F8E0EF1CF522FEBFC114D3245A62C07CD059D1F3543A380539D4C9D7D5467F3632256E4A4E8E72368++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.467789482393415
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLV/KWsFFNrk3Pn:7rrSOX8BC0Bj5dXEC0BjyKS1TdMPn
                                                                                                                                                                                                                                                  MD5:4B4F53A26CC390BD46AA5E2F788E3EA3
                                                                                                                                                                                                                                                  SHA1:62BC3F2752C7311B2C8790A864AD13E1DF1B6F4C
                                                                                                                                                                                                                                                  SHA-256:9E8D7F02744939ED1E6A1B4B6CD2EA1B23D3982B288A481A5A376F8160352806
                                                                                                                                                                                                                                                  SHA-512:D5E3480CB2FE8F27B700E9CCADBE73DE4A35757601743421576D8DC34EB54A9E949276C9C44355DA63CD0416C0A1C6DA37E41DE80027394014638DED4334A3EB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//33A26F8AB0BDA7AB05E99D60F4F621817338ED5758F0C32F0F619D96E500D1FAF0C6475E53F482DADF1A8C68C9FBB46B7C5F4825EDCD821555BF2A2FF44E5E6F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.448414128170323
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLcfO8ANNC4g:7rrSOX8BC0Bj5dXEC0BjyKSZA64g
                                                                                                                                                                                                                                                  MD5:C1D503621E5A9C14287289E37F9EA3BB
                                                                                                                                                                                                                                                  SHA1:D28E3CA01EAC333BFEFF8A058F4CFCDE60EEF482
                                                                                                                                                                                                                                                  SHA-256:3E3BBCA2FFC1C3C906AA3890E9F820A014C46825BEBE31478F9543154001F58C
                                                                                                                                                                                                                                                  SHA-512:823A503277ABBA0BCADA5472F17A09587C6C805E21485FC307BCC7AAD7A1D6DE492AE511CC152B6053551CA67646F797A90085F046C6352AE6506F1046702CCA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//800E8484F6D0DA03B1160E6ACBCE9316EFD8E385323AE0EFAEC6A52BFFA61413A9FDBA5B65C4E03B788EE0E35709753347D51AA8196900CD480E183B3B4697FF++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.465072364155408
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLSUEsiYqLzg34:7rrSOX8BC0Bj5dXEC0BjyKShxBLzg34
                                                                                                                                                                                                                                                  MD5:9D5D3C1DDE30DE91108EBB542CAB5600
                                                                                                                                                                                                                                                  SHA1:DF459112D06C18206E861E7FC5B03A42FD990961
                                                                                                                                                                                                                                                  SHA-256:E455B5D287F20CB26839DE4BD471D55BD85F033FCB0BD67C2AD31E6FB82D7B06
                                                                                                                                                                                                                                                  SHA-512:4DD1210E6F86B2F9282B391E08E741AC74B48BA2CCED440D6888361BAB6963E8775876C462F43E1439DEA8F42C004087941D779284C4E7F8D84C6EDDF07730C3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//197E502E240A4CA940A10248DDC7B457E66B1914812253E76922527458780623CEBB4355839FAA94A8AC20E4AA84E2D3E4F05034C99B545573140DF684051FF7++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.450475785026495
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLppMK1JGNrOu+AV9T:7rrSOX8BC0Bj5dXEC0BjyKSwp93s7+i
                                                                                                                                                                                                                                                  MD5:4CA33ADF377846302AA9DAA2AAE4E1BA
                                                                                                                                                                                                                                                  SHA1:D203BC3DB5801DBB3D71DF8E75915390A3DDEB3E
                                                                                                                                                                                                                                                  SHA-256:402CCF67CE7A9951D946564F5E226446EB96DBF94497F163BFD24E798DD9B661
                                                                                                                                                                                                                                                  SHA-512:1E89577B1D2FD48B228724F82842A883D2AF3097663E15F468A43BBF409C7B91E854C2FE746EA7418CFACA68BD07B32FFE4A9485F1520C24777A2EC907A139D2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//9F617C02EB2854E54701D6C82A1DCDAACADD1D378E21B16805111FBEAA77599CB9A3674789A71AA3E5F3E1878243417CD515BB3708A13B3C0DA9DE3F13F295D1++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.481524147070895
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLmeMRrM:7rrSOX8BC0Bj5dXEC0BjyKSY
                                                                                                                                                                                                                                                  MD5:9766BF4631C38C443F90A96BF2AB8850
                                                                                                                                                                                                                                                  SHA1:4F0377CE71C77B6B3428B321DB9337C0FA99F7D7
                                                                                                                                                                                                                                                  SHA-256:3751DDC1CE3D2B012A05F3964CE95C41F4A5768DD72F989AF104ACEF3732B970
                                                                                                                                                                                                                                                  SHA-512:FAA42E18C39937CCE6473C0BC8CBB0AC3A4ECCD3BECC9DC8FE698C18591AF6BBE486B22319D709FCA69AE18FF0E1E3B22D2BD8A8A0708AAB107A3F5B9EC4C3E1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//67E264B2CB7B527F0921289C594BD303A45323BF11ADF4C68EC7DD65C01420A8E25FF931FE23816796C416E81C7627DFD3D557614DD0BF8D9F829DA7A0FFDF72++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.47132080555524
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL3zw+6e6VR3S2Zl:7rrSOX8BC0Bj5dXEC0BjyKSqzcpRCOl
                                                                                                                                                                                                                                                  MD5:ACC4ED97C4563B2E64DEFCD44D78B8B8
                                                                                                                                                                                                                                                  SHA1:B42881266236C3634850B775AF19340D44DC9EE7
                                                                                                                                                                                                                                                  SHA-256:B93E215A6B95B7D4251812A8696C70E3C61B4D5E8E7FA4CDDF67976E6443A50C
                                                                                                                                                                                                                                                  SHA-512:45B58202CEB8DDCA14A77E04A670973D877E5A295AF887FE0E2FEDFC1ABA5AA573B7CB4A3C90A1B4259FADC8BCBB3CE10DB18294CC68D009B92F51BCEBA6C7C4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//DBBE25382AA6DF542447F36EB6CE5902E2511B186C63DB0ACDD352D5B50D848DD6F0E4A0936BD5301F0B550E79CFF7DC112145C505B12589C745F7BDF32A29F6++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.487560968790192
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSC9n0O1oS5xR:um8BC0d5dXEC0dyKSC9H35
                                                                                                                                                                                                                                                  MD5:20D85274B90D12ABD222AB115EF43214
                                                                                                                                                                                                                                                  SHA1:F5E71C94568574379C1D6BBAE3A643BDCFBD0857
                                                                                                                                                                                                                                                  SHA-256:DDD51A060019E5C31B78EECC00B6E950EE3BE5DD26242035995AE766B6724E3B
                                                                                                                                                                                                                                                  SHA-512:3C5E81224EB3FED271D6529638DFABA434700F70226845A4AC169BA4B478AAAEC004409D696DF7073F1FDEB09CCEC8F390E3CBEC9341F24004DE4F3EF3C0D89C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//25A992B7398B877194795B5694213D623B4A022693F7884E49A475C730D91943CABDB60F10EF1EFF6B546C8577D3A889DFAAC46B6330F3190002C0C170217C52++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.480787895471054
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLGFG1BVmCu:7rrSOX8BC0Bj5dXEC0BjyKSBGnc
                                                                                                                                                                                                                                                  MD5:C70C36B511E82B847C7DC46F327E47A5
                                                                                                                                                                                                                                                  SHA1:05FF8B9392EB32493F7A286F384A1EF78DE62910
                                                                                                                                                                                                                                                  SHA-256:34C21790DB18BB71E35076C11AA6E2E78115889985B9BAA9034B77DE32BC414D
                                                                                                                                                                                                                                                  SHA-512:24E7D0F6D2BB3D360553BE8EB52761F72C2E75CDA53AE1AF26D69A9D97AE7E1FD70423BCAD9BD06E12EC60B7B70A979B79BC61AE9E4A906024EB6523B7C021DA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//0796F1E4B93F54298FD1A8B639684DF0641E3B6D0B13BE63E69299747C749117CF4208D1F60D5AEAFA50699DD05F9816334037A7B528BC3E6C43199311D74D8C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.462903513812164
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSESpeMLc1VP:um8BC0d5dXEC0dyKSPppcT
                                                                                                                                                                                                                                                  MD5:8697DF2F89C4CFED17AF75E933248049
                                                                                                                                                                                                                                                  SHA1:5BE052DC7DD91B28A592587336A92B4811B635D7
                                                                                                                                                                                                                                                  SHA-256:F8FC5B6F79C3377A361677A141AD9AF9C5EAC136E18FDD841CB3A7FE64037914
                                                                                                                                                                                                                                                  SHA-512:2C91638962B1C47492E5E24821994592BEC0E0B092560E4A4D689C1465781A5220333BFC7984CA120CD5D4047B4993EBF09C44F28895187C62E0D4A52AD841D0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//771FA244E7D097EA223ECD7BF9A2B9DD2F8371E2CF00479AFB61FC86CF275850B4FA3FC056087776EAA15B2A52F5CFDCC0C8251E0C68411C689AB4D6BB121B19++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.451823404854838
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLsvGcPd3:7rrSOX8BC0Bj5dXEC0BjyKSTd
                                                                                                                                                                                                                                                  MD5:CC177FD362B9B177DAD1EE258BB5985A
                                                                                                                                                                                                                                                  SHA1:38E916023D033A20D2F087DE9D3DD955CFF42FAC
                                                                                                                                                                                                                                                  SHA-256:7733DF6E8715ACFEC2BE7998D4846756E00AFE9C78318BEBB8A4D229E36A00D3
                                                                                                                                                                                                                                                  SHA-512:021B2395B81568797A45E1A8112F15DB41625CA8D7548A8F3EFC47FEBD27B72B6B5FF6CAE0D335F3779098F5EF83402B6C3FE086B3C1A724CDBADF6370079074
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//D9CF9F78740E0EC220CDA03ECA26E011AE407F902C5717BE3B9D3C80D0107189805A795D1B42126A26EDF0C7B146AA4BDB2D4E1CA7EAED4F2BB3C3C9F6D43285++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.459097531412527
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSxsD8ddFSop:um8BC0d5dXEC0dyKSx/doop
                                                                                                                                                                                                                                                  MD5:87EC7329B9A2504FD57665DCD93EA440
                                                                                                                                                                                                                                                  SHA1:3481CADB9557E568ED8264A3DDA382EF1AD627E0
                                                                                                                                                                                                                                                  SHA-256:0DEA84250C30C1DF133C1B04785DBF556263685FE8B13F69E7B0D8950F6261E9
                                                                                                                                                                                                                                                  SHA-512:1CD7E5A363909A712BD925686F306709B5D6A93B91AE124C790AB2BF009B8337D3B273AFEEE4360F48DDE1F3129DD0531A2730E08BBBCD3D3CCF06E8E14B98C9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//E4B753978D948C3BCBB586B78060C1C908BF014C730ECDC5BAC9BC50C638D3C89383F2ACFB67E8DB7B0D3C45D4C3475C4650DAAAC70876854587BE88B88092D5++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.471152494094452
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLTgjMYTE:7rrSOX8BC0Bj5dXEC0BjyKSEoMYw
                                                                                                                                                                                                                                                  MD5:BC0ABA9C4CE9E942493C40DF9A238949
                                                                                                                                                                                                                                                  SHA1:C567B6F511B9EE761E69E0F4463FB2AF60BBB721
                                                                                                                                                                                                                                                  SHA-256:560151438028B1E5F20D439A0150E6EC1444F7667312B0542473E0725DE48790
                                                                                                                                                                                                                                                  SHA-512:7B124700B8CBFA16F53F77789F2436E809BF5578A3D74C9E6008F4E13819A4E2E3AE72890F1BCA41989B466F73574A956742C09D3641AD95D50D8D8ACFE058FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//238C493BC13C059A7590D647A34B0E8C16A127C95CEAAF28B45B8CB38430FB02EB7DD11740D2FFA9B8784D3B128F59E05DAC3CF5451DF6611ABB6199310FAA20++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.450746110524956
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL9Gi3Wj/lSBk:7rrSOX8BC0Bj5dXEC0BjyKS8n3kNAk
                                                                                                                                                                                                                                                  MD5:8F53E40982BCAC8D45A5F639B7EF7AA2
                                                                                                                                                                                                                                                  SHA1:59F456D1F9E5A87839C6C360A5F928EA23A3DA66
                                                                                                                                                                                                                                                  SHA-256:D6FB842ADFA2B5CF16827F8F8BBBD73563F699E48197442BAEFEFBAFE9463A17
                                                                                                                                                                                                                                                  SHA-512:6855EC2A8D9657B37620ED1E8FA87467B4C90DF79EDA35B86B0A0AC3E69690E692CA724F1B0CAB9AC41F0BE3A379CCD090B6539783AE6AC53CDB4F0DA8073D4A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//5DAC1438231AF6188CB4EDF6E96DB68E01EF46AA2546A36037386015AE0C1E9661D9AE8408389F6F23C3B908A19BDDB83D1C0F3450B1B2ABECE8DB65D8C24F89++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.459480754994661
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7rrSOX8BC0Bj5dXEC0BjyKSouykPkylZb:um8BC0d5dXEC0dyKSou3PkqN
                                                                                                                                                                                                                                                  MD5:0B30C3F64A2BFA1B9B4016A6C845190C
                                                                                                                                                                                                                                                  SHA1:68A15807719324798679D041AB036890F73F8672
                                                                                                                                                                                                                                                  SHA-256:5D3B4E4D7A3AC77C03E4DFF314DC24BDFAB76D20E2D216DBAD8213954FC918A4
                                                                                                                                                                                                                                                  SHA-512:7DAE4E5ACD4983822F48E49E48DE47B8AFDD47D4616158B517F8925034D7412A016FD68657BDEEC732B46354AE429741D9C00B8BFCF621B506A3453C9F6FD9EE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//1034E1EF549D1DCDC233A68773E4A7D137C12BC7C0EEFA8A3C282506887B337765BE6E304F3E17A4A63559A7270957B5A37DD7BF291D898BFEF2CF1DE383991F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.4578715329046235
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLI7ktDT988fL:7rrSOX8BC0Bj5dXEC0BjyKS7+DjL
                                                                                                                                                                                                                                                  MD5:9F7DC1ACE7B73892EE50A6545DFA83CC
                                                                                                                                                                                                                                                  SHA1:6EB701564900B80AEC333E7978DAF803302D2DBB
                                                                                                                                                                                                                                                  SHA-256:8772F8019C8E43238FD3CC8245252ADAED691173B576C11CE2AB9F7AB6A9CD6E
                                                                                                                                                                                                                                                  SHA-512:19894199EA7B99CBECCEAC50ECDC878029F4637D112A4AADE0A1443283A7410840354978BE9207C78B89F16C7AAE35B4CCFF53A5A6C6A8EC6CEB8F7D3C3ADA44
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//67DC12E3E58036558E2EA7EB6197C862C7C8879BBB3C05EFE202D72CC023C73236E70655FB44B135D99BEA9CEFA325BCF779BC9D7663CB53B533E93F0D2FF624++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.452713758915027
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLsLdhv6ktsw:7rrSOX8BC0Bj5dXEC0BjyKSZLdEw
                                                                                                                                                                                                                                                  MD5:056B6616A05E445D3FA7D9E9C37A47A3
                                                                                                                                                                                                                                                  SHA1:DD78B3BBB306B9A4EA182E002C56C618E8A3A254
                                                                                                                                                                                                                                                  SHA-256:FB8CF477130D5BBF99DFE38C418CC533B66FCD6EBFBEB03821F13227C35FF294
                                                                                                                                                                                                                                                  SHA-512:177E3D758F1C3A2B06B90704E95D216BC668DADBF5F06710DDF23B08D0C473EEE0A84EF77E41B2C6F30B619016A2862A8BE0CD2E5E4A9AEE6C448924C5B30514
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//CDBB8A3CCBA0269F2197E46FD682E1B59A9A1061B8AA26978188C2069ACB1179019D014B34890ADC9B0AC825494B21BE841446BA0E8734B678178816D549CB56++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.473380197780306
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLkpxgQjT6hn:7rrSOX8BC0Bj5dXEC0BjyKS5ptjT6hn
                                                                                                                                                                                                                                                  MD5:DB43C21F2271B397D7B5909A53FE38C1
                                                                                                                                                                                                                                                  SHA1:E9F022DB0ECEC8C5642B0B7C3551AC666DF92D76
                                                                                                                                                                                                                                                  SHA-256:CE7395F2238B5603C7382AC1915D1FC581AF24D729930E7D7A2145AD791517CE
                                                                                                                                                                                                                                                  SHA-512:15698CCBE6969776EE0FA6D44C1C617BE490281362E457FA3F9DCF0DD0D863458B3D659378B32D790F45CA6DC4D8046DC581F8C5BFF837713E1ABBD1FB5FF4BB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//86F7645CC88253D58957AC5933573C7246547A7549D8F6E71E7486FE351F82C9FAF2F6974D771329EB0477FEBEECA2D8F606D6DF66DC96293B335B1C86DB9ED8++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.461249326785134
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLQcjHfJiS7:7rrSOX8BC0Bj5dXEC0BjyKSghiq
                                                                                                                                                                                                                                                  MD5:435A9C4F81763B978ECBB1C99B3693A2
                                                                                                                                                                                                                                                  SHA1:48C8BDDA74C684D968C361C9964FC572A65EB795
                                                                                                                                                                                                                                                  SHA-256:64B73C84508FF05EC83EC446B7878E044FC831ADF2FAA8F7B47E858BE43B865B
                                                                                                                                                                                                                                                  SHA-512:DD24DD4E8F908E4647EE466603F219A4162086E7EAB528AFC5B0867A9EBA4C106DF7406C2F74014AF76A83262D5897A2A9D76F848A7DB4A6D964440C586CC57C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//2C6565085DA6F74A6EB5A92F2E1D22CEB3CC9BD312E056B0BB1A0B2755FCF705AD13F8507E2CB381C81570640DB6E4BE57278E7F7BCD4F4D1E1529F60FB841E9++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.446820266860203
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL6f1OeEv0C8ccsEOO:7rrSOX8BC0Bj5dXEC0BjyKSbOoccsO
                                                                                                                                                                                                                                                  MD5:F8CCC13B0166600BD5B77E424A0B5C50
                                                                                                                                                                                                                                                  SHA1:1CFA3E02B2176B29D7FD3CF1303272F4AFF82F1E
                                                                                                                                                                                                                                                  SHA-256:C69850853289B66E722D1553451D5B3F46900C1D488A1EF654EAAA1366BFB8AA
                                                                                                                                                                                                                                                  SHA-512:DF62E02C67D3DCBE81D001C1224ED84579D38FB2C1B7D6DEF19B244B5EAFF5B65F3B58937674423A5E32A7F4B212779C7439F98C1A0926E1BACE3D759A30ABBF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//473DBA04D8A20814BBA01FDAB002E47772A45021A1BB9566C1AD149C18DC5CDD8D13826CF4DEB30D7A7D1C2BECE0D7315ACEFFD29481D1EC8B2AB18960B5574B++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.461095188089534
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLoj4bhEx5U2C:7rrSOX8BC0Bj5dXEC0BjyKS/4bho5U3
                                                                                                                                                                                                                                                  MD5:674F615000BC5A8BCA213B7FE45505F1
                                                                                                                                                                                                                                                  SHA1:A33318EB56BDDB9E9C6415673318D3E51E5CAAA6
                                                                                                                                                                                                                                                  SHA-256:137EAD881360C9C563FF6C708D50D1928B2C0519ADFD31F52B923D53E3AA2257
                                                                                                                                                                                                                                                  SHA-512:4B930F27914DC67D8C46759C74D241973F2110C208A09026052E59631381ADF494B094C60FE42FB5DABDCC09AED0B79758950864E4182E017F996EC1FE3DD72D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//7BCBF56649B8A8DE9694C97C2D7DBB07C8F6392C54EC30E598227A755D8AEA8E23741C801EA17290197F912CFA572BD7DF2FCCCF3D2B2D9251D31116271EB21F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.470616512102546
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynL61lpcFBmLcAdQbun:7rrSOX8BC0Bj5dXEC0BjyKSFPQBmNQu
                                                                                                                                                                                                                                                  MD5:6ED11FBEC9DB6C8739E7A999D4B74EB0
                                                                                                                                                                                                                                                  SHA1:4F4DD5958816438DC62EFC514A4CCDED75743747
                                                                                                                                                                                                                                                  SHA-256:299CB08BE417FDF9B909EDC16FEB09B43F668D6BBB99A3BFFCAA2C2CD8773DDB
                                                                                                                                                                                                                                                  SHA-512:41E6DA0D4778F1213325B3FFCE3CFE71A8137037773347EA6CE5414A5436B2AF5045CB8F47F8E780B9B568424C9305B11BFC2AA5589D14CDF9CB8B65E1A034A1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//A6207980C064E27FC18791F5067AE2C3E6E429D262D83E374468377510A78D67579390BCA7F1BA3CE34A49C17912FBA13F856449914C30428AF6617214694C7A++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.458089036751079
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLU/uQcj2ODKhMt:7rrSOX8BC0Bj5dXEC0BjyKSWlt
                                                                                                                                                                                                                                                  MD5:8C6DBC15A46106D53D1B6983A825F733
                                                                                                                                                                                                                                                  SHA1:B7B959D2D883DF827C6F4E01AA3AAD3D96A88A85
                                                                                                                                                                                                                                                  SHA-256:1B455928749E3FA51A9CC77A145E8B4DCA202EA71EF36BA80DEFCE30476329D9
                                                                                                                                                                                                                                                  SHA-512:A87727A936D8FDD2A9E636B7F4470AC9BB911D972835130276FC26522A61C8BD31621C6E41653D4916151470558A42188E28BC74573B5484713D0179E06161EC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//AFC878D4EEA1BAF07247E23665CE59E698D580CCAB718DF6E608074DDAE4529DBDC4FA41234D9EDD8C31F9132E5DC116DC41C6B22AB4D322A19315330381BB04++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\new-tab-res-toast-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):803
                                                                                                                                                                                                                                                  Entropy (8bit):5.457116068891303
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7rBDjl+6mOX8BCNaBz3dumdjjECNaBz3duuqRcrSjynLCU1ZanxqMghmh:7rrSOX8BC0Bj5dXEC0BjyKSPXnDCmh
                                                                                                                                                                                                                                                  MD5:62FC9B1A76459A938CF523484ACD3D71
                                                                                                                                                                                                                                                  SHA1:EC4A823C94D30DAF6F44C10B3F911F9DC3C36D72
                                                                                                                                                                                                                                                  SHA-256:CE6C27A84437D9125409085561D28FF93DDA8DFD7D43520987B20D4C96A522DC
                                                                                                                                                                                                                                                  SHA-512:7D680A571D7992AB37CAAE9E249A5A2A3DD90A2854A31D998492677CE3E7EA99784086101BBBB7CA6612014AD7F792103DD4D549C58BA73F6A6A407FE259F083
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrNewTabToast_ = {.. NEW_TAB_EXTENSION_HEADER_VARIANT_1: "New tabs just got safer",.. NEW_TAB_EXTENSION_HEADER_VARIANT_2: "A safer way to browse",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_1: "With industry-leading security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_CONTENT_VARIANT_2: "With McAfee security on every new tab, you can bank, shop, and browse with confidence knowing which sites you can trust.",.. NEW_TAB_EXTENSION_TOAST_ACCEPT: "Add extension",.. NEW_TAB_EXTENSION_TOAST_REMIND_LATER: "Remind me later",.. NEW_TAB_EXTENSION_TOAST_DECLINE: "No, thanks"..}....//E04E6AC99547F41386BF9B5FE2D956F687FB85AE9689642B49AD5D35E825F8FA7FB1E94AD52C7ACDE0AFE8B827DF731489B4CCD17EFC2463524E4F80BBE6F14D++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5377
                                                                                                                                                                                                                                                  Entropy (8bit):5.641095543119768
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:WQVBazY8QxuorbT6roQ/CZwmBrqtXNMDUaGCrW+NlaVy98ZDcT7ek81qh:WQvaz3AumireG6HYVygDcTqh1G
                                                                                                                                                                                                                                                  MD5:19B3AA71508DC95387C4E1EF9E037BB3
                                                                                                                                                                                                                                                  SHA1:D446E27B6AF4D4222EB5AEE99E3B9863DE8CDC85
                                                                                                                                                                                                                                                  SHA-256:261B1918501A029BD8AC4CCDCFC93AF069F3F79AF20657E68A17C238DB7C28B7
                                                                                                                                                                                                                                                  SHA-512:2CD7FB984A63950E01A0AC5C8A81B755164F874404D58A8054F6CEDDA94C5E7E94D67135B992C2F2D365348C09C8972FA159B67B284408B6FDACCFB60803615B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Prob.h. skenov.n..",.. DL_SCANNING_MESSAGE: "Soubor, kter. chcete st.hnout, pro jistotu skenujeme.",.. DL_BLOCKED: "Zablokovan. stahovan. soubor",.. DL_SCANED: "Skenovan. stahovan. sooubor",.. SS_ON_STATE: "Bezpe.n. vyhled.v.n.",.. SS_FIX_MESSAGE: "V.born.! Tyto zm.ny provedeme p.i p...t.m restartov.n. prohl..e.e.",.. SS_OFF_STATE: "Je vy.adov.na akce.",.. SS_OFF_MESSAGE: "Upozorn.n.! Ka.d. des.t. hled.n. obsahuje nebezpe.n. odkaz.",.. SS_OFF_DIALOG_HEADER: "P.idejte k v.sledk.m hled.n. hodnocen. rizika",.. SS_OFF_DIALOG_CONTENT: "Ov..te bezpe.nost odkazu d..ve, ne. na n.j kliknete.",.. SS_SEARCH_OPTION: "Nastavit slu.bu Bezpe.n. hled.n. jako v.choz. vyhled.va.",.. THREAT_OFF_STATE: "V.straha zabezpe.en.!",.. THREAT_OFF_MESSAGE: "Po..ta. je vystaven hrozb.m, ale m..eme v.m pomoci.",.. AVFW_DIALOG_HEADER: "Antivirus a br.na fire

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5126
                                                                                                                                                                                                                                                  Entropy (8bit):5.34166175614958
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:uZb3Bdp2fhG5TrVo8Ybuoo/tFCld/lwrYeCEUVlku/TzmV9S9hSFmUihKV:QCfhwrrYbuoG4Z+VchgmKV
                                                                                                                                                                                                                                                  MD5:79FC174B1449981FA52792ACC4566681
                                                                                                                                                                                                                                                  SHA1:BE4453DB3F3DACACC1979E3AF55E71878D269E12
                                                                                                                                                                                                                                                  SHA-256:F4EB9444621C2524ED7D351297814DD1166CF56793F47402242315640D373402
                                                                                                                                                                                                                                                  SHA-512:2B10F8C22863C76D66F226EE5C359BAADE8F85575867F5F12B56B5E9D1E7E7A134DF1532F13FFB71F75DB968A41B13C7790F3EF95B91882A895F665853029406
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scanner .",.. DL_SCANNING_MESSAGE: "For en sikkerheds skyld scanner vi overf.rslen.",.. DL_BLOCKED: "Download blokeret",.. DL_SCANED: "Download scannet",.. SS_ON_STATE: "Sikker s.gning",.. SS_FIX_MESSAGE: "Fint. Vi foretager disse .ndringer, n.ste gang du genstarter browseren.",.. SS_OFF_STATE: "Der skal udf.res en handling.",.. SS_OFF_MESSAGE: "Advarsel: 1 ud af 10 s.gninger indeholder et farligt link.",.. SS_OFF_DIALOG_HEADER: "F.j risikobed.mmelser til dine s.geresultater",.. SS_OFF_DIALOG_CONTENT: "F. at vide, hvor farligt et link er, f.r du klikker p. det.",.. SS_SEARCH_OPTION: "Brug Sikker s.gning som standards.gemaskine",.. THREAT_OFF_STATE: "Sikkerhedsadvarsel",.. THREAT_OFF_MESSAGE: "Din computer er i fare, men vi kan hj.lpe.",.. AVFW_DIALOG_HEADER: "Antivirussoftwaren og firewallen er ikke sl.et til",.. AVFW_DIALOG_CONTENT: "Ca. 864 millioner stykker personlige oplysning

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5366
                                                                                                                                                                                                                                                  Entropy (8bit):5.342945535147279
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:F20O91pUKtemTKjnkGzgUIzeRF9DQ8YMLOeaTkHzp1E9Cm6uUUZA:F29CKteQKjnkGzwzeRN8hA1EEtBaA
                                                                                                                                                                                                                                                  MD5:582E51D1B634F961CD005FA07D631413
                                                                                                                                                                                                                                                  SHA1:76DC23A47487555D7211222823F60866DE9AF3DC
                                                                                                                                                                                                                                                  SHA-256:CB370D85C7844B2A7762D1FAA1A3FC265C15D60DB8A066A7C216270D4021AC03
                                                                                                                                                                                                                                                  SHA-512:7E0366642F65F1D48E1569EC81CB382DAFF86AD2167D7F6FA5F1EE306A14D0147BE39385298E64E01B371F48BCB85057DA1796FCEEE5B1B44429F67DA3A65B81
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scannen...",.. DL_SCANNING_MESSAGE: "Wir scannen den Download zu Ihrer Sicherheit.",.. DL_BLOCKED: "Download blockiert",.. DL_SCANED: "Download gescannt",.. SS_ON_STATE: "Sichere Suche",.. SS_FIX_MESSAGE: "Sehr gut. Die .nderungen werden .bernommen, sobald Sie Ihren Browser das n.chste Mal starten.",.. SS_OFF_STATE: "Handlungsbedarf!",.. SS_OFF_MESSAGE: "Warnung! In 1 von 10 Suchergebnissen ist ein gef.hrlicher Link enthalten.",.. SS_OFF_DIALOG_HEADER: "Risikobewertung f.r Ihre Suchergebnisse hinzuf.gen",.. SS_OFF_DIALOG_CONTENT: "Erkennen Sie gef.hrliche Links, bevor Sie darauf klicken.",.. SS_SEARCH_OPTION: "Sichere Suche als Standardsuchmaschine festlegen",.. THREAT_OFF_STATE: "Sicherheitswarnung!",.. THREAT_OFF_MESSAGE: "Ihr Computer ist ungesch.tzt, aber wir k.nnen Ihnen helfen.",.. AVFW_DIALOG_HEADER: "Ihr Virenschutz und Ihre Firewall sind deaktiviert",.. AVFW_DIALOG_CONTENT: "Seit

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8385
                                                                                                                                                                                                                                                  Entropy (8bit):4.965325304098503
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:BYz3hNXL4xrlON0pOqxptk2xgthUE6wfOhLQvTK:ULXUlObqTC2xgwmOhcvTK
                                                                                                                                                                                                                                                  MD5:CAEE0E4BF0E9EE5AE6B55AB4865B11AA
                                                                                                                                                                                                                                                  SHA1:869533109A2FE7F2F2B10A803D99944A27602236
                                                                                                                                                                                                                                                  SHA-256:154C0A969BA4A31A249C07697101EF26D5692CEC115043A13DF90BB2243B7B3E
                                                                                                                                                                                                                                                  SHA-512:6DEBE5D175E54DBB8DBC7F9F65AE4EA223D0E435BC7762B32BBFEDA1DDB9D088849B275000E05419B69C3453EC7BF2B99A98EA291AADC591E48B8E4AC69B810B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".........",.. DL_SCANNING_MESSAGE: "......... .. .... ... ... ...... ..........",.. DL_BLOCKED: ". .... ............",.. DL_SCANED: ". .... ........",.. SS_ON_STATE: "....... .........",.. SS_FIX_MESSAGE: "......! ..... .. ....... .. ........... ... ....... .... ... .. .............. .. ......... ...........",.. SS_OFF_STATE: ".......... .........",.. SS_OFF_MESSAGE: ".......! 1 .... 10 ........... ........ .......... .........",.. SS_OFF_DIALOG_HEADER: "........ ............. ........ ... ............ ..........",.. SS_OFF_DIALOG_CONTENT: "...... .... ........... ..... .... .........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4755
                                                                                                                                                                                                                                                  Entropy (8bit):5.330213437300072
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:uU3x9/eMjflrS5xsyoBkXqLB+Qz/Q1wU9pYOosphMx:3x9Jjf2Kkm8GQ1NPjVqx
                                                                                                                                                                                                                                                  MD5:D464C590EAA58D0D74502C46629A4B3E
                                                                                                                                                                                                                                                  SHA1:880E2AC7F43D30E4691C96955376164A1A3E9C85
                                                                                                                                                                                                                                                  SHA-256:FD21C09C996BD82D952D9F4DF60AF993921840311AC98F263BB9AE9F5047212D
                                                                                                                                                                                                                                                  SHA-512:D4078BF1D859DA34E9386F1A390DDA19750C12FB8FCB6B8E3E393E2DFED7647D9FB9B673A8E3E5FB467C96BE48D1DF953CB1D9C6406E743651451443B9F9A6AA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scanning...",.. DL_SCANNING_MESSAGE: "We're scanning your download just to be safe.",.. DL_BLOCKED: "Download blocked",.. DL_SCANED: "Download scanned",.. SS_ON_STATE: "Secure Search",.. SS_FIX_MESSAGE: "Great! We'll make these changes the next time you restart your browser.",.. SS_OFF_STATE: "Action needed!",.. SS_OFF_MESSAGE: "Warning! 1 in 10 searches contain a dangerous link.",.. SS_OFF_DIALOG_HEADER: "Add risk ratings to your search results",.. SS_OFF_DIALOG_CONTENT: "Know how dangerous a link is before you click on it.",.. SS_SEARCH_OPTION: "Make Secure Search my default search engine",.. THREAT_OFF_STATE: "Security Alert!",.. THREAT_OFF_MESSAGE: "Your computer is exposed, but we can help.",.. AVFW_DIALOG_HEADER: "Your anti-virus and firewall are off",.. AVFW_DIALOG_CONTENT: "About 864 million personal data records have been compromised through data breaches since 2005.<br/><br/> Don't browse

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5193
                                                                                                                                                                                                                                                  Entropy (8bit):5.30018704737383
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:dRey5rMscODKKai5iihhi6VnRSyLK3yAEK9WOM0CKAXTs9:dUWr+ODhai5SknRSkNKPM0VP
                                                                                                                                                                                                                                                  MD5:B794B207632AD4CBEF74E695A9AC82CD
                                                                                                                                                                                                                                                  SHA1:3451678023A25CB3F94BE03F8B2EB14A69B1523C
                                                                                                                                                                                                                                                  SHA-256:6EA61F211D5ED1C5EFBFA5585C1B3ABE8BEB42B4E349102B795A8EB50E4F0CD9
                                                                                                                                                                                                                                                  SHA-512:E311960012E329A390183461C7522B5950940F6219A22EA1D2AB07C045C5EAAC62AF5A2758758D1B491E907F1D86FA00BFD604C6CBECA9A5FDF9241F72445741
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analizando...",.. DL_SCANNING_MESSAGE: "Estamos analizando la descarga por motivos de seguridad.",.. DL_BLOCKED: "Descarga bloqueada",.. DL_SCANED: "Descarga analizada",.. SS_ON_STATE: "B.squeda segura",.. SS_FIX_MESSAGE: ".Genial! Aplicaremos estos cambios la pr.xima vez que reinicie el navegador.",.. SS_OFF_STATE: ".Debe tomar medidas!",.. SS_OFF_MESSAGE: "Advertencia: 1 de cada 10 b.squedas contiene un v.nculo peligroso.",.. SS_OFF_DIALOG_HEADER: "A.ada calificaciones de riesgo a los resultados de sus b.squedas",.. SS_OFF_DIALOG_CONTENT: "Conozca el nivel de peligro de un v.nculo antes de hacer clic en .l.",.. SS_SEARCH_OPTION: "Definir B.squeda segura como motor de b.squeda predeterminado",.. THREAT_OFF_STATE: ".Alerta de seguridad!",.. THREAT_OFF_MESSAGE: "Su equipo est. expuesto a riesgos, pero podemos ayudarle.",.. AVFW_DIALOG_HEADER: "El antivirus y el firewall est.n desactivado

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5216
                                                                                                                                                                                                                                                  Entropy (8bit):5.317560654565851
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:zyErLx7VO33aiG/qshhi6VnRfylmDiP2QuyMLii9j0OsKbY7:zXrXO33aiiMknRfyp/Haiitfz87
                                                                                                                                                                                                                                                  MD5:B928738E0F210A88173A518E7CD21352
                                                                                                                                                                                                                                                  SHA1:5124FC124D459481C889F0F7B8E2D53C5453C8B7
                                                                                                                                                                                                                                                  SHA-256:CE02DBA270472727C12B273CE27B967744FFD9AE5220C045BBF6B3C84683CAE6
                                                                                                                                                                                                                                                  SHA-512:15BCA76C6709490DE139D09CE4ED520FB0A4DBF0AED11778622D83D39722CFE7B6C92740DC81BF601B77328FBEEC3B56B58E796BF66189F9E6AC2B3A03F125E7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analizando.",.. DL_SCANNING_MESSAGE: "Estamos analizando la descarga por motivos de seguridad.",.. DL_BLOCKED: "Descarga bloqueada",.. DL_SCANED: "Descarga analizada",.. SS_ON_STATE: "B.squeda segura",.. SS_FIX_MESSAGE: ".Excelente! Aplicaremos estos cambios la pr.xima vez que reinicie el navegador.",.. SS_OFF_STATE: ".Se requiere acci.n!",.. SS_OFF_MESSAGE: ".Advertencia! Una de cada diez b.squedas contiene un v.nculo peligroso.",.. SS_OFF_DIALOG_HEADER: "A.ada calificaciones de riesgo a los resultados de la b.squeda",.. SS_OFF_DIALOG_CONTENT: "Conozca el nivel de peligro de un v.nculo antes de hacer clic en .l.",.. SS_SEARCH_OPTION: "Establezca B.squeda segura como motor de b.squeda predeterminado",.. THREAT_OFF_STATE: ".Alerta de seguridad!",.. THREAT_OFF_MESSAGE: "Tu computadora est. expuesta, pero podemos ayudarte.",.. AVFW_DIALOG_HEADER: "El antivirus y el firewall est.n desac

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4959
                                                                                                                                                                                                                                                  Entropy (8bit):5.317878966620111
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:5ZZ4vNUD1ns7pqxqkRKk/eFt+2jiLRQoYWzZ0pu96M1ckY:PZ4vNlq4kRKkGSRcpuw4s
                                                                                                                                                                                                                                                  MD5:4B49DB5828AC292E3F4126918B7567D4
                                                                                                                                                                                                                                                  SHA1:B5793159E583B314019086E7226818E9E250D14F
                                                                                                                                                                                                                                                  SHA-256:8F1C0F2B67B88DE8CDE93E533A89E8D8D576149D8F0C5C766935354D84A5B869
                                                                                                                                                                                                                                                  SHA-512:F744355F146F7096583C4579ABB739005167A1513796E1FA69ABA4CF483AF302283D246A5732582F4BFAC6C99624E4BFE73CCCC44ACF1606EAFF21B6EB95B226
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Tarkistetaan.",.. DL_SCANNING_MESSAGE: "Lataamasi tiedosto tarkistetaan varmuuden vuoksi.",.. DL_BLOCKED: "Lataus estetty",.. DL_SCANED: "Lataus tarkistettu",.. SS_ON_STATE: "Suojattu haku",.. SS_FIX_MESSAGE: "Hienoa! Muutokset tulevat voimaan, kun seuraavan kerran k.ynnist.t selaimen.",.. SS_OFF_STATE: "Toimia vaaditaan!",.. SS_OFF_MESSAGE: "Varoitus! Joka kymmenes haku tuottaa vaarallisen linkin.",.. SS_OFF_DIALOG_HEADER: "Lis.. hakutuloksiin riskiluokitus",.. SS_OFF_DIALOG_CONTENT: "Luokituksen avulla n.et ennen linkin napsauttamista, onko se vaarallinen.",.. SS_SEARCH_OPTION: "Aseta Suojattu haku oletushakukoneeksi",.. THREAT_OFF_STATE: "Tietoturvavaroitus!",.. THREAT_OFF_MESSAGE: "Tietokoneesi on alttiina uhille, mutta voimme auttaa.",.. AVFW_DIALOG_HEADER: "Viruksentorjunta ja palomuuri ovat pois k.yt.st.",.. AVFW_DIALOG_CONTENT: "Noin 864 miljoonaa yksityist. datatietuetta on jout

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5692
                                                                                                                                                                                                                                                  Entropy (8bit):5.302908789339375
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:0MxyhGiDkpQQrrENOqplZuFfrYnWv6HScq48Ky6o9Q+W55fTsujG:0ZhGVQQrrENOqYIH2V6o/W5a
                                                                                                                                                                                                                                                  MD5:336E2EA07CD3577F75620D2976563A07
                                                                                                                                                                                                                                                  SHA1:BF98A5000A7535254DC436CCBBD4B2E9379E8FC7
                                                                                                                                                                                                                                                  SHA-256:C5166CFA2CCD93C23FE690740354032ACC1335886684457AE2D87278D0C7E101
                                                                                                                                                                                                                                                  SHA-512:0C94DE545128DFDFCA6DCF6BAC83F8D72C2841C321C23FEE77A4F50F0B8CB85F30E36FE929E060FB6CC59DEC81436C55D027ADC2C385152F56FA0BFF56622144
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analyse en cours...",.. DL_SCANNING_MESSAGE: "Nous analysons votre t.l.chargement par simple mesure de s.curit..",.. DL_BLOCKED: "T.l.chargement bloqu.",.. DL_SCANED: "T.l.chargement analys.",.. SS_ON_STATE: "Recherche s.curis.e",.. SS_FIX_MESSAGE: "Tr.s bien! Nous appliquerons ces modifications la prochaine fois que vous red.marrerez votre navigateur.",.. SS_OFF_STATE: "Intervention requise!",.. SS_OFF_MESSAGE: "Attention! 1.r.sultat de recherche sur 10 comporte un lien dangereux.",.. SS_OFF_DIALOG_HEADER: "Ajoutez des cotes de risque . vos r.sultats de recherche",.. SS_OFF_DIALOG_CONTENT: "Connaissez le niveau de dangerosit. d'un lien avant de cliquer dessus.",.. SS_SEARCH_OPTION: "Ajoutez Recherche s.curis.e . mon moteur de recherche par d.faut",.. THREAT_OFF_STATE: "Alerte de s.curit.!",.. THREAT_OFF_MESSAGE: "Votre ordinateur est vuln.rable, mais nous pouvons vous aider.",.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5621
                                                                                                                                                                                                                                                  Entropy (8bit):5.318278974154098
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:yp99a4ffmtaCS1mELq47byJXGUmytipUS22d9h+/ijfTEQY:yXAaCpELq4Fr2c/2ijY
                                                                                                                                                                                                                                                  MD5:146272CD85FECAB892122F01C0D3690D
                                                                                                                                                                                                                                                  SHA1:E4457EFAC92906A8B36D041F30468729BAA368B7
                                                                                                                                                                                                                                                  SHA-256:1F4317974E332E9E2482D5355E46237A491BBAFF4E614D771A4E14FDF9E11DC0
                                                                                                                                                                                                                                                  SHA-512:F1EDAAC5A80DABDCFB707F54EB8B9B54D5C83A1EF237E3014302763EA2E034742FF0F871097AF759C48F25550DB9BC52FFA79A00F0A68903604049A3BA49BEC7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Analyse en cours...",.. DL_SCANNING_MESSAGE: "Par pr.caution, nous analysons votre t.l.chargement.",.. DL_BLOCKED: "T.l.chargement bloqu.",.. DL_SCANED: "T.l.chargement analys.",.. SS_ON_STATE: "Recherche s.curis.e",.. SS_FIX_MESSAGE: "Tr.s bien. Nous effectuerons ces modifications au prochain red.marrage de votre navigateur.",.. SS_OFF_STATE: "Mesure . prendre.",.. SS_OFF_MESSAGE: "Attention.! Une recherche sur dix contient un lien dangereux.",.. SS_OFF_DIALOG_HEADER: "Ajouter l'.valuation des risques . vos r.sultats de recherche",.. SS_OFF_DIALOG_CONTENT: "Prenez connaissance du danger que repr.sente un lien avant de cliquer dessus.",.. SS_SEARCH_OPTION: "D.finir la recherche s.curis.e comme moteur de recherche par d.faut",.. THREAT_OFF_STATE: "Alerte de s.curit..!",.. THREAT_OFF_MESSAGE: "Votre ordinateur est expos. aux menaces, mais nous pouvons vous aider.",.. AVFW_DIAL

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5041
                                                                                                                                                                                                                                                  Entropy (8bit):5.416211301758333
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:W82DDbczNyMnf3MeFH+JDxk/zay9SIhFO8DF84sSbuoU0zDub9FONkd3V/oWRT:W34zwMfceFHSDxa1FcZbLONslgGT
                                                                                                                                                                                                                                                  MD5:D3A0326AD337FA5B081C7AFF4E4BDFB4
                                                                                                                                                                                                                                                  SHA1:4793AC98638429A732C67E6ED7D15004633F70CD
                                                                                                                                                                                                                                                  SHA-256:7EC80830E9514A585DF452A683B44569EA1CE3EBB0EFF141871E51E438F26710
                                                                                                                                                                                                                                                  SHA-512:1DE5CEEC1626769A89ECE44460328E2A68B313B9D0536C9E61AEFD1C5EA352B97C78ADF45B1DF3694E8B255ECEBF3F7F4270D71D838F1861908AF0D6B67979AA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Pregled...",.. DL_SCANNING_MESSAGE: "Pregledavamo va.e preuzimanje za svaki slu.aj.",.. DL_BLOCKED: "Preuzimanje je blokirano",.. DL_SCANED: "Preuzimanje je pregledano",.. SS_ON_STATE: "Sigurno pretra.ivanje",.. SS_FIX_MESSAGE: "Sjajno! Ove .emo promjene uvesti sljede.i put kada ponovno pokrenete preglednik.",.. SS_OFF_STATE: "Potrebna je akcija!",.. SS_OFF_MESSAGE: "Upozorenje! 1 od 10 pretraga sadr.i opasnu vezu.",.. SS_OFF_DIALOG_HEADER: "Dodajte ocjenu rizika rezultatima pretra.ivanja",.. SS_OFF_DIALOG_CONTENT: "Saznajte koliko je veza opasna prije nego .to kliknete na nju.",.. SS_SEARCH_OPTION: "Postavi Sigurno pretra.ivanje kao zadanu tra.ilicu",.. THREAT_OFF_STATE: "Sigurnosno upozorenje!",.. THREAT_OFF_MESSAGE: "Va.e je ra.unalo izlo.eno, ali mo.emo vam pomo.i.",.. AVFW_DIALOG_HEADER: "Isklju.eni su antivirusna za.tita i vatrozid",.. AVFW_DIALOG_CONTENT: "Oko 864 milijuna z

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5401
                                                                                                                                                                                                                                                  Entropy (8bit):5.531960464670316
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cDlYr1MDbtVqXiZgRRGXtsXPG8sZT15INx7h6X9mwu9Dvymc+cE0AHmt:hZYHqXiL8y5WzN6gwuBKmzP5Hmt
                                                                                                                                                                                                                                                  MD5:2F948E205E01DBA3E5E52FC66516A421
                                                                                                                                                                                                                                                  SHA1:FA3DABAEBC4CCB2283993086BD537FFDEC6F20E5
                                                                                                                                                                                                                                                  SHA-256:2B5609EE8D4A5748963DED07B9E4BACD925BF41BE2BF5BD4A2388BD34CF7C245
                                                                                                                                                                                                                                                  SHA-512:B5A9B2C12A6EA6B0BBA28EC1A19A3C79A30A45A0FF965CBC61C1F4542EFF809B54337066E764684BFF724D961CC330CF1F35919B2C80EE79147D8BE374C6FB8C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Vizsg.lat...",.. DL_SCANNING_MESSAGE: "Biztons.ga .rdek.ben .tvizsg.ljuk a let.lt.tt f.jlt.",.. DL_BLOCKED: "Blokkolt let.lt.s",.. DL_SCANED: "Megvizsg.lt let.lt.s",.. SS_ON_STATE: "Biztons.gos keres.s",.. SS_FIX_MESSAGE: "Rendben. A b.ng.sz. k.vetkez. .jraind.t.sakor v.grehajtjuk ezeket a m.dos.t.sokat.",.. SS_OFF_STATE: "Beavatkoz.sra van sz.ks.g!",.. SS_OFF_MESSAGE: "Figyelem! Minden tizedik keres.s vesz.lyes hivatkoz.st tartalmaz.",.. SS_OFF_DIALOG_HEADER: "Vesz.lyess.gi besorol.sok megjelen.t.se a keres.si eredm.nyek mellett",.. SS_OFF_DIALOG_CONTENT: "Ismerje meg a hivatkoz.s vesz.lyess.gi besorol.s.t, miel.tt r.kattintana.",.. SS_SEARCH_OPTION: "A biztons.gos keres.s legyen az alap.rtelmezett keres.motor",.. THREAT_OFF_STATE: "Biztons.gi riaszt.s!",.. THREAT_OFF_MESSAGE: "Sz.m.t.g.pe sebezhet., de seg.thet.nk.",.. AVFW_DIALOG_HEADER:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5110
                                                                                                                                                                                                                                                  Entropy (8bit):5.2250614647799924
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:ZDrBAuuEnhYJMxwmH77265IcUNspZPBDNMTix+wwyHTd9H7pmC2z/xR:drLnhYJ2wmHf2MIcUYQw1HJR74FxR
                                                                                                                                                                                                                                                  MD5:613F88C68D2809F97F9FD6F87DB97F02
                                                                                                                                                                                                                                                  SHA1:C0E86B3D76F630487A6A0C73DD1D49406D206EFF
                                                                                                                                                                                                                                                  SHA-256:6F44EBC3163E3EFD327E2C5022102EF7EE733C309E6A21D885192A2FC111D9E1
                                                                                                                                                                                                                                                  SHA-512:F4EBC8EE49D8FA677F8398F24121D0962E4DA78B53F8CBFF1B10A7B20AD4218B085EF9517DD15869AA4EB554A53DC8E49E663FAFD60CA2871151527E3BBC030F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scansione in corso...",.. DL_SCANNING_MESSAGE: "Stiamo eseguendo la scansione dei download per verificare che siano sicuri.",.. DL_BLOCKED: "Download bloccato",.. DL_SCANED: "Download scansionato",.. SS_ON_STATE: "Ricerca sicura",.. SS_FIX_MESSAGE: "Perfetto! Apporteremo queste modifiche al riavvio del browser.",.. SS_OFF_STATE: "Intervento richiesto.",.. SS_OFF_MESSAGE: "Avviso. 1 ricerca su 10 contiene link pericolosi.",.. SS_OFF_DIALOG_HEADER: "Aggiungi le classificazioni dei rischi ai risultati di ricerca",.. SS_OFF_DIALOG_CONTENT: "Conosci la pericolosit. di un link prima di accedervi.",.. SS_SEARCH_OPTION: "Imposta la ricerca sicura come motore di ricerca predefinito",.. THREAT_OFF_STATE: "Avviso di sicurezza.",.. THREAT_OFF_MESSAGE: "Il computer . esposto a rischi, ma possiamo aiutarti.",.. AVFW_DIALOG_HEADER: "Antivirus e firewall sono disattivati",.. AVFW_DIALOG_CONTENT: "Dal 2005, circa

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6573
                                                                                                                                                                                                                                                  Entropy (8bit):5.7257577861051265
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:NTUsvaiozLJ9h9yY4smsT7h0O71Kw1JFe:esv4J9HyY4smsT7h0O7PvE
                                                                                                                                                                                                                                                  MD5:7970DCCF2A75017322A8A0D30FB86AA3
                                                                                                                                                                                                                                                  SHA1:468EEDB0167833CCB3095D10DA3CD4E6C6174B67
                                                                                                                                                                                                                                                  SHA-256:1042DD9E402EA14B9E210736B6CC829E1A0C27644F12EBF824D73711BCE64F8E
                                                                                                                                                                                                                                                  SHA-512:A86B6F3086E17A8F8CAD0B011540700A9D28E9C28B8E8273996E6D2017D78188F14F49A402236393BF9E7799F2BC3D2BD64AEA83BE9AF3E009771DCA406254F0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "........",.. DL_SCANNING_MESSAGE: "..................................",.. DL_BLOCKED: ".............",.. DL_SCANED: "............",.. SS_ON_STATE: ".....",.. SS_FIX_MESSAGE: "....................................",.. SS_OFF_STATE: "..........!",.. SS_OFF_MESSAGE: "... 10 .. 1 ......................",.. SS_OFF_DIALOG_HEADER: "...................",.. SS_OFF_DIALOG_CONTENT: "..........................",.. SS_SEARCH_OPTION: ".......................",.. THREAT_OFF_STATE: ".........",

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5497
                                                                                                                                                                                                                                                  Entropy (8bit):5.847978360180218
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:A4T4OfEAmKkUvLS/fDa8s9If8LNaSkXLwjk2XEgvR6z0O739OBqKkLHtNi:Bff7Jk3a8iNaSEKtODYBqKoNNi
                                                                                                                                                                                                                                                  MD5:7B107B89F270CDFBE68D065104D3410E
                                                                                                                                                                                                                                                  SHA1:15FECC05C253ADEE9973A583E743CF4D6026811B
                                                                                                                                                                                                                                                  SHA-256:5C885A2108E53417E3C33FD28CC32C1EC83EBCCA64E5D043C330628AB6DAC447
                                                                                                                                                                                                                                                  SHA-512:3E46BED37CA260521BE6F084EA14B3D2878A70315B0BA80DC8C28A1BF87AB1C2D85FF3CAAC4096CA2626E38F4185DEAA10817636EC91DA98094380377128181A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".. ....",.. DL_SCANNING_MESSAGE: "... .. ..... .. .....",.. DL_BLOCKED: "... ....",.. DL_SCANED: "... ....",.. SS_ON_STATE: ".. ..",.. SS_FIX_MESSAGE: "....! ..... .. .... .. ... ......",.. SS_OFF_STATE: "... .....!",.. SS_OFF_MESSAGE: "..! .. .. ... ... ... ... .. 1/10....",.. SS_OFF_DIALOG_HEADER: ".. ... .. ... .......",.. SS_OFF_DIALOG_CONTENT: ".... .. ... .... .. .......",.. SS_SEARCH_OPTION: ".. ... .. .. .... ..",.. THREAT_OFF_STATE: ".. .....!",.. THREAT_OFF_MESSAGE: "... .... ...... McAfee. .... . .....",.. AVFW_DIALOG_HEADER: "...... .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4937
                                                                                                                                                                                                                                                  Entropy (8bit):5.338664370900008
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:iith6b8IIs/ySd0vgZwxwud8eWgwbYeCCVKduaN3z559JBhoAsUnxUbE:J36nR1swuD8boN951hvsUnxYE
                                                                                                                                                                                                                                                  MD5:908B64646BE9EA860FF28CA62CEA259D
                                                                                                                                                                                                                                                  SHA1:511549293C2C332C506E1518C0BE2DBEA3D99C46
                                                                                                                                                                                                                                                  SHA-256:EE6AA51B79C56B237DBD65BD2DD0A364A219294D178CC7293921543EEAD327D0
                                                                                                                                                                                                                                                  SHA-512:BD7D9055FE87817B3D32383C3E245CD02BFD42EA6925A443B273ADCEA69806807AA0944A65DCD384044C60D8327DA51B3803C369625CA6CAEB7FEB12F52C6A0F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skanner..",.. DL_SCANNING_MESSAGE: "Vi skanner nedlastingen for . v.re p. den sikre siden.",.. DL_BLOCKED: "Nedlasting blokkert",.. DL_SCANED: "Nedlasting skannet",.. SS_ON_STATE: "Sikkert s.k",.. SS_FIX_MESSAGE: "Flott! Vi skal gj.re disse endringene neste gang du starter nettleseren.",.. SS_OFF_STATE: "Handling kreves!",.. SS_OFF_MESSAGE: "Advarsel! 1 av 10 s.k inneholder en farlig kobling.",.. SS_OFF_DIALOG_HEADER: "Legg til risikovurderinger i s.keresultatene",.. SS_OFF_DIALOG_CONTENT: "Vit hvor farlig en kobling er, f.r du klikker p. den.",.. SS_SEARCH_OPTION: "Gj.re Sikkert s.k til standard s.kemotor",.. THREAT_OFF_STATE: "Sikkerhetsvarsel!",.. THREAT_OFF_MESSAGE: "Datamaskinen din er eksponert, men vi kan hjelpe deg.",.. AVFW_DIALOG_HEADER: "Antivirusbeskyttelsen og brannmuren er av",.. AVFW_DIALOG_CONTENT: "Omkring 864 millioner oppf.ringer med personopplysninger har havnet

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5046
                                                                                                                                                                                                                                                  Entropy (8bit):5.29923659608503
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:IHFRCH1qpecUFhzJizV+kE1XGwRZYzg0u0Qu2OOkMCJuzXvu9odS+daUmh4:IHFRCVqpAFh4zV+kol56Q1EJ2vufCaL4
                                                                                                                                                                                                                                                  MD5:0A0CD532F6553B3D545538405118FE96
                                                                                                                                                                                                                                                  SHA1:6D0D4723131FE762BF5F8385AA943FA6AB4EF500
                                                                                                                                                                                                                                                  SHA-256:1DFA69BA967AB4ADF08C4440523CAC4B9430227A7668A0A1AA0FC333775E16EA
                                                                                                                                                                                                                                                  SHA-512:6A423AFA53F6A3EE7D9C1DC7CC89C26E9A9AD676D93DBD99C1FCD395A1B4B7A5AD92DD510F31B1AF48B1BC9787443B211FAD4F0E2285F827DE12EAE5349E8EB8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Scannen...",.. DL_SCANNING_MESSAGE: "Uw download wordt voor de veiligheid gescand.",.. DL_BLOCKED: "Download geblokkeerd",.. DL_SCANED: "Download gescand",.. SS_ON_STATE: "Beveiligd zoeken",.. SS_FIX_MESSAGE: "Fantastisch! Deze wijzigingen worden ge.mplementeerd wanneer u uw browser de volgende keer opnieuw start.",.. SS_OFF_STATE: "Actie vereist!",.. SS_OFF_MESSAGE: "Waarschuwing! 1 op de 10 zoekopdrachten bevat een gevaarlijke link.",.. SS_OFF_DIALOG_HEADER: "Voeg risicoclassificaties toe aan uw zoekresultaten",.. SS_OFF_DIALOG_CONTENT: "Weet hoe gevaarlijk een koppeling is voordat u erop klikt.",.. SS_SEARCH_OPTION: "Maak Beveiligd zoeken mijn standaardzoekmachine",.. THREAT_OFF_STATE: "Beveiligingswaarschuwing!",.. THREAT_OFF_MESSAGE: "Uw computer is blootgesteld, maar wij kunnen u helpen.",.. AVFW_DIALOG_HEADER: "Uw antivirus en firewall zijn uitgeschakeld",.. AVFW_DIALOG_CONTENT: "Sinds 2005

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5241
                                                                                                                                                                                                                                                  Entropy (8bit):5.554898483368969
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:qUIwsXVPIcXdt1qJZHybN1qfWl9my9bpE3TiYv5YTKSjzxj4dsd9DFsxee7G6T9:q1wsXVgcHoZHu2OlqukURj4di5te7F
                                                                                                                                                                                                                                                  MD5:36A6295576043C8E8265AE0B293F0278
                                                                                                                                                                                                                                                  SHA1:71C85F04D2BB8A6EB4E1A44DFE0694E8D4CF9784
                                                                                                                                                                                                                                                  SHA-256:F2A53E12CD5B1E7F5414C7BA50BE1C0E194FF8B24F441468F7B2DBE34F992F0A
                                                                                                                                                                                                                                                  SHA-512:34E00B00652F486EE4618B7268E7DA31DF4B122983FF80DC6C9FAA3EE6A05FD1AECBD63F178BD739C11A5BF6261606D3EA29A93C9828B1CBD55473CA8DAC280F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skanowanie...",.. DL_SCANNING_MESSAGE: "Na wszelki wypadek skanujemy pobierany plik.",.. DL_BLOCKED: "Pobieranie zablokowane",.. DL_SCANED: "Pobieranie przeskanowane",.. SS_ON_STATE: "Bezpieczne wyszukiwanie",.. SS_FIX_MESSAGE: ".wietnie. Zmiany zostan. wprowadzone po ponownym uruchomieniu przegl.darki.",.. SS_OFF_STATE: "Wymagane dzia.anie.",.. SS_OFF_MESSAGE: "Uwaga! 1 na 10 wyszukiwa. zawiera niebezpieczne ..cze.",.. SS_OFF_DIALOG_HEADER: "Dodaj oceny ..czy w wynikach wyszukiwania.",.. SS_OFF_DIALOG_CONTENT: "Dowiedz si., czy ..cze jest niebezpieczne, zanim je klikniesz.",.. SS_SEARCH_OPTION: "Ustaw Bezpieczne wyszukiwanie jako domy.ln. wyszukiwark.",.. THREAT_OFF_STATE: "Alert zabezpiecze.!",.. THREAT_OFF_MESSAGE: "Komputer jest nara.ony na zagro.enia, ale mo.emy Ci pom.c.",.. AVFW_DIALOG_HEADER: "Antywirus i zapora s. wy..czone.",.. AVFW_DIALOG_CONTENT: "Od 2005 r. bezpi

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5076
                                                                                                                                                                                                                                                  Entropy (8bit):5.3456641309639785
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:hzqsY64tGeMe1EjJDQYz8VMntBYv4tBg9Wq90QuG:hWnjE7e1iJl44BgD9Z
                                                                                                                                                                                                                                                  MD5:29C37461266F5EC54C912892D7DEA5BB
                                                                                                                                                                                                                                                  SHA1:2027257CCEA215C5B26AC43556313A869ED9793F
                                                                                                                                                                                                                                                  SHA-256:2D6742EFC60C9F941DD63D606C67415F98352F626DE4DCC21F9AD906C0634E65
                                                                                                                                                                                                                                                  SHA-512:4184F473F42C1A5F255E755566B64F010B86D144D033DB6A2291DAD22967A2CE4F9954AE9CBD4FEA25DA25A2AC19A66A39AF7858D0C721C7B4668AB74A072E3A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Varrendo...",.. DL_SCANNING_MESSAGE: "Estamos varrendo o seu download apenas por seguran.a.",.. DL_BLOCKED: "Download bloqueado",.. DL_SCANED: "Downloads varridos",.. SS_ON_STATE: "Pesquisa segura",.. SS_FIX_MESSAGE: "Excelente! Implementaremos essas mudan.as na pr.xima vez que voc. reiniciar o navegador.",.. SS_OFF_STATE: "A..o necess.ria!",.. SS_OFF_MESSAGE: "Aviso! 1 em 10 pesquisas cont.m um link perigoso.",.. SS_OFF_DIALOG_HEADER: "Adicione classifica..es de risco aos seus resultados de pesquisa",.. SS_OFF_DIALOG_CONTENT: "Saiba qu.o perigoso . um link antes de clicar.",.. SS_SEARCH_OPTION: "Tornar a Pesquisa segura meu mecanismo de pesquisa padr.o",.. THREAT_OFF_STATE: "Alerta de seguran.a!",.. THREAT_OFF_MESSAGE: "Seu computador est. exposto, mas podemos ajud.-lo.",.. AVFW_DIALOG_HEADER: "Seu antiv.rus e sua firewall est.o desativados",.. AVFW_DIALOG_CONTENT: "Cerca de 864

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5194
                                                                                                                                                                                                                                                  Entropy (8bit):5.346110251487307
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:L60E2K+GRZAEbZoyh5Mj+WkfVptFa9GqDXyImC:L6SKhDAmlk+bVLFaXDz
                                                                                                                                                                                                                                                  MD5:74A1FEF9FD994E5C29BCD75A5D10A1FE
                                                                                                                                                                                                                                                  SHA1:0405794450F059415289FA709D1EAC5798F4D893
                                                                                                                                                                                                                                                  SHA-256:67137ADF5237EAF8D9676D1076FF52875F65F98EC0FE91930B3AD1D79B063F76
                                                                                                                                                                                                                                                  SHA-512:C4F7A61292BAED702B1536E1D74791F8B6BE89F9D3886A2579DFF3B76667795DCCD001B2724658D822C09007500815B8BB05B3EE8BD9B26DDBE1A397D2E8CD41
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "A analisar...",.. DL_SCANNING_MESSAGE: "Estamos a analisar a sua transfer.ncia para garantir a m.xima seguran.a.",.. DL_BLOCKED: "Transfer.ncia bloqueada",.. DL_SCANED: "Transfer.ncia analisada",.. SS_ON_STATE: "Pesquisa segura",.. SS_FIX_MESSAGE: ".timo! Aplicaremos esta altera..es quando reiniciar o browser.",.. SS_OFF_STATE: "A..o necess.ria!",.. SS_OFF_MESSAGE: "Aten..o! 1 em cada 10 pesquisas cont.m uma liga..o perigosa.",.. SS_OFF_DIALOG_HEADER: "Adicione classifica..es de risco aos seus resultados de pesquisa",.. SS_OFF_DIALOG_CONTENT: "Conhe.a o n.vel de perigo de uma liga..o antes de clicar.",.. SS_SEARCH_OPTION: "Tornar a Pesquisa Segura o meu motor de pesquisa predefinido",.. THREAT_OFF_STATE: "Alerta de seguran.a!",.. THREAT_OFF_MESSAGE: "O seu computador est. desprotegido, mas podemos ajudar.",.. AVFW_DIALOG_HEADER: "O seu antiv.rus e firewall est.o desativados",

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7499
                                                                                                                                                                                                                                                  Entropy (8bit):5.002826493531936
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:J8/c1QuytDV2s488V+TtWHkWUIU9RyVto:J8/c1Qu+DwgWlUf9AVm
                                                                                                                                                                                                                                                  MD5:0B00B4F1DF53D7869D97AE55F5FD9F30
                                                                                                                                                                                                                                                  SHA1:B9828063943585D69A78C0A5163816F9749882C3
                                                                                                                                                                                                                                                  SHA-256:2D41BB850FEE8E3AF133D204ED946BA2383888017AE50326F2BA716F390DADD7
                                                                                                                                                                                                                                                  SHA-512:1E21CB4033310B38CEF36FC18A5D10ED6A251F47EF5EBDD40C4E2777125E32E90AABCFDD10D6E2EE69CBA583C8400E498B40A64BDAAA93CCF5DD9C5D9F837015
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "...........",.. DL_SCANNING_MESSAGE: "........... ............ .........",.. DL_BLOCKED: "............. ........:",.. DL_SCANED: "......... ........:",.. SS_ON_STATE: ".......... .....",.. SS_FIX_MESSAGE: ".......! ......... ..... ....... ... ......... ........... .........",.. SS_OFF_STATE: "......... ........!",.. SS_OFF_MESSAGE: "......... . ........... ....... ........ ...... .... ....... .......",.. SS_OFF_DIALOG_HEADER: "........ ....... ..... . .......... ......",.. SS_OFF_DIALOG_CONTENT: "..... ......... .. ...... ......., ......... ... .......",.. SS_SEARCH_OPTION: "....... ........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5398
                                                                                                                                                                                                                                                  Entropy (8bit):5.643833908825308
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:jTm1b9h9okCKuoXx9byC6n+Ih6hXV7ILNadt6rDSczFk9HVXrfj6n:jTob/9SKuqbyC6nYhScSicBk5Bfj6n
                                                                                                                                                                                                                                                  MD5:3655FD9C38BBE8F3A1FFD73062DD9FE2
                                                                                                                                                                                                                                                  SHA1:B40F7125588BD8A3196840F93B683A54FF6651FF
                                                                                                                                                                                                                                                  SHA-256:9CF3E0F6E0E4CF5CD638AB02AD388B9234F7ED4FF2FAFDE45CCE62A69D1ACBB1
                                                                                                                                                                                                                                                  SHA-512:7498900E9B263C2AC9F48162B99F3191F16F8E936D074E91A62CCA9B961F2753DE3F8EB4CB91E8F49C9388E69C9ED1814D25C4E63B88BEF6715B3E5F9760ED17
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Kontroluje sa...",.. DL_SCANNING_MESSAGE: "Stiahnut. s.bor sa kontroluje, len pre istotu.",.. DL_BLOCKED: "S.ahovan. s.bor bol zablokovan.",.. DL_SCANED: "S.ahovan. s.bor bol skontrolovan.",.. SS_ON_STATE: "Zabezpe.en. vyh.ad.vanie",.. SS_FIX_MESSAGE: "Skvel.! Zmeny sa uskuto.nia pri najbli..om re.tartovan. prehliada.a.",.. SS_OFF_STATE: "Treba kona.!",.. SS_OFF_MESSAGE: "Upozornenie: 1 z 10 vyh.ad.van. obsahuje nebezpe.n. odkaz.",.. SS_OFF_DIALOG_HEADER: "Pridanie hodnoten. rizika k v.sledkom vyh.ad.vania",.. SS_OFF_DIALOG_CONTENT: "Sk.r ne. kliknete na prepojenie, mali by ste vedie., .i je nebezpe.n..",.. SS_SEARCH_OPTION: "Nastavi. slu.bu Zabezpe.en. vyh.ad.vanie ako predvolen. vyh.ad.vac. n.stroj",.. THREAT_OFF_STATE: "Upozornenie zabezpe.enia:",.. THREAT_OFF_MESSAGE: "V.. po..ta. je v.ohrozen., ale m..eme v.m pom.c..",.. AVFW_DIALOG_HEA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5115
                                                                                                                                                                                                                                                  Entropy (8bit):5.416583517368563
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:a7um49Rmkzg/G5dK+J8tkaUnSlBS2DFA4s+roJGEUuzvYb9NKNvt3w/yTK:3VNzgOWS8ttFFV/b3KNlgqTK
                                                                                                                                                                                                                                                  MD5:1256512BE1EFBDC68E879DC97D4FA564
                                                                                                                                                                                                                                                  SHA1:DB86F80BA7CDFC48EE4D69745258CB2C197814E7
                                                                                                                                                                                                                                                  SHA-256:46A31754958D949387AFB60C5E454C797D0958A58965C7E429C528F140A7C42C
                                                                                                                                                                                                                                                  SHA-512:1195A75953C0A3031C37EEB33441057AC3689CD108EC29B25A024C90B9EB64E6A90309A8A6C12A722E149C88A356AADB48D17AE37D741149290DB0A5A0052ECA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Skeniranje...",.. DL_SCANNING_MESSAGE: "Skeniramo preuzeti sadr.aj radi va.e bezbednosti.",.. DL_BLOCKED: "Blokirano preuzimanje",.. DL_SCANED: "skeniranje preuzimanja",.. SS_ON_STATE: "Bezbedna pretraga",.. SS_FIX_MESSAGE: "Odli.no! Ove izmene .e biti unete kada slede.i put pokrenete pregleda..",.. SS_OFF_STATE: "Potrebno je preduzeti odre.ene korake!",.. SS_OFF_MESSAGE: "Upozorenje! Svaka deseta pretraga sadr.i opasnu vezu.",.. SS_OFF_DIALOG_HEADER: "Dodajte ocene rizika u rezultate pretrage",.. SS_OFF_DIALOG_CONTENT: "Saznajte koliko je neka veza opasna pre nego .to kliknete na nju.",.. SS_SEARCH_OPTION: ".elim da bezbedna pretraga bude moj podrazumevani pretra.iva.",.. THREAT_OFF_STATE: "Bezbednosno upozorenje!",.. THREAT_OFF_MESSAGE: "Va. ra.unar je izlo.en pretnjama, ali mi vam mo.emo pomo.i.",.. AVFW_DIALOG_HEADER: "Antivirusni program i za.titni zid su isklju.eni",.. AVFW

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4882
                                                                                                                                                                                                                                                  Entropy (8bit):5.406741594701944
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:fl+hIZSmigy7tw5va0ZPYVhH9lSIkMKJU9xIGRQtVRW:d+hIZC7twtn8HQJJUQGRIW
                                                                                                                                                                                                                                                  MD5:ED90CCC22D94259863411386C6DE31D9
                                                                                                                                                                                                                                                  SHA1:5215A30E75B0B24B1C346FDE2E1841A85FA16F4D
                                                                                                                                                                                                                                                  SHA-256:C014BF7588A24566A02ADC04E7BC656CAA655F374E61AE97C4A4C581716F660E
                                                                                                                                                                                                                                                  SHA-512:1A377928F0DE59F1999D0745412C6786C06471A29E32892DC52C43748513A80BF269E343177CD686C56E62DF9B4F6C6824D2F4F21A35E91F0044B1BA1CA275C4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Genoms.ker...",.. DL_SCANNING_MESSAGE: "Vi genoms.ker h.mtningen f.r s.kerhets skull.",.. DL_BLOCKED: "H.mtning blockerad",.. DL_SCANED: "H.mtning genoms.kt",.. SS_ON_STATE: "S.ker s.kning",.. SS_FIX_MESSAGE: "Perfekt. Vi utf.r .ndringarna n.sta g.ng du startar om din webbl.sare.",.. SS_OFF_STATE: ".tg.rd kr.vs!",.. SS_OFF_MESSAGE: "Varning! 1 av 10 s.kningar inneh.ller en farlig l.nk.",.. SS_OFF_DIALOG_HEADER: "L.gg till riskklassificering i dina s.kresultat",.. SS_OFF_DIALOG_CONTENT: "Du f.r veta hur farlig en l.nk .r innan du klickar p. den.",.. SS_SEARCH_OPTION: "V.lj S.ker s.kning som standardalternativ f.r s.kmotorer",.. THREAT_OFF_STATE: "S.kerhetsvarning!",.. THREAT_OFF_MESSAGE: "Datorn .r utsatt f.r risk, men vi kan hj.lpa till.",.. AVFW_DIALOG_HEADER: "Antivirus och brandv.ggen .r inaktiverade",.. AVFW_DIALOG_CONTENT: "Cirka 864 miljoner personliga da

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5273
                                                                                                                                                                                                                                                  Entropy (8bit):5.486084661941598
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:THxCtJRQDY8NoBGZOpo/n2ovqXm/IwjfdZ1zT4x9hEKHCnAzvjUB:7xCtANoBGnR/TdZJ4xEsvU
                                                                                                                                                                                                                                                  MD5:16DD9886CC8A8E2D47F02CF6B5963C3F
                                                                                                                                                                                                                                                  SHA1:B05E5AF94B50984FC4BF4285FA3D61CB3ABA881E
                                                                                                                                                                                                                                                  SHA-256:4F35D4163571622E74B655567B6AA0A3716D2DAC09653F57C873504BFFCD8B90
                                                                                                                                                                                                                                                  SHA-512:7C8A194D5ACFA94ADAA7B3C5C3F45A40E13EA1515D2D105774E759630263472EA96962F741440CCFA896184DC42786420DB8109F5EE7E6535377C0948EED3DBD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: "Taran.yor...",.. DL_SCANNING_MESSAGE: "Her ihtimale kar.. indirmenizi tar.yoruz.",.. DL_BLOCKED: ".ndirme engellendi",.. DL_SCANED: ".ndirme tarand.",.. SS_ON_STATE: "G.venli Arama",.. SS_FIX_MESSAGE: "Harika! Taray.c.y. bir sonraki sefer ba.latt...n.zda bu de.i.iklikleri uygulayaca..z.",.. SS_OFF_STATE: "Eylem gerekli!",.. SS_OFF_MESSAGE: "Dikkat! 10 aramadan biri tehlikeli ba.lant. i.erir.",.. SS_OFF_DIALOG_HEADER: "Arama sonu.lar.n.za risk de.erlendirmeleri ekleyin",.. SS_OFF_DIALOG_CONTENT: "T.klamadan .nce bir ba.lant.n.n ne kadar tehlikeli oldu.unu bilin.",.. SS_SEARCH_OPTION: "G.venli Arama'y. varsay.lan arama motorum yap",.. THREAT_OFF_STATE: "G.venlik Uyar.s.!",.. THREAT_OFF_MESSAGE: "Bilgisayar.n.z savunmas.z ancak size yard.mc. olabiliriz.",.. AVFW_DIALOG_HEADER: "Vir.sten koruma ve g.venlik duvar. kapal.",.. AVFW_DIALOG_CONTENT: "2005'ten

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4673
                                                                                                                                                                                                                                                  Entropy (8bit):6.276205522230196
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:THIWI0hyh/2vKsPMP0VIQUuGOPpBM9Yc81vzNcS:T5Qh/Yq9joBMGz1p3
                                                                                                                                                                                                                                                  MD5:E66D37AAB885C74B33FD5071D791AE2E
                                                                                                                                                                                                                                                  SHA1:339AD07D34524474667AF8E6986BEECE43EA4521
                                                                                                                                                                                                                                                  SHA-256:632988C5A468576BECF2BC1C48EF2BDD22CA44B64001A7BB8273E36F5E2C46F6
                                                                                                                                                                                                                                                  SHA-512:61BCC0A4989CD0A290CBF78A05144781DFFCA7695E77D1151446CF4DAB2470275764A48CFE203990EC4474268810773FF1242EEABA7AA74293200BDAE0ED8ECB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".......",.. DL_SCANNING_MESSAGE: "..................",.. DL_BLOCKED: "......",.. DL_SCANED: "......",.. SS_ON_STATE: "....",.. SS_FIX_MESSAGE: "...! ....................",.. SS_OFF_STATE: "....!",.. SS_OFF_MESSAGE: "...1/10 ............",.. SS_OFF_DIALOG_HEADER: "...........",.. SS_OFF_DIALOG_CONTENT: "...................",.. SS_SEARCH_OPTION: ".............",.. THREAT_OFF_STATE: ".....",.. THREAT_OFF_MESSAGE: "...................",.. AVFW_DIALOG_HEADER: "............",.. AVFW_DIALOG_CONTENT: ". 2005 ....... 8.64 ..................<br/

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4704
                                                                                                                                                                                                                                                  Entropy (8bit):6.287282072477445
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:+54tUIE58+sUHLz4111bAmwqkFvHOVJXBxC7RP9LX9Qom/6tTh:+utkVAdAm8uf0X6/StV
                                                                                                                                                                                                                                                  MD5:0D802B12B61EB7530F3D7A4D422E8D58
                                                                                                                                                                                                                                                  SHA1:9E1345A686E7418E769315A31526FE80062AFE23
                                                                                                                                                                                                                                                  SHA-256:FC46CFEC7591898641E8BA53D247F6DAEBD01432AA65ABD9DD48B41BA9E3D9A7
                                                                                                                                                                                                                                                  SHA-512:D448CDBCA3F4387370E08218BAB8670D22DB73E7D013743374053D8F903FCC9235B6DAE5E6C91CE1C71FE91CE35F9B2BEE0B6CDEDF8DAB2772D65AB5CB84D542
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrCheckList_ = {.. DL_SCANNING_STATE: ".......",.. DL_SCANNING_MESSAGE: "..............",.. DL_BLOCKED: ".....",.. DL_SCANED: ".....",.. SS_ON_STATE: "....",.. SS_FIX_MESSAGE: ".......................",.. SS_OFF_STATE: ".....",.. SS_OFF_MESSAGE: "...10 ..... 1 ........",.. SS_OFF_DIALOG_HEADER: ".............",.. SS_OFF_DIALOG_CONTENT: "..................",.. SS_SEARCH_OPTION: "...............",.. THREAT_OFF_STATE: "......",.. THREAT_OFF_MESSAGE: "...................",.. AVFW_DIALOG_HEADER: "...........",.. AVFW_DIALOG_CONTENT: ". 2005 ...... 8 . 6 . 4 ...................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1510
                                                                                                                                                                                                                                                  Entropy (8bit):5.7308486902000615
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTt2GGq0IQDhhlGGqg4o1GGGqUdVkrN0/Fq9eA0dmQAjaha:w3q0Fhl3qg71G3qUvkrNeq9f0dm7Ca
                                                                                                                                                                                                                                                  MD5:952AC00977A6A75229831F51439FBED3
                                                                                                                                                                                                                                                  SHA1:D0CD40469B603D1880B6C40D187D98620E3D9F3E
                                                                                                                                                                                                                                                  SHA-256:9132DD6D4BA0C2911D90E7E3FBD6F2E09422CC861C3D85DDB0492E4E717002CD
                                                                                                                                                                                                                                                  SHA-512:72B546181A83EAC8D29864456B19237FE9B0EECEA09AF63C7100B3463F157027F4BACA6F85FDF279625E3158508F7A1E97F45EB4FA88A37293B26A40FD2F8356
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Z.skejte bezplatnou ochranu p.i proch.zen. internetu od spole.nosti McAfee kliknut.m na mo.nost {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Povolit roz...en.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "Pomoc. mo.nosti {0} zapnete tyto funkce vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Povolit roz...en.",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Pomoc. mo.nosti {0} budete d.le chr.n.ni online d.ky t.mto funkc.m vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Ponechat zm.ny",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "Pomoc. mo.nosti {0} programu McAfee. WebAdvisor zapnete tyto funkce vy... ochrany: Bezpe.n. hled.n. McAfee., Blokov.n. reklam a Blokov.n. sledov.n..",.. ADBLOCK_PERMISSION_ADDED_CONT

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1414
                                                                                                                                                                                                                                                  Entropy (8bit):5.5444424224442725
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTEz6tBWYCISc5ciWzCISNOFBWYCISrrVpz92w56WYaF4glU8:U4nCISc5cvCISNOFnCISrxRmWnF418
                                                                                                                                                                                                                                                  MD5:7CCDD6A86B6C29F577C45DD7821028EE
                                                                                                                                                                                                                                                  SHA1:EE43BAA8BC9579B3885DB7F256E5F3B3E6534FC3
                                                                                                                                                                                                                                                  SHA-256:CF42402BCCA3F4B9D934C26076995CE51AF247CB737F5A1FFB624581F36752F4
                                                                                                                                                                                                                                                  SHA-512:DBB7C3D54A8120B48E89A938FBC2B39A11B5CCDEAD2533BFF8E3AD0B1D7A8BC000DD73844B826115E22191C09778AE2A500BF8E21CA754E2C24FE76D9DA899F8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Hent den gratis webbeskyttelse fra McAfee ved at klikke p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiv.r udvidelse",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} for at sl. disse ekstra sikkerhedsfunktioner fra McAfee. til: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiv.r udvidelse",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} for fortsat at v.re beskyttet online med disse ekstra sikkerhedsfunktioner fra McAfee.: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Behold .ndringer",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor for at sl. disse ekstra sikkerhedsfunktioner fra McAfee. til: sikker s.gning, blokering af reklamer og blokering af sporingsfiler.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Tillad",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ak

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1494
                                                                                                                                                                                                                                                  Entropy (8bit):5.514748469930225
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTjZ+CqIYh/aCCqIYVdQvTMzTIAc7HQmKnCqIY4DMEIWljVnARzSQd:zZ+lxVlxVebMzTEQmKnlx4DO+JnXQd
                                                                                                                                                                                                                                                  MD5:222E72A8FD24B4BD56C3B83756348D44
                                                                                                                                                                                                                                                  SHA1:D67E9B10B0B4D008B96615F8FB5AEF86300E414B
                                                                                                                                                                                                                                                  SHA-256:ACC453C349AE57B5073CA8F30C6707EC99B52F21E81F11B941D8FEC9DB62ED15
                                                                                                                                                                                                                                                  SHA-512:AC1EFD688C437214B245EF08583AEED49B117101BC293FC3FA01D33F80CC9CBDA534D6C27CA0E0F3F1B8224D25D8909721C2A03C8A896BB5CC3EB8FEFB63FA49
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Nutzen Sie den kostenlosen Web-Schutz von McAfee, indem Sie auf "{0}" klicken.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Erweiterung aktivieren",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "Klicken Sie auf "{0}", um die folgenden Funktionen des zus.tzlichen Schutzes zu nutzen: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Erweiterung aktivieren",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Klicken Sie auf "{0}", um weiterhin mit den folgenden Funktionen des zus.tzlichen Schutzes online gesch.tzt zu bleiben: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".nderungen beibehalten",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "Klicken Sie f.r McAfee. WebAdvisor auf "{0}", um die folgenden Funktionen des zus.tzlichen Schutzes zu aktivieren: McAfee. Sichere Suche, Ad-Blockierung und Tracker-Blockierung.",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2138
                                                                                                                                                                                                                                                  Entropy (8bit):5.217917771128103
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTYCoYrWTMeJ3P/oYeITMeJ3Pq2dnzgWTMeJ3P+PPvKoYC0EDdX0y2wyilhXphz:TWRpEIRpq2dzgWRp+Pt0EDdZhB
                                                                                                                                                                                                                                                  MD5:F480CAFB6E6AB3C73664518C7F6DCE08
                                                                                                                                                                                                                                                  SHA1:BA22771FA3F1CA35A9E41CC9BECD0C1768FCC3A1
                                                                                                                                                                                                                                                  SHA-256:CC51D88615DA148FBF5396B2A98B3195BC709536C9DA6812A9C330D4B326CE59
                                                                                                                                                                                                                                                  SHA-512:EE17EE494FAEDB59D22F4D543BA1521637B460D39B82B2EE00452DACB56DA529694FC5747DE300155C5ACEFCC3462B04F628A5B6C4E87B4F198A8362FCF7DF93
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "......... ...... ......... ... .. McAfee ........ .... ... {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............ .........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} ... .. .............. ..... ... ........... ......... ..........: ....... ........., ........... ........... ... ........... .......... ... McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............ .........",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} ... .. ........... ........ online .. ..... ... ........... ......... ..........: ....... ........., ........... ........... ... ........... .......... ...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1249
                                                                                                                                                                                                                                                  Entropy (8bit):5.490467303745762
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTBv4lHkVKlHNEAkulHrRH/T5fLCOPmK:V4lHkVKlHNpkulHrRH/ht
                                                                                                                                                                                                                                                  MD5:BB4BB22B690B376D8929C2CC25BF2B12
                                                                                                                                                                                                                                                  SHA1:14E7C6B2EDCEF13331C60FA6DE88F42A431C9EB0
                                                                                                                                                                                                                                                  SHA-256:5D4B6883689465D1D2535FEC8177B798DCC34743AFE22DB065C37FB43C5F1BBF
                                                                                                                                                                                                                                                  SHA-512:196B700246267E0ABD861566232A698BD3F2B82CDB2EF4CA42EEA7F81B376A3B02983AC4841B489A125EBB9B0262ECEBA570601A30A39E824AA86B9821AEB645
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Get your free web protection from McAfee by clicking {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enable extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} to turn on these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enable extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} to continue staying safe online with these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Keep changes",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor to turn on these Added Protection features: McAfee. Secure Search, Ad Blocker and Tracker Blocker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Allow",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Enable extension",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "to finish setting up WebAdvisor.",.. CHROME_ENABLEMENT_GUIDE_C

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1447
                                                                                                                                                                                                                                                  Entropy (8bit):5.489080845620684
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HT81my6MaXBldRzVenBldR+MQOAz/HQ2BldRiud91QHIc0x81mHkysdN:M1m/MaRlXVeBlKMQOAz/HZleudEr0O1H
                                                                                                                                                                                                                                                  MD5:F5976C18C8AB9C484A9FB7FA7B785EDE
                                                                                                                                                                                                                                                  SHA1:318CF0881E841E3154F8A82CCC6E682E28B5C87D
                                                                                                                                                                                                                                                  SHA-256:7B3A200EC1EBEFB6433B4E1F6CDFC53AA9E232379B2765714EC9DA7F3EC727E1
                                                                                                                                                                                                                                                  SHA-512:CDDFDFB566446CD2DBB4B5BC457B4C42BD87B699A26ECC2A186BE0BEDC7830D123FB1023D42340FF7451F2F0B45246AF646D90BE5E592DC6E2E1B308862E0A04
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Disfrute de la protecci.n web gratuita de McAfee haciendo clic en {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Habilitar extensi.n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para activar estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Habilitar extensi.n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para seguir estando protegido en Internet con estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conservar cambios",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} WebAdvisor de McAfee. para activar estas funciones de Protecci.n a.adida: B.squeda segura, Bloqueador de anuncios y Bloqueador de rastreadores de McAfee..",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHR

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1434
                                                                                                                                                                                                                                                  Entropy (8bit):5.478348436291751
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTBWmy6caQmDdJVe9mDdsMQOAzdmDdQ0a0yLh1mH3/:Em/caQs/Ve9s6MQOAzdsuPRLh1mH3/
                                                                                                                                                                                                                                                  MD5:347D21A367591A956DDD60421EC6F9D1
                                                                                                                                                                                                                                                  SHA1:E7DD98B8B423C4FF845F0791D850AB37F7147A05
                                                                                                                                                                                                                                                  SHA-256:CC3318BF5006AFEB6462820BC4EF081908200C76E929F1DB7B066AD1437708A7
                                                                                                                                                                                                                                                  SHA-512:73DCFAD2F11DD6097A0657BB4A455C09370A02CFB4524B33DE27018712AF6CC0056A067DE891EF4EB5201EFFCF1693A182D84C28AB7567E57DD4E635BC5027C4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenga su protecci.n web gratuita de McAfee haciendo clic en {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activar extensi.n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para habilitar estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activar extensi.n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para continuar seguro en l.nea con estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conservar cambios",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor para habilitar estas funciones de Protecci.n Adicional: B.squeda segura de McAfee., Bloqueador de anuncios y Bloqueador de rastreadores.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHROME_ENABLEMENT

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1371
                                                                                                                                                                                                                                                  Entropy (8bit):5.523574079075182
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTigoQ6AHPXTSgVCPP3TOcJ9PgTKTSzogH07RQuzSZCsQJwzimvd:PZtXbVQ3qcJt3+zVUVXXN2mq
                                                                                                                                                                                                                                                  MD5:2BD1EFE6A5E9A74308673F6A3E391584
                                                                                                                                                                                                                                                  SHA1:D928B2C7863AB95F81A3BEE96EDA913E92FE3417
                                                                                                                                                                                                                                                  SHA-256:E7119B544C60B9A506393749ADB8705591F95886282D0537875A954C3AD39F37
                                                                                                                                                                                                                                                  SHA-512:BB9BC19573534ED30D489A33CE2718DF92568EE565A55BEA8A8E453AE40A6498A7A4AF8325FBDD51EBFB8E751B1C68D084B794192C82D59E124A2029C5551EFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Hanki McAfeen verkkosuojaus maksutta napsauttamalla {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ota laajennus k.ytt..n",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, jotta voit k.ytt.. n.it. lis.suojausominaisuuksia: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ota laajennus k.ytt..n",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, jotta pysyt jatkossakin turvassa verkossa n.ill. lis.suojausominaisuuksilla: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "S.ilyt. muutokset",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0}, ett. McAfee. WebAdvisor ottaa n.m. lis.suojausominaisuudet k.ytt..n: McAfeen. suojattu haku, mainosten esto ja seurannan esto.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Salli",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ota laajennus k.ytt..n",.. CHROME_ENABLEMENT_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1453
                                                                                                                                                                                                                                                  Entropy (8bit):5.47242197014462
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTBU39MC7soZ8JyVt0oZ8JVuh6oZ8JTm6Tb41mgEyNlThDn+:S7BasV3aT6HahmKU1PXThD+
                                                                                                                                                                                                                                                  MD5:9A6724E82BD656390E9B94EBDC18DA14
                                                                                                                                                                                                                                                  SHA1:D3F5E2C9E392BF0BBCE501144AF230A748B20A1F
                                                                                                                                                                                                                                                  SHA-256:CFD4418961A4257D0A082198CDD6E82B1ACB274B93C2BE17436B8EFBDE5CD759
                                                                                                                                                                                                                                                  SHA-512:6C94DFE2ACA585C1DE0C2D365D6D660D55E0757CC9B6614E2E090EC2B40A49ABABCB60BBF5D59D70AB74A0504E098146627B42C682840BA01B8108EE9F79CD4B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenez votre protection Web gratuite de McAfee en cliquant sur {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} pour activer ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} pour continuer . .voluer en ligne en toute s.curit. gr.ce . ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Maintenir les changements",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor pour activer ces fonctions de protection accrue: recherche s.curis.e McAfee., Bloqueur de publicit. et Bloqueur de localisateur.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Autoriser

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1510
                                                                                                                                                                                                                                                  Entropy (8bit):5.50151203088086
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTCKMC7mZ8yHVt2ZGNZ8ysMQu0Z8yQjSFbV+bzFtWrkzkIRah:yq7ma0VwSa7MQu0apeFMpmcR0
                                                                                                                                                                                                                                                  MD5:9B2A8AB4F1BAE9902B78E0F3F5D4E232
                                                                                                                                                                                                                                                  SHA1:E7189231932D2D0ED26074EBADCA8A8FF08B9EBB
                                                                                                                                                                                                                                                  SHA-256:ABF2D6A213F3B0C28AE5397727E1CAEA4A7C54FC63CEE72C89E8428458E04D88
                                                                                                                                                                                                                                                  SHA-512:0E5ACF8F48C5FAB0FC39F6BA4B2FA4F419C22E10B190DC272EA32A1EBFCE5F509636A2C78DE31EE21CDC0A439C5C4AC402602774AC5D95EF5EE2ABC8270B00B5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "B.n.ficiez de la protection web gratuite de McAfee en cliquant sur {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} pour activer ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Activer l'extension",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} pour continuer . .tre prot.g. en ligne avec ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Conserver les modifications",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor pour activer ces fonctionnalit.s de Protection renforc.e.: Recherche s.curis.e McAfee., Bloqueur de publicit.s et Bloqueur de trackers.",.. ADBLOCK_PERMISSION_ADDED_CONTENT

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1402
                                                                                                                                                                                                                                                  Entropy (8bit):5.615778989371223
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HThh5mCPPDSIuREwP3ycRCCPPDmetuqELFbiFCsr1:Rh5mCPPDSI6xP3ycRCCPPDm6pELFOFhR
                                                                                                                                                                                                                                                  MD5:13B4643F485BA6D7CEA00A60F19494C2
                                                                                                                                                                                                                                                  SHA1:809DA37950B3908776DFFEA07AA923885CB99E00
                                                                                                                                                                                                                                                  SHA-256:6E6A185CF72F5553AC9F4671351967CB241E5289AEAD350D664859A961C4E0FD
                                                                                                                                                                                                                                                  SHA-512:EFF88C2DEE3A0C7A74A7C458EBE1AFA67B8D133EFFF1FC2E4FCD396B723A3D720ED03F05DD08CCD8D9E6673410492F38B27583E19B72865A57A5BF3EE78A1112
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Dobijte svoju besplatnu web za.titu od McAfee-a klikom na {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.i pro.irenje",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} da biste uklju.ili ove funkcije za dodatnu za.titu: McAfee. Sigurna pretraga, Blokada oglasa i blokada alata za pra.enje.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.i pro.irenje",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} kako biste nastavili biti sigurni na mre.i s ovim dodatnim zna.ajkama za.tite: McAfee. Sigurna pretraga, Blokada oglasa i blokadu alata za pra.enje.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Spremi promjene",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. da biste uklju.ili ove funkcije za dodatnu za.titu: McAfee. Sigurna pretraga, Blokada oglasa i blokada alata za pra.enje.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Odobri",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Omogu.i pro.irenje",.. CHROME_E

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1518
                                                                                                                                                                                                                                                  Entropy (8bit):5.680219099732828
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTt3WD/Pwd03L7mtPsJePwd0kYGc8hQwde/WCpeT4zAsjWE+p71:5EP20bStUwP20kYGcIQ2e/JYeAsyE+Z1
                                                                                                                                                                                                                                                  MD5:CDA34B94F6482896BE2433B1FE169230
                                                                                                                                                                                                                                                  SHA1:013647E9561364278A9BC63702CD816D0581A9E0
                                                                                                                                                                                                                                                  SHA-256:26089964398D8A35A393AA3E3558D6F640FBEC25D9B60C543D20AFF2BFCBA5BF
                                                                                                                                                                                                                                                  SHA-512:8A47BE0BFE1E2BD7D845FFDC98495AEB29AD1FE81930C4741B87CB5988EB7A2FA2493A8EB0AD764139076E8B3778E8E70DEAAB07882C412B9F4ACED9CB9961EB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "A McAfee ingyenes webes v.delm.nek ig.nybe v.tel.hez kattintson a(z) {0} elemre.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "B.v.tm.ny enged.lyez.se",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} a tov.bbi v.delmi funkci.k, a McAfee. biztons.gos keres.s, a hirdet.sblokkol.s .s a k.vet.blokkol.s bekapcsol.s.hoz.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Enged.lyezze a b.v.tm.nyt",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, hogy tov.bbra is biztons.gban legyen online a tov.bbi v.delmi funkci.k, a McAfee. biztons.gos keres.s, a hirdet.sblokkol.s .s a k.vet.blokkol.s r.v.n.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".rizze meg a m.dos.t.sokat",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0}, hogy a McAfee. WebAdvisor bekapcsolja a hozz.adott v.delmi funkci.kat a McAfee. biztons.gos keres.st, a hirdet.sblokkol.st .s a k.vet.blokkol.st.",.. ADBLOCK_PERMISSION_ADDE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1405
                                                                                                                                                                                                                                                  Entropy (8bit):5.465869446781161
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HT1z0nFTVKnrpGpcJVKnrpGNG7FTVKnrpGrjQDej2lDuzgx:Fz0FTYrpGpcJYrpGNGBTYrpGrjQCj2lv
                                                                                                                                                                                                                                                  MD5:66A94E7B4E31892F28A39C5C21EDFA29
                                                                                                                                                                                                                                                  SHA1:A0AF983CCE61A29F051654B8B8BEA9F854BF505B
                                                                                                                                                                                                                                                  SHA-256:4F1AD7E17605DB5AA697B12F20992B0680C281365C2A57DC38B653697D3B9A2F
                                                                                                                                                                                                                                                  SHA-512:BF094A38258435E0CE112928DA1E8A1CDCFB0706576F29686AA4C5DD2189AA27DFB4665010D9707B576E1C73ED97E89DE978720CD5DFD74E993967FD0C1EEE88
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Ottieni la protezione Web gratuita McAfee facendo clic su {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Attiva l'estensione",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} per attivare queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Attiva l'estensione",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} per restare protetto online con queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Mantieni i cambiamenti",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} a McAfee. WebAdvisor di attivare queste funzionalit. di protezione aggiuntiva: Ricerca sicura McAfee., Blocco della pubblicit. e Blocco dei tracker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Consenti",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Attiva

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1682
                                                                                                                                                                                                                                                  Entropy (8bit):5.755218080478307
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:x8H0vGRwMvNaRw8CvrbQRwA8vxvovyZWKzAFV3:a2UwuewDrWwA+pyqWKMFF
                                                                                                                                                                                                                                                  MD5:BC463EE3DA1F25CE1DD7B76E9CA05E2C
                                                                                                                                                                                                                                                  SHA1:A87F7C887D8FAB4191687AF39AEEA2297A2A1EB3
                                                                                                                                                                                                                                                  SHA-256:A8A56277FFD79EB42ED1170652D84F193917412160FD8529836DA3265753AC77
                                                                                                                                                                                                                                                  SHA-512:EEC3CB2B0EE92E05375638A728E1BB491AE97E1474AB6397441449D97CCAF81E33278C64D4CD7910AFC755205E2940F34652B60CA93F3C3D4888944869ED32A9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0}................. Web ............",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}.......... .... ..........................................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "............",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}.......... .... ..........................................................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".......",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "...... ..........{0}.......... ...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1350
                                                                                                                                                                                                                                                  Entropy (8bit):6.006146131137553
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HT5dVhbu+vNh0/p7OvmksBv01I+vqNhGjB+Xx2ZZBju0p:pXvkJOvmdBvAvq5B2ZZB60p
                                                                                                                                                                                                                                                  MD5:06702AF578E6B22482A75FA51B843965
                                                                                                                                                                                                                                                  SHA1:FA2AE0343264EF1DBF4B579E29192A08AD7CC2ED
                                                                                                                                                                                                                                                  SHA-256:286BA24428AC4ECC198BA77B2A58943451CDC3BD1F205718C0C1EE52280FC244
                                                                                                                                                                                                                                                  SHA-512:E3E002E02B9AE44F51753D2694CF95224C4DC7FFD3E030CFA8E3D6910B9B7CC0B94E8BD393816521ABD3A4090F0E5BAD38243E5BCA7E31FC37365D9B1A7C6EFA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0}. .... McAfee. .. . ... .....",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: ".. ..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}. .. .. .. .. ... .... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: ".. ..",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}. .. .. .. .. .... ... ... ... ..... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: ".. .. ..",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "McAfee. ....... {0}.. .. .. .. ... .... McAfee. .. .., .. ..., .. ...",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: ".. ..",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1389
                                                                                                                                                                                                                                                  Entropy (8bit):5.562698623437252
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HT7bqCaYyGIG3aYEgdXCCaYIRSPuA9/3QFYKDOVh:rWCaPQ3a3gdXCCa1oPuAN3Kbq
                                                                                                                                                                                                                                                  MD5:17CFA17F85DF05A9623708D6159DAE42
                                                                                                                                                                                                                                                  SHA1:88128E5BF8DF4830B1EA3EB6175279A7488EDD38
                                                                                                                                                                                                                                                  SHA-256:73C4F22C1EC7440DA09B3370F01264A28FB660EA99488D9937147DAD229714B2
                                                                                                                                                                                                                                                  SHA-512:30D18EF68DFA53348B0490ED053356199B28FE511DC44023961055110EF9F0606DD2B26AA53CC09C6A88C6E5DA05DEC03BB297B3CB3235172614F45148350354
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "F. kostnadsfri webbeskyttelse fra McAfee ved . klikke p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiver utvidelse",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} for . sl. p. disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktiver utvidelse",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} for . f. uavbrutt nettsikkerhet med disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Behold endringer",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor for . sl. p. disse funksjonene i Ekstra beskyttelse: McAfee. Sikkert s.k, Annonseblokkering og Annonsesporingsblokkering.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Tillat",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Aktiver utvidelse",.. CHROME_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1362
                                                                                                                                                                                                                                                  Entropy (8bit):5.488513290813395
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HT+2CwmVpm7KECQc6WpV6LqKECh6zhpTnKECZ6BMcpS3KfwDwzxFU5qu:ulHXQc6CVsph6znTCZ6BMIS3KQAxFU5V
                                                                                                                                                                                                                                                  MD5:4FEC3D3013AE3960661692481D4EDB83
                                                                                                                                                                                                                                                  SHA1:EB94F6848879D5C40B34C4CDCE9C075051FB820A
                                                                                                                                                                                                                                                  SHA-256:F4E6730E587783080569765A77A785382751900C2ED5B6272D020DAEF43B85F6
                                                                                                                                                                                                                                                  SHA-512:A6154C22506833208B9DEE8839362E6A0DFBBC14023E7E9686E6FF33531F5EB16525B1CD6B4F4D739EDA3B58F66126AB313376023C1C6779D5164D2CE20D17E0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Activeer uw webbescherming van McAfee door op {0} te klikken.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Extensie inschakelen",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} om deze functies voor Extra bescherming te activeren: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Extensie inschakelen",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} om online veiligheid te handhaven met deze functies voor Extra bescherming: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Wijzigingen behouden",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} dat McAfee. WebAdvisor deze functies voor Extra bescherming inschakelt: McAfee. Secure Search, Advertentieblokkering en Trackerblokkering.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Toestaan",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Extensie inschakelen",.. CHROME_ENAB

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1445
                                                                                                                                                                                                                                                  Entropy (8bit):5.692269550840036
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HThG9K7qoBXUUyTNHyAoBXs0W17ZGoBXQLVTEaWjNwc4u2Hs:xG99IXnkHyAIXs0W17ZGIXQLVoaKNwcf
                                                                                                                                                                                                                                                  MD5:43192C8FC49E340A87336605440CE8B8
                                                                                                                                                                                                                                                  SHA1:3FFEE3CD20B1AD2FD89069B1A78E307F3D039275
                                                                                                                                                                                                                                                  SHA-256:81EE335AA99A98334D55E38836706FC2ED29716BF8A346F4C176D4007FAC49A0
                                                                                                                                                                                                                                                  SHA-512:6983C41D20C456227AD37107720B4BE3655C605DFFDD8EE4AC66B6D8DBA1E1769A4B5B952B3DECE12F256EC03D86EA672CBF793A1AA85F95F4E93A0954F20A8F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Otrzymaj bezp.atn. ochron. w sieci Web od firmy McAfee, klikaj.c {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "W..cz rozszerzenie",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, aby w..czy. funkcje Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "W..cz rozszerzenie",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, aby zachowa. bezpiecze.stwo w Internecie dzi.ki tym funkcjom Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Zachowaj zmiany",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} programowi McAfee. WebAdvisor na w..czenie funkcji Dodatkowej ochrony: Bezpieczne wyszukiwanie McAfee., Blokowanie reklam i Blokowanie .ledzenia reklam.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Zezw.l",.. CHROME_ENABLEMEN

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1387
                                                                                                                                                                                                                                                  Entropy (8bit):5.506991556456199
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTBsKJqk3NnebNgHbrxkHjFRt7Siu47VfMnOA/+O:yaqk3NnebNg7rxCFq4ynOAWO
                                                                                                                                                                                                                                                  MD5:FBE39EC0DBFE2816B42BB68887D3B030
                                                                                                                                                                                                                                                  SHA1:B82CF4E6B4A5C3E74CB1E2DECCB94DDE56330142
                                                                                                                                                                                                                                                  SHA-256:910C7854052E7CB18154EC9FD2DC1C743291D8917034F27006F6CE1681FBA084
                                                                                                                                                                                                                                                  SHA-512:95D68E16B68CDBA3266DE12ECA52C44AE174F7A1DFDAA9FEACDD274A518F801ED8F648471EB04A49E56BCEB6E95E19EC0173366F77533DFB9B8BB842B686441B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenha sua prote..o gratuita na Web da McAfee clicando em {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para ativar estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para se manter seguro com estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Manter altera..es",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} o McAfee. WebAdvisor para ativar estes recursos de Prote..o adicional: Pesquisa Segura, Bloqueador de an.ncio e Bloqueador de rastreador da McAfee..",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Ativar extens.o"

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1439
                                                                                                                                                                                                                                                  Entropy (8bit):5.517413148992093
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTBV0k3gQWF3+be0GQWF3+hgoQQWF3+vxkHjJYPJW11wgQdg:D0k3gQWObe0GQWOhgvQWOvxCJuW8gQdg
                                                                                                                                                                                                                                                  MD5:4AF297B7BE41DFA4EB86EF803461EB18
                                                                                                                                                                                                                                                  SHA1:9AC16E6A1D01A324010204054F678641EFC3FC92
                                                                                                                                                                                                                                                  SHA-256:9ED643E393BC88F631B0F68A640F71E077305F1577A11290FB26E2E95706DD79
                                                                                                                                                                                                                                                  SHA-512:5ECA544EE9D6A1A43E8A33FCD9A8AC1916120ECD209FA23DB8A9F421D6368A1F26EA6E5E7A7C60603CEFA7342F6131A8CCA55B7014C261058870ACA5CCA16C80
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Obtenha a sua prote..o Web gratuita da McAfee clicando em {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} para ativar estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Ativar extens.o",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} para se manter protegido online com estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Manter altera..es",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} que o McAfee. WebAdvisor ative estas funcionalidades de prote..o adicionais: Pesquisa segura da McAfee., bloqueador de an.ncios e bloqueador de monitorizadores.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Permitir",.. C

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2030
                                                                                                                                                                                                                                                  Entropy (8bit):5.254060167581995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cjVIb3DoC64sVmb3D1tazjVIb3DzImiLvyxvMwSO:QVi3Z2VM3enVi3v2vyfR
                                                                                                                                                                                                                                                  MD5:09128BA6C4A2812132FD41727A02E40B
                                                                                                                                                                                                                                                  SHA1:B3F8731DA4FDC9CE05D3B7CC07F4440173EDDCCC
                                                                                                                                                                                                                                                  SHA-256:C44010F0FD357E46AD0D250CD55E5735B23FBDE8D2A086C4719DE926C6C09FEF
                                                                                                                                                                                                                                                  SHA-512:4FEAA71EB155A97200B1A10379230E114E9D598DD2FB38FCDFC994356FEDCC761A4A6DC2A32C7FF003FA22F3BA171A24CB052A8241785D56849983D8A7B90B8C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "........ .......... ...-...... .. McAfee, ..... {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "........ ..........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}, ..... ............ ......... ....... .............. ......: .......... ..... McAfee., ........... ....... . ........... .........",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "........ ..........",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}, ..... .......... . ............ . ......... ......... ............. ......... .............. ....... ......: .......... ..... McAfee., ........... ....... . ........... .........",.. ADBLOCK_SEARCH_W

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1420
                                                                                                                                                                                                                                                  Entropy (8bit):5.798786258877509
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HT/iSRyjWeDvEPpRK2NF1I5DyjePD+hCf3c4kc+QF9IAAPE:P3YSeYpccF1Ic6Chm3j+o9Ivc
                                                                                                                                                                                                                                                  MD5:FACAA2C2A3350F1443A87605DA328AF0
                                                                                                                                                                                                                                                  SHA1:A6CD0F183589885006C239D045A4C89058615A2F
                                                                                                                                                                                                                                                  SHA-256:6B4E3ED3367672335686B40AD3949C38D1A3E8897EBFB2D1B78EEFD705D387F2
                                                                                                                                                                                                                                                  SHA-512:E50B018B9116249D39ABFB9D9FD51BAF15A6314796B9A5E8018FB684AA1E393A2E06E02FBD52474DEE9BA29703A5379EABFD796A7320E6994F50D70881B7D5C7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Z.skajte bezplatn. webov. ochranu od McAfee a.kliknite na mo.nos. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Zapn.. roz..renie",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} a.aktivujte funkcie zv..enej ochrany: zabezpe.en. vyh.ad.vanie McAfee., blokovanie rekl.m a.blokovanie sledova.ov.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Zapnite roz..renie",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} a.nestra.te ochranu online v.aka funkci.m zv..enej ochrany: zabezpe.en.mu vyh.ad.vaniu McAfee., blokovaniu rekl.m a.blokovaniu sledova.ov.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Ponechajte zmeny",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor a.zapnite funkcie zv..enej ochrany: zabezpe.en. vyh.ad.vanie McAfee., blokovanie rekl.m a.blokovanie sledova.ov.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Povo.te",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Zapnite r

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1338
                                                                                                                                                                                                                                                  Entropy (8bit):5.6423626000899
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HT4eGvvtCawa+dCIHrFwa+Npp1mCawa+rUoDOGnDkpJcdqQ2y:IeCvtCawa+dCIBwa+NVmCawa+rUoDOGB
                                                                                                                                                                                                                                                  MD5:ECF03F3BD3F117CCA572E4115F895708
                                                                                                                                                                                                                                                  SHA1:91DCE729E254520F77FCA79CB3E70754562E9152
                                                                                                                                                                                                                                                  SHA-256:DDD74FF9C6E80A9F283D248325D47316EA5ED2E5E00B641F35E08B0DABCE7C27
                                                                                                                                                                                                                                                  SHA-512:95A4631E5DEE63D056621C40AC2CC304317187D94DE05FEC741ABABC3FFA8ADD2A3C3EA2318B7132464C45C3E2298195AE4BCC45733CD9A098129335613C327D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "Ostvarite besplatnu veb za.titu kompanije McAfee klikom na {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.ite ekstenziju",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} da biste uklju.ili ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Omogu.ite ekstenziju",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} kako biste ostali sigurni na mre.i uz ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Zadr.ite promene na",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor da biste uklju.ili ove funkcije Dodatne za.tite: McAfee. Bezbedna pretraga, Ad Blocker i Tracker Blocker.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Dozvoli",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Omogu.ite ekstenziju",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "da zavr.it

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1361
                                                                                                                                                                                                                                                  Entropy (8bit):5.638807761088261
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HT7ecjfypbD4qpbD02gVpbDYX/P33zMc2LUF:rDOpbD4qpbD0JVpbDYX/P33zd2LUF
                                                                                                                                                                                                                                                  MD5:A7C892B18D262BC145A2DE0971AD1830
                                                                                                                                                                                                                                                  SHA1:E8A072A5D33735F35656D9D6DF28A5EADAE2A0A9
                                                                                                                                                                                                                                                  SHA-256:CC46652252D575B63859ED5BCFE4AC1F9D4639B0021DC86805500856B45D5733
                                                                                                                                                                                                                                                  SHA-512:BC0982D7B38CCAF90F779594DEE9ACF43CAF05498FEDB9737CCA7E0D47D3DAFC4EE27B90592FB577E71E585073E5A45A4A379D46209105E5015A3482B45AFAF7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "F. kostnadsfritt webbskydd fr.n McAfee genom att klicka p. {0}.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktivera till.gg",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} f.r att aktivera Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Aktivera till.gg",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} f.r att forts.tta h.lla dig s.ker online med Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "Beh.ll .ndringar",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor f.r att aktivera Ut.kat skydd-funktionerna: McAfee. S.ker s.kning, Annonsblockering och Blockering av sp.rare.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "Till.t",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "Aktivera till.gg",.. CHROME_ENABLEMENT_GUIDE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1404
                                                                                                                                                                                                                                                  Entropy (8bit):5.668672857602126
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HT3Nd7QUN3Z/UVXMJgYZ/v94oIuZ/Nc7I4dBng5cFEicvX6j:tBQUNGVcDxBc7HTFR
                                                                                                                                                                                                                                                  MD5:3285945713F8099A491E5910E9F5CDD8
                                                                                                                                                                                                                                                  SHA1:18C8E215A29E6151DE39DE2F98F352815053B1CA
                                                                                                                                                                                                                                                  SHA-256:C0544A7D705ED5D777D72383D72DE8756C1F1B022CD01AC66FA1DCCAC34A75CE
                                                                                                                                                                                                                                                  SHA-512:37B7EF1009098EF11A0B90CFC05E5361162E8515F947D87999D663AF750C420A62BC8B9377C2B37A81A1D61964C47693BC1DA5ABE0D67D13E567F0DDDADEB1D9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: "{0} .zerine t.klayarak McAfee'den .cretsiz web korumas. edinebilirsiniz.",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Uzant.y. etkinle.tir",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "A.a..daki Ek Koruma .zelliklerini a.mak i.in {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "Uzant.y. etkinle.tir",.. ADBLOCK_SEARCH_WARNING_CONTENT: "Bu Ek Koruma .zellikleri ile .evrimi.i g.vende kalmak i.in {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "De.i.iklikleri kaydet",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "A.a..daki Ek Koruma .zelliklerini a.mak i.in McAfee. WebAdvisor'. {0}: McAfee. Secure Search, Reklam Engelleyici ve .zleyici Engelleyici.",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: ".zin Ver",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "WebAdvisor kurulumun

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1303
                                                                                                                                                                                                                                                  Entropy (8bit):6.289340282266
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTjjZ8CKz+1CaxNs/CthZvG7qXdW4mUs/nbSCH:pQzaxmahZv9rm3bSY
                                                                                                                                                                                                                                                  MD5:80C4177F291119F669C2157B39E4758D
                                                                                                                                                                                                                                                  SHA1:23613E210FDE5BE4FDB87F0B2D67806056D072B7
                                                                                                                                                                                                                                                  SHA-256:3D8B6BB483F86B553CA719D38A8DB7187CBDB02D5F593A4128EEE6B4D0F3FC36
                                                                                                                                                                                                                                                  SHA-512:73166AEEF02ED6EE0317EC0746063CF05581C377DA46548F2B6A5BB9013D3F2EF8CDFB7CF7DB07293A44F8F347E2954C882BA89E161D9A2B3D1B42E12587105B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: ".. {0} .............",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "....",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0} .................. .....................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "....",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0} .................. ..............................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "....",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} .... ...................... .....................",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "......",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1249
                                                                                                                                                                                                                                                  Entropy (8bit):6.299966282396261
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HTAOzmcPZeSlGkyTDnZZeSlGCGtDcPZeSlGW17/10lQZ0S04CdugElO:dzmkCkyTDn/CCGtDkCW1aZKU
                                                                                                                                                                                                                                                  MD5:F8B54967B08380ED852C72726B751D6E
                                                                                                                                                                                                                                                  SHA1:D5161619125D555189F557F7F94433F4F6CCBE09
                                                                                                                                                                                                                                                  SHA-256:8E0EAC94E355504F9BE57467FE91ED19F76113F49C602BBE3F8AEF7228EAD877
                                                                                                                                                                                                                                                  SHA-512:91066ED2105321CA85EE03F7ADB5938D896746B48F90B0E40662FC3705F895AED12192B4C71F4385C86E60C8DB3810FF89C18F3A680AF28D02D053C0955BF6A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. ACCEPTANCE_EXTENSION_CONTENT: ".. {0} ..... McAfee Web ...",.. ACCEPTANCE_EXTENSION_CONTENT_STRONG: "......",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT: "{0}............McAfee. ....................",.. ADBLOCK_ACCEPTANCE_EXTENSION_CONTENT_STRONG: "......",.. ADBLOCK_SEARCH_WARNING_CONTENT: "{0}....................McAfee. ....................",.. ADBLOCK_SEARCH_WARNING_CONTENT_STRONG: "....",.. ADBLOCK_PERMISSION_ADDED_CONTENT: "{0} McAfee. WebAdvisor ...........McAfee. ....................",.. ADBLOCK_PERMISSION_ADDED_CONTENT_STRONG: "..",.. CHROME_ENABLEMENT_GUIDE_BUTTON: "......",.. CHROME_ENABLEMENT_GUIDE_CONTENT_1: "... WebAdvisor ...",.. CHROME_ENABLEMENT_G

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1048
                                                                                                                                                                                                                                                  Entropy (8bit):5.760018493827392
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGY406vV41eK+59CpMSqKBgvtdUeniGdZIVOEF3CR:24e+59YMdZZENs
                                                                                                                                                                                                                                                  MD5:E505B63A2F328822A3457CE03843F8DD
                                                                                                                                                                                                                                                  SHA1:A2E82758DBFEF138D8B536A71088AF52671A2C49
                                                                                                                                                                                                                                                  SHA-256:2A0E957EC208B9CE5E39E0EFAFF9880D45D2C8C64FFEE40295D1156287CE7DC0
                                                                                                                                                                                                                                                  SHA-512:D2F9049AB97F03359B9A276FEC7BEDDA3B3ECA66B4F2C8C26675BAAC66629FE65076CEFBDB9B73F118FDF360F637DC8EE185033F7148BA1DB94EAC62BFB40EBE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Zajist.te si ochranu v digit.ln.m prost.ed.",.. WAIFF_TOAST_DESC_1_COHORT_1: ".kolem n.stroje McAfee. WebAdvisor je chr.nit va.e osobn. .daje, aby se nedostaly do nespr.vn.ch rukou.",.. WAIFF_TOAST_DESC_2_COHORT_1: "A. ji. nakupujete, vyu..v.te bankovn. slu.by nebo proch.z.te web, na.e bezplatn. n.stroje v.s pom.haj. chr.nit . a kyberzlo.inci nebudou m.t .anci.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je bezplatn. n.stroj, kter. chr.n. va.e osobn. .daje, aby se nedostaly do nespr.vn.ch rukou.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Povolte n.stroj WebAdvisor a zajist.te si ochranu p.ed viry, malwarem a dal..mi hrozbami pro va.e online zabezpe.en..",.. WAIFF_BUTTON_ACCEPT: "Zajistit ochranu",.. WAIFF_BUTTON_REMIND_LATER: "P.ipomenout pozd.ji",.. WAIFF_BUTTON_DECLINE: "Ne, d.kuji"..}..//2D7CC7931A39F234558A33CAD3765970C45ECEEBFC60F421404D6FD52805E367D7FEF22B9BD2546776

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):986
                                                                                                                                                                                                                                                  Entropy (8bit):5.435709474604912
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uG92vXRwV/YIehPFXc9vLfcRwV/YIeSP/GIi7dZMVIxvvBe9WuZ:nVYC9rVYttZdBAWuZ
                                                                                                                                                                                                                                                  MD5:8DD44453A825D8504CD91FEF29030128
                                                                                                                                                                                                                                                  SHA1:16CEF0BFC6428B38C5488A03401C632DEE21E585
                                                                                                                                                                                                                                                  SHA-256:10DB66E4B9B2F8D3DE626F7BB96C01195FC1E687376000882367434350690628
                                                                                                                                                                                                                                                  SHA-512:0C93254EDBD114167FF665DEC67725CCC1E620997A3B6F8E6BA97EE38EAF72C6EA3901E7FDB0ADCFC5CD68A6E9FFA0C6B5D80A6E4801B834B89F8C921C73ED47
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Beskyt dit digitale liv",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor beskytter dine personlige oplysninger og forhindrer, at de falder i de forkerte h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Uanset om du bruger internettet til at shoppe, g. i banken eller bare surfe, holder vores gratis v.rkt.jer dig i sikkerhed og beskytter dig mod cyberkriminelle.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor er et gratis v.rkt.j, der beskytter dine personlige oplysninger og forhindrer, at de falder i de forkerte h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktiv.r WebAdvisor for at beskytte dig selv mod virus, malware og andre onlinetrusler.",.. WAIFF_BUTTON_ACCEPT: "F. beskyttelse",.. WAIFF_BUTTON_REMIND_LATER: "Sp.rg mig igen senere",.. WAIFF_BUTTON_DECLINE: "Nej tak"..}..//1532520A68DAC3FF2BEAFC834A0932CA2D053A2667AA7FC3F3FD2FD43200A638DFACB3FB2FBD41D63D9452CA737886EE9F1A89E9CCF76158CB1CC2393F59AF1D++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1026
                                                                                                                                                                                                                                                  Entropy (8bit):5.441717163928068
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uG+QvxOeGg/OA9kNlv1VOe3F0Sui7xQd/y/QVZNfmKn8vWwn:QWX9GftF0SJxMa/uNOKnRwn
                                                                                                                                                                                                                                                  MD5:B8AB88AD26362724B3AA05E44B1D8AA7
                                                                                                                                                                                                                                                  SHA1:31F8AFFB3DD03BF3B71A1C0FDFE19F5B0C53DD25
                                                                                                                                                                                                                                                  SHA-256:3BB32AFCBE6FA6DFE6C3043FDB7494B4F5431CAE2B22BD4916950310CE553098
                                                                                                                                                                                                                                                  SHA-512:EA3382B0E4634061FF6542B81F6394EDDCB0593157B7E67806FED5552474616652F9A53644A947A2592603C84D77A769E06075AC2F9B953EBFE25F2ADCA03E40
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Sch.tzen Sie Ihr digitales Leben",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor hilft Ihnen, zu verhindern, dass Ihre pers.nlichen Daten in die falschen H.nde gelangen.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Ob Sie nun im Internet einkaufen, Bankgesch.fte t.tigen oder surfen: Unsere kostenlosen Tools helfen Ihnen, sicher zu bleiben, damit Cyberkriminelle keine Chance haben.",.. WAIFF_TOAST_DESC_1_COHORT_2: "Das kostenlose Tool McAfee. WebAdvisor hilft Ihnen, zu verhindern, dass Ihre pers.nlichen Daten in die falschen H.nde gelangen.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktivieren Sie WebAdvisor, um sich vor Viren, Malware und anderen Bedrohungen Ihrer Online-Sicherheit zu sch.tzen.",.. WAIFF_BUTTON_ACCEPT: "Schutz einrichten",.. WAIFF_BUTTON_REMIND_LATER: "Sp.ter erinnern",.. WAIFF_BUTTON_DECLINE: "Nein danke"..}..//9073A30F9664CF09836F767851BB037E22FDA60D15A5634B8E39A2A3D0A6E6AD959A0A27A26F31E6697A26BA09FD6F70BD14A721

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1606
                                                                                                                                                                                                                                                  Entropy (8bit):5.12079517663386
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGwvlT6DePnEHleEnM+na8cEseDrXHrRvu1QGRXePoEHlesD3ir3rwqDijGduaX:4HEHXnjKEXDrXrgKeEHXbirDduDAnyXW
                                                                                                                                                                                                                                                  MD5:DFA837AC4D05F6CE45A354E6D5CFA8B7
                                                                                                                                                                                                                                                  SHA1:D5CE22779221CEF597991AE73B082BCD5E74A995
                                                                                                                                                                                                                                                  SHA-256:64F170EFCDD20FDC04B172A6F1B13C0700CDDB9862D5064CEABEB9732008273F
                                                                                                                                                                                                                                                  SHA-512:D7FAA1DC24D8D63EE1EBCD52773F623CF6E0E7FD41E4435E73E77EDBF5A0F43887466B23FDDCE02B4073EBA3C151668F53EAD526A161C97BC74EED2DE4B92735
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "......... ... ........ .... ...",.. WAIFF_TOAST_DESC_1_COHORT_1: ".. McAfee. WebAdvisor .... ..... .. ... ......... .... .......... ........... ... .. ...... .. ..... ......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".... ............... ......, .......... .......... . ........... ... web, .. ...... ........ ... ....... .. ... ......... .. ........... ........ ... .. .......-........... ... .. ..... ..... ........ .. ... ...........",.. WAIFF_TOAST_DESC_1_COHORT_2: ".. McAfee. WebAdvisor ..... ... ...... ........ ... ........... ... .......... ........... ... ... .. .. ...... .. ..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):915
                                                                                                                                                                                                                                                  Entropy (8bit):5.48084822062607
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uG/4Iv74Ge+uVfWMhCHJHvU0hGecZrD5i9dwdS/VF2Wp:l4guUMgHJM06ZSdsSr1p
                                                                                                                                                                                                                                                  MD5:D7C523A4330183ECDFB3ED016E957B67
                                                                                                                                                                                                                                                  SHA1:25602D1FCAC86AF4145D6ECE96C92783B5C6FC7A
                                                                                                                                                                                                                                                  SHA-256:F02BC806DF57949524FC7D48397812447814F69C0594E3F7E6A17D94F030C83B
                                                                                                                                                                                                                                                  SHA-512:E2A795A4613E5AC3273DDCAEB36C900CAE514694E9849D361484EDEE6B2D3FBA8066E068F5FE6165F6C169092784CEAD23671D2767F5FA1A4E4C3422A8C0A21A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Protect your digital life",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor works to safeguard your personal info from falling into the wrong hands.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Whether you shop, bank, or browse the web, our free tools can help keep you safe -- and cyber criminals won't stand a chance.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor is a free tool that safeguards your personal info from falling into the wrong hands.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Enable WebAdvisor to protect yourself against viruses, malware, and other threats to your online security.",.. WAIFF_BUTTON_ACCEPT: "Get protected",.. WAIFF_BUTTON_REMIND_LATER: "Remind me later",.. WAIFF_BUTTON_DECLINE: "No, thanks"..}..//1EFBD8890FBB6202F25E76BFB37BED3655C526CA13A6C39F091FF77FCDE1E74DE3D6E0E418634F157714134E83372490132403F9CAFE4ADDD0BAD0869BB246A7++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):965
                                                                                                                                                                                                                                                  Entropy (8bit):5.430144610649704
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGKvMwKimzpe4sTtkAFvZxR/mzpeWLdvRYjiOdSXkHVovcZQn/:V/RcKkxspJYbSXkCvT/
                                                                                                                                                                                                                                                  MD5:3C86994A03EFD552740F47DFF61F2632
                                                                                                                                                                                                                                                  SHA1:84C2DF7247E0D593AA125FB1BE6ACB5B2ACC7255
                                                                                                                                                                                                                                                  SHA-256:77027DF4446456D0CAC8ECF2DC179A9B52C87D8879B04845C5BF4BD25EB7314C
                                                                                                                                                                                                                                                  SHA-512:323B8CA7FF2F276313186115952B958FF46C4D4F0099E3C81D53477595DFC4798BE577FE60D00026B889C7CE6315AEF98AB640D0B4A7226AA3B438B007013CAA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja su vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor est. pensado para evitar que su informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Nuestras herramientas gratuitas pueden protegerle al navegar, realizar compras y gestiones bancarias. Los ciberdelincuentes dejar.n de ser un peligro.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor es una herramienta gratuita pensada para evitar que su informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Active WebAdvisor para mantenerse a salvo de virus, malware y otras amenazas para su seguridad en Internet.",.. WAIFF_BUTTON_ACCEPT: "Protegerme",.. WAIFF_BUTTON_REMIND_LATER: "Record.rmelo m.s tarde",.. WAIFF_BUTTON_DECLINE: "No, gracias"..}..//5CADD3F77C0E66E7E9C653CCDB6068983600027CDC981F2BF04A7CCED5F75255DAC5D9EDCFA397981228886DE827C6389075ABD3EDB8965F01DCAB9895E54148++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):938
                                                                                                                                                                                                                                                  Entropy (8bit):5.466446767836645
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGSvyUpep4n0OlvZxxzpeWLZV2iadSXkHVhZdUR1OMUn:R4nHxP9KSXkLj61ZU
                                                                                                                                                                                                                                                  MD5:E581CCEAC4CBDE3C8B591F5D9BA9CB61
                                                                                                                                                                                                                                                  SHA1:C4CE35FAFB92B301340F90BB72C30D1329DEC944
                                                                                                                                                                                                                                                  SHA-256:E72C1ADD92CFFF72470A7C7A5C93927E1A62AEB71179D1C75D10B6F773BB51E9
                                                                                                                                                                                                                                                  SHA-512:D9E539813884E88EAD2918516E0DB348EB7F842C1BAAB963DE51C7AADC0583AA04F68FAA071F8FBF06700534EB382CDD0C1ECA9B0132AA76EBDF8E0A5EDE2AF4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Protege tu vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor trabaja para evitar que su informaci.n caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Sea que compre, haga operaciones bancarias o explore la web, nuestras herramientas gratuitas ayudan a mantenerlo seguro, y a derrotar a los cibercriminales.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor es una herramienta gratuita para evitar que tu informaci.n personal caiga en malas manos.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Active WebAdvisor para protegerse contra virus, malware y otras amenazas a su seguridad en l.nea.",.. WAIFF_BUTTON_ACCEPT: "Prot.jase",.. WAIFF_BUTTON_REMIND_LATER: "Record.rmelo m.s tarde",.. WAIFF_BUTTON_DECLINE: "No, gracias"..}..//986CBE9BB839AD7FD0E82EC24863593924C4EE5FA0089D72CAFC5214B0C0143744585021A2195EF66F2D533D7E457C70505EAAC87A7947EA44848B60C4F68D78++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):992
                                                                                                                                                                                                                                                  Entropy (8bit):5.529748026711536
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGrvpj8feM9FkTJ/XvQEbJjZjeX3EliRDd8tmQVatYBN:3qF4Z59lQEmdpYP
                                                                                                                                                                                                                                                  MD5:B11BD16225904F9E4333E265D8C85A3E
                                                                                                                                                                                                                                                  SHA1:EB68585E42DC33FCCDBCB0D8C79A25A1ED675AB5
                                                                                                                                                                                                                                                  SHA-256:E3CCEC953211A2967B5F3C47259FC7F3CE647E1D5E28A385B843A4E3EF867BBB
                                                                                                                                                                                                                                                  SHA-512:233C7BE4DDAFD2817022B52ED313FF911BAF8378A7197D0DAA82CBB53E60762F0EB46295902E46C3D232105B7F371AB2BA71CEEE65E8FA2791B4520F52C6FB3D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Suojaa digitaalinen el.m.si",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor pyrkii est.m..n henkil.kohtaisten tietojesi joutumisen v..riin k.siin.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Miten tahansa viet.tkin aikaa verkossa . ostoksia tehden, pankkiasioita hoitaen tai sivustoja selaillen . pysyt turvassa maksuttomien ty.kalujemme avulla. Kyberrikollisilla ei ole mit..n saumaa.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor -ilmaisty.kalu est.. henkil.kohtaisia tietojasi joutumasta v..riin k.siin.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ota WebAdvisor k.ytt..n suojautuaksesi viruksilta, haittaohjelmilta ja muila tietoturvauhilta.",.. WAIFF_BUTTON_ACCEPT: "Hanki suojaus",.. WAIFF_BUTTON_REMIND_LATER: "Muistuta my.hemmin",.. WAIFF_BUTTON_DECLINE: "Ei kiitos"..}..//011BB8325FD03891334C8279A0470C6FE648B32EDA959849E0B181B27B45DF5922C170AF6702EC0A93C784541171E4C1BACED490D804C949C7F19324AA2F2E0A++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1082
                                                                                                                                                                                                                                                  Entropy (8bit):5.443278347494329
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGNwvlMmlPcePzFzW0AvZrONq2lPce+XRKjwihGyAdCVqRoj:SMmlxpq0YrR2lkRKRUoj
                                                                                                                                                                                                                                                  MD5:9588E1A8FD12FDCE77EA9AC50535E92E
                                                                                                                                                                                                                                                  SHA1:563F0C9C4AD63303F1027538E18318F4CE3B925A
                                                                                                                                                                                                                                                  SHA-256:D10B9731734772743B91181FC3D17D7F2A48738542292403068E524B1F52BC8B
                                                                                                                                                                                                                                                  SHA-512:00EB21616DAD4450A1BBB24CD7C04A40C06EE29BE78962C7306AB63D54CD8B1BC2A8309AFD45F8EE46911B930AA9193ED907590789D1A96417E7D35729AEF4C8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Prot.gez votre univers num.rique",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor oeuvre . s.curiser vos donn.es personnelles et les emp.cher de tomber entre mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Quand vous magasinez, effectuez des op.rations bancaires ou parcourez le web, nos outils gratuits contribuent . votre s.curit. -- et les cybercriminels n'ont aucune chance contre vous.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor est un outil gratuit qui s.curise vos donn.es personnelles et les emp.che de tomber entre mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Activez WebAdvisor pour vous prot.ger contre les virus, les logiciels malveillants et d'autres menaces pesant sur votre s.curit. en ligne.",.. WAIFF_BUTTON_ACCEPT: ".tre prot.g.",.. WAIFF_BUTTON_REMIND_LATER: "Me le rappeler plus tard",.. WAIFF_BUTTON_DECLINE: "Non, merci"..}..//0CEC8C4DAF3307B881207E579211632EA67F6D72001BE860

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1128
                                                                                                                                                                                                                                                  Entropy (8bit):5.397343027672221
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGmowvBtNhlFsceiA/6FVFzupllnF4vZrJ5NhlFsce+XvJ+wiZQdqVqDFGkp5W:eNhllA/6FVFOlOrJ5NhlNUMxFGkpQ
                                                                                                                                                                                                                                                  MD5:225BC263E2FF4DF711EBD4B608BC17C0
                                                                                                                                                                                                                                                  SHA1:2FB1AD94092F412A17B93268B51904BA47E2EA2C
                                                                                                                                                                                                                                                  SHA-256:3DF8B95C3CB6739F3A3B7587C9D221BFFD14F6F7890390A1079FC091FC63FBA8
                                                                                                                                                                                                                                                  SHA-512:590ACE282A74FEBD09613D8AE57DA9E459E10DB6DBAE52DB64B4D913A549472159F93EB112F801D53A5001D0C1BFB28D5EE07B6EFF2FFBA96DAF3A714D0451C9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Prot.gez votre vie num.rique",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor s'efforce de prot.ger vos donn.es personnelles pour les emp.cher de tomber entre de mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Que vous fassiez des achats en ligne, effectuiez des op.rations bancaires ou naviguiez sur le Web, nos outils gratuits vous aident . rester en s.curit..: les cybercriminels n'auront aucune chance d'arriver . leurs fins.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor est un outil gratuit qui prot.ge vos donn.es personnelles pour les emp.cher de tomber entre de mauvaises mains.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Activez WebAdvisor pour vous prot.ger contre les virus, logiciels malveillants et autres menaces pour votre s.curit. en ligne.",.. WAIFF_BUTTON_ACCEPT: "Obtenir une protection",.. WAIFF_BUTTON_REMIND_LATER: "Me le rappeler ult.rieurement",.. WAIFF_BUTTON_DECLINE: "Non, merci"..}..//C0

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):970
                                                                                                                                                                                                                                                  Entropy (8bit):5.5335623778383525
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGjvA5v/6FewAv/dHvav/6Fe0QhJ4Mmi6dwVmGbxFdFvO:S5vyAvlSvSG2M0hO9vO
                                                                                                                                                                                                                                                  MD5:E589CCA4574BE9C31479BB5F884426F5
                                                                                                                                                                                                                                                  SHA1:694479FCD6530106F7AB9165250FFB53EE8A847D
                                                                                                                                                                                                                                                  SHA-256:EF54BAC483A824E52C05090A5310164A99475ADCA91FA88E9D598F7A66BFFBE0
                                                                                                                                                                                                                                                  SHA-512:C2DD95276DE0E90E260B7AE0EC9FEA5C3ECAFDB96D8E00DAF7858C62F7517DF81D7EAA3ABFBB9F60335D18DE2FD69C998ABE6C24B8AAFD65056D977480EC5394
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Za.titite svoj digitalni .ivot",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor djeluje kako bi za.titio va.e osobne podatke od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Bez obzira da li kupujete, bankarite ili pregledavate web, na.i besplatni alati mogu vam osigurati sigurnost - a cyber kriminalci ne.e imate .ansu.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je besplatni online alat koji .titi va.e osobne podatke od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Omogu.ite WebAdvisor kako bi se za.titili od virusa, zlonamjernog softvera i drugih prijetnji va.oj internetskoj sigurnosti.",.. WAIFF_BUTTON_ACCEPT: "Za.titite se",.. WAIFF_BUTTON_REMIND_LATER: "Podsjeti me kasnije",.. WAIFF_BUTTON_DECLINE: "Ne, hvala"..}..//B7D9D738B85EFDD8629EBABF36A768FADF1CC54EA171C1EBECBDA4FAEB03A547E1C1A4359FDC52074496C5BD99C3F78A7F74ED451BD698363059BE0794076EDB++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1111
                                                                                                                                                                                                                                                  Entropy (8bit):5.601373452697428
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uG7bmvSr5Mycde/FsuaVvQG2Qe5MycdefYasTyrikPId7r6QVbTzV3ms:RTUju5UJ3TyVE7NzV2s
                                                                                                                                                                                                                                                  MD5:C334EA1C53721513A8175D592F74282F
                                                                                                                                                                                                                                                  SHA1:496D139F91706805D93C7B3CFCAF66AEFFCDCD98
                                                                                                                                                                                                                                                  SHA-256:806CE13BB964B56733855FDFBDD6B7D750B2678A59132609399CE2348F15562C
                                                                                                                                                                                                                                                  SHA-512:7B16FB9FDC4B9BEA6B702403FC9137D5514131C4A6CCE0AE0AE12D3E7A86A431777F1BD820A075BD96E06402FCDEE01F6169BA53CDFE3367CE3B9CCAB3FE93F6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Gondoskodjon digit.lis .let.nek v.delm.r.l",.. WAIFF_TOAST_DESC_1_COHORT_1: "A McAfee. WebAdvisor megakad.lyozza, hogy szem.lyes adatai illet.ktelenek kez.be ker.ljenek.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Ak.r v.s.rol, banki .gyeit int.zi vagy b.ng.szik online, ingyenes eszk.zeink gondoskodnak v.delm.r.l, hogy az internetes b.n.z.knek es.ly.k sem legyen.",.. WAIFF_TOAST_DESC_1_COHORT_2: "A McAfee. WebAdvisor egy ingyenes eszk.z, amely megakad.lyozza, hogy szem.lyes adatai illet.ktelenek kez.be ker.ljenek.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Enged.lyezze a WebAdvisor funkci.t, hogy biztons.gban legyen a v.rusokkal, a k.rtev. programokkal .s az egy.b vesz.lyforr.sokkal szemben, amelyek online leselkednek .nre.",.. WAIFF_BUTTON_ACCEPT: "Gondoskodjon a v.delemr.l",.. WAIFF_BUTTON_REMIND_LATER: "Eml.keztessen k.s.bb",.. WAIFF_BUTTON_DECLINE: "K.sz.n.m, nem"..}..//F8C3CE8799AF89B1814

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):978
                                                                                                                                                                                                                                                  Entropy (8bit):5.359773111268553
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGKk2vkvtdeLny8MK9GEreLYvl6lvtdeVHD/ikdCeitVt6lVH:tBQxMK7eLjYCelH
                                                                                                                                                                                                                                                  MD5:404D11F879ED6E62D18F660F4F1011C8
                                                                                                                                                                                                                                                  SHA1:C6E242DA3C3065DFE036D13672AB621C9E0A3FB3
                                                                                                                                                                                                                                                  SHA-256:C2B18461D35D0C0C0A1BB900EC807E301446400E4B8B5BA59C49A5E28CC15626
                                                                                                                                                                                                                                                  SHA-512:5690CEC6EBC4D81279BDD0DA79AA1E6685E357C850A7C3E612065DFFAAAAEA197D77BE5431D463DC5B47824A32C02977BDFF735BF139225463260C3710F59808
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteggi la tua vita digitale",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor impedisce alle tue informazioni personali di finire nelle mani sbagliate.",.. WAIFF_TOAST_DESC_2_COHORT_1: "I nostri strumenti gratuiti ti aiutano a restare protetto e tenere alla larga i criminali informatici quando fai acquisti, esegui transazioni bancarie e navighi in Internet.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . uno strumento gratuito che impedisce alle tue informazioni personali di finire nelle mani sbagliate.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Attiva WebAdvisor per proteggerti da virus, malware e altre minacce alla tua sicurezza online.",.. WAIFF_BUTTON_ACCEPT: "Proteggiti",.. WAIFF_BUTTON_REMIND_LATER: "Visualizza in seguito",.. WAIFF_BUTTON_DECLINE: "No, grazie"..}..//EAC9F80E8618CDBC45FC85134AE6F861DE735D32C594F841A6913BC2359239D28AE4C338C666E7F3FCA841B52B3DD9AA4556DC92DCEA42213C1F6218023D5030++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1220
                                                                                                                                                                                                                                                  Entropy (8bit):5.7286091836828925
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uG7QvTYRFqOqeEnckuxTvlRFqOlesuhxkOQihdPvIVb7ShxE/L8:ZQYRFqkZrRFqcuzBvPv3TSw
                                                                                                                                                                                                                                                  MD5:9A461AD6044F77B3FB4376D329C5BDC3
                                                                                                                                                                                                                                                  SHA1:856F5181B0DD3E37D75BA56508BCF4E6B94BB72D
                                                                                                                                                                                                                                                  SHA-256:CEF79F28B5A658337EF6781F138900A7780DE9611060F9F7FC9BD67C165C83D4
                                                                                                                                                                                                                                                  SHA-512:A02983E2C3CD19F0D9F016F620322EE54FE7948982F47F9449309872B68F8EFAC6538D93EA6CE7848507AFA645C0F8DC8F61A48C7E230EDDADAD263A77974DCB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: ".... ...........",.. WAIFF_TOAST_DESC_1_COHORT_1: "...... ......................................",.. WAIFF_TOAST_DESC_2_COHORT_1: "..... ............ ................................................................",.. WAIFF_TOAST_DESC_1_COHORT_2: "...... ............................................",.. WAIFF_TOAST_DESC_2_COHORT_2: "..........................................................",.. WAIFF_BUTTON_ACCEPT: ".....",.. WAIFF_BU

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):986
                                                                                                                                                                                                                                                  Entropy (8bit):6.006191144297644
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGqSv513heSk6BcSVpFrhjvG13DaJe/MhCowW/irdijVAJv4PCi/xd:0cdFvrhqD0QRPii43/xd
                                                                                                                                                                                                                                                  MD5:826BE52F97F182988B05316488896FF5
                                                                                                                                                                                                                                                  SHA1:7ECFF3C6EC7E04EFBAED0C7172193443FDBCDACD
                                                                                                                                                                                                                                                  SHA-256:39803F96BD52CFD1783B3D59651405FC5868D974CDA0769378B54E878D0E32DF
                                                                                                                                                                                                                                                  SHA-512:A7527B4679C750D4524F4AB6CC61C73D94F82EF5EE8C5EF55310EF2A4FB2217A5B79D662ACC6AAE370BD27D586EA72A6255B28712F0E89B3D3C47515B9D5C437
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "... ... ..",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. ....... .. ... .... ... ......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".., .. .. . .. . .. ..... McAfee .. ... ... ... .... ... .... ... ... . .....",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. ....... .. ... .... ... .... .. ......",.. WAIFF_TOAST_DESC_2_COHORT_2: "....... .... ...., ... . .. ... .. ...... ......",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: "... ..",.. WAIFF_BUTTON_DECLINE: ".. . ."..}..//587D3BC96BBFCC814561D97E8453CB0AA16E3850F8CA4F313F9E917704B7B7BE0D47DD925B20EFF0278E462D4371B194AE6E5C8194F2C0A1940626C13627FAB6++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):962
                                                                                                                                                                                                                                                  Entropy (8bit):5.4851247359255595
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uG9IvAh1IerDGuH9tvIzzh1IeLkGAlIi7dkVpJOs:fLd+LtkHtSJOs
                                                                                                                                                                                                                                                  MD5:6A418F95DC477538E975D5FA06B67D31
                                                                                                                                                                                                                                                  SHA1:B6669B0ED075CD62A1EDD9C144E7D1487A490E71
                                                                                                                                                                                                                                                  SHA-256:16D78592AFA39C8E51087B7DF3FE0584C4973FCA831CEE01CDB76995F44102C2
                                                                                                                                                                                                                                                  SHA-512:12100EB96D123ECF1230F2A5A3107E32E2035E7770A98B98B2A305292409F52A5DE3F1FC5D4E880FDE6F58013259309E3889C22FB570E08B19306C6D4BCDD975
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Beskytt det digitale livet ditt",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor bidrar til . forhindre at personopplysningene dine havner i gale hender.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Enten du handler, bruker nettbank eller surfer p. nettet, kan de kostnadsfrie verkt.yene v.re holde deg trygg . og nettkriminelle har ingen sjanse.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor er et kostnadsfritt verkt.y som bidrar til . forhindre at personopplysningene dine havner i gale hender.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktiver WebAdvisor for . f. beskyttelse mot virus, skadelig programvare og andre nettrusler.",.. WAIFF_BUTTON_ACCEPT: "F. beskyttelse",.. WAIFF_BUTTON_REMIND_LATER: "P.minn meg senere",.. WAIFF_BUTTON_DECLINE: "Nei takk"..}..//DB9B06E543A7D137F0775CA6C99756428AD6717442517548A6524AC1D0C9887199CB6C406B21DE58E38301D461A720E5B0B0BB1F0E7E6F9561C594B8216B5B53++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1008
                                                                                                                                                                                                                                                  Entropy (8bit):5.386460388121823
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGCbQvNQ/JHeGLwpBgvNTHUQ/JHeHgjQui8QydMiQVF4NUGaUA:wbE+JjwpMU+JeaQuHx1NU/p
                                                                                                                                                                                                                                                  MD5:E4ED67F4730ABD3EEC0E5171C84536D9
                                                                                                                                                                                                                                                  SHA1:CB2CB6D491A06306D9D764AC20791F95C3F1B66A
                                                                                                                                                                                                                                                  SHA-256:A64FFA688D3FD408B4C991392DADC2430F02C3C1D9F0031DF9121899EACF81F2
                                                                                                                                                                                                                                                  SHA-512:C8FAD5C3ED40735BD371CE9D929BFACF59018AE213395B16BE82CAC5F3E6044742F219FC18ED689DF69750253E46EEB347D4ED871FBF8E47058F3BD115AB729A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Bescherm uw digitale leven",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor beschermt u door te voorkomen dat uw persoonlijke gegevens in de verkeerde handen vallen.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Of u nu online winkelt, bankiert of surft, onze gratis tools kunnen u helpen om uw veiligheid te handhaven. Cyberciminelen maken geen schijn van kans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor is een gratis tool waarmee u kunt voorkomen dat uw persoonlijke gegevens in de verkeerde handen vallen.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Schakel WebAdvisor in om uzelf tegen virussen, malware en andere bedreigingen van uw online beveiliging te beschermen.",.. WAIFF_BUTTON_ACCEPT: "Zorg dat u beveiligd bent",.. WAIFF_BUTTON_REMIND_LATER: "Help mij herinneren",.. WAIFF_BUTTON_DECLINE: "Nee, bedankt"..}..//C5D45099576EED60AFBECB14D26E8D2C1629A279844ADD8FAEDE5747B146DB4093111E0661F9FA1703E51BD8FEBA14CFA32A3B6665D2E0463A209FC334

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1093
                                                                                                                                                                                                                                                  Entropy (8bit):5.663628249038643
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGVNFvLnLYFCeTKTv0vmNGHKZYFCeoVmPbYCjisi2d8VVNocIfLRC:PnLaKTvdckXVmPbvUO89IfLRC
                                                                                                                                                                                                                                                  MD5:FC235094E605D87760AFA4E6EC715AE7
                                                                                                                                                                                                                                                  SHA1:BC40F8B434E2DE0E9F6F2D27E14DBFB91B930585
                                                                                                                                                                                                                                                  SHA-256:82E58C663F63B5BBC24B18CED6D297756DF12FA5F0279F760BADC189E7DC6AD3
                                                                                                                                                                                                                                                  SHA-512:796863ECC0E2A8E683B91455D469DF1923084DBE3BA86765E0BEF1953F76B440350467FF6A11CFE73962AC0DFC66D16068C0E9CEB0B8F1404C8D2E36170783A0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Bezpiecze.stwo w cyfrowym .wiecie",.. WAIFF_TOAST_DESC_1_COHORT_1: "Rozszerzenie McAfee. WebAdvisor dzia.a w celu zabezpieczenia Twoich danych osobowych przed wpadni.ciem w niepowo.ane r.ce.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Nasze bezp.atne narz.dzia pomog. Ci. zabezpieczy. przy zakupach, korzystaniu z bankowo.ci lub podczas przegl.dania Internetu . cyberprzest.pcy nie maj. szans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "Rozszerzenie McAfee. WebAdvisor to bezp.atne narz.dzie chroni.ce Twoje dane osobowe przed wpadni.ciem w niepowo.ane r.ce.",.. WAIFF_TOAST_DESC_2_COHORT_2: "W..cz rozszerzenie WebAdvisor, aby chroni. si. przed wirusami, z.o.liwym oprogramowaniem i innymi zagro.eniami dla bezpiecze.stwa w Internecie.",.. WAIFF_BUTTON_ACCEPT: "Skorzystaj z ochrony",.. WAIFF_BUTTON_REMIND_LATER: "Przypomnij mi p..niej",.. WAIFF_BUTTON_DECLINE: "Nie, dzi.kuj."..}..//5E79AD27360576221417C36C122517D930CE2

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1007
                                                                                                                                                                                                                                                  Entropy (8bit):5.486847787876765
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGWvGqe4TqfWHvxYLqeo3L9iGdtHVA2uVbWua:JsTmLA3LNt+1bba
                                                                                                                                                                                                                                                  MD5:F7483FAA42194C903BEB4E79D0757822
                                                                                                                                                                                                                                                  SHA1:B2101BA0D20E7F79749E103272279897EDA1CBBE
                                                                                                                                                                                                                                                  SHA-256:FC9D8BBA5C75F318ECF6040449F40A06DEC59860B94EB855CBC7440416B030C0
                                                                                                                                                                                                                                                  SHA-512:BF4CE34990B1D75FB3260BDDE7EC7012108336DCBF1417F3C9413DA5D61B8E05D78E80184A99778D8519225FA42357669FF5FDD9A512CCB5C7F2A7F26811AAF0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja a sua vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor trabalha para impedir que suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Seja para comprar, fazer transa..es banc.rias ou navegar a Web, nossas ferramentas gratuitas podem ajud.-lo a manter-se e seguran.a -- e os criminosos cibern.ticos n.o ter.o a menor chance.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . uma ferramenta gratuita que impede que suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ative o WebAdvisor para proteg.-lo contra v.rus, malware e outras amea.as . sua seguran.a online.",.. WAIFF_BUTTON_ACCEPT: "Proteja-se",.. WAIFF_BUTTON_REMIND_LATER: "Lembrar-me mais tarde",.. WAIFF_BUTTON_DECLINE: "N.o, obrigado"..}..//05EF87C124705522A44094E03E10AD13384C7B6C2E9C009D7021E950DB1F14D10BAC436E43C26B4AAC1BBBA33D80DBA4AE4942AB3F0F65F63DFDA88F84C

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1038
                                                                                                                                                                                                                                                  Entropy (8bit):5.450247041256477
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGWvXqemtvxo8lo8Fv0YYqeorp9i7d0HVn1WN45:munlVYArpm0/WN45
                                                                                                                                                                                                                                                  MD5:B40D10BBE04592B1EAFEA00BC24F677F
                                                                                                                                                                                                                                                  SHA1:0389D3CA31A8387AB9A307B5914D7936A32A858A
                                                                                                                                                                                                                                                  SHA-256:4788FD904E4EFF99BC2232F7ED0306B99AB52078F6006FB2E4CF24750BA509AD
                                                                                                                                                                                                                                                  SHA-512:86B5B5255A0448C1362DF890BF4F21C29702AA2C976C868542F8B42DA2FA37D091AFDB357575D5048212ACEFF3DA73BF3F78DDD51918F6E3D117EAD19BB02D3E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Proteja a sua vida digital",.. WAIFF_TOAST_DESC_1_COHORT_1: "O McAfee. WebAdvisor trabalha para impedir que as suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Caso fa.a compras, realize opera..es banc.rias ou navegue na Web, as nossas ferramentas gratuitas podem ajud.-lo a manter-se em seguran.a, e os cibercriminosos n.o v.o ter qualquer hip.tese.",.. WAIFF_TOAST_DESC_1_COHORT_2: "O McAfee. WebAdvisor . uma ferramenta gratuita que trabalha para impedir que as suas informa..es pessoais caiam nas m.os erradas.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Ative o WebAdvisor para se proteger contra v.rus, malware, e outras amea.as . sua seguran.a online.",.. WAIFF_BUTTON_ACCEPT: "Obter prote..o",.. WAIFF_BUTTON_REMIND_LATER: "Lembrar mais tarde",.. WAIFF_BUTTON_DECLINE: "N.o, obrigado"..}..//FDED51B6B9F9B5E6200E35ED5D2B59F11193BB163D1928B19013A1D4F42BB69F3997029516A8D18E0A2EE7ABB7C9

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1396
                                                                                                                                                                                                                                                  Entropy (8bit):5.236803505318647
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGgmLHv4r6HeS0WPHH7XQfOc5TwvFovr6HeyHiM7avIixQd3ImlV4JBjc6hTSF2:amMm7Uh2zaq43jLSF2
                                                                                                                                                                                                                                                  MD5:848AEE666CB1351F3980A29D3AF7A1D4
                                                                                                                                                                                                                                                  SHA1:0D3838743B9C4EFF15F4305960B94D427D380FDE
                                                                                                                                                                                                                                                  SHA-256:49AD1FAB3C4EDD993D85BA4E3D0FFE5A7F155CAB64FB0A838723F2A03E856EF3
                                                                                                                                                                                                                                                  SHA-512:787F4FD5D021C06B72446B38EC29B0F300D22677B108255A9DE066D1BB8888978D0C97253EF6853E04D2AE9E108FC11F41F29EBBDF6A7B8069B1E127A45B810A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........ .... ........ ...",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor ............ .................. ..... ...... .......",.. WAIFF_TOAST_DESC_2_COHORT_1: ".......... .. ...., .......... .. .. ......., .......... ........ ... .............. ...-........, .... .......... ........... ....... .......... .... ...... .. ..... . ..................",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor . .......... .........., .............. .................. ..... ...... .......",.. WAIFF_TOAST_DESC_2_COHORT_2: "........ WebAdvisor, ..... ........ .... .. ......., ........... .....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):954
                                                                                                                                                                                                                                                  Entropy (8bit):5.789596697093949
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGqvUTke2+u4Z2M2vtd2keuEAvECuiFdCVtxdvGi5:s2OvpQdvGi5
                                                                                                                                                                                                                                                  MD5:4C44491023BCACE71B5B5670F01A82A7
                                                                                                                                                                                                                                                  SHA1:BC9972C3BDBF6899B18FB4ECF0C1E3CE9400624A
                                                                                                                                                                                                                                                  SHA-256:C2C62F53C1E694275AA783F1F88C4D92124ACE06371767F675F1D59DE1AD04CA
                                                                                                                                                                                                                                                  SHA-512:014D4E1053D6DF17CABDE226FF95BEF3697022F0B0309A664E6AD1571FF16AD39674D5B7C1B2C1B8CE75A2478887842AEF6B0A4001667FB7295A6EB6FAAD42FF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Chr..te svoj digit.lny svet",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor v.m pom..e ochr.ni. osobn. .daje pred ne.iaducimi osobami.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Na.e bezplatn. funkcie v.s ochr.nia pri nakupovan. online, elektronickom bankovn.ctve alebo prehliadan. webu a.nedaj. .ancu kyberzlo.incom.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je bezplatn. n.stroj, ktor. ochr.ni osobn. .daje pred ne.iaducimi osobami.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Zapnite WebAdvisor a.ochr..te sa pred v.rusmi, malv.rom a.in.mi hrozbami, ktor. na v.s ..haj. online.",.. WAIFF_BUTTON_ACCEPT: "Z.ska. ochranu",.. WAIFF_BUTTON_REMIND_LATER: "Pripomen.. nesk.r",.. WAIFF_BUTTON_DECLINE: "Nie, .akujem"..}..//8A1B5EE10C8E25E733EAE75F94326C9EBD06FD2B2389C9F90E47F60863FA165375EF6841B40C92DF512BB6A46DF74CC134266F4854A6411B030135D935C6CBDA++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):962
                                                                                                                                                                                                                                                  Entropy (8bit):5.575857341922756
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGjvY4FembeVgtvKSFe0WLmLTlwFi1dAVOtrK4Di:mlQJnlH7vDi
                                                                                                                                                                                                                                                  MD5:3DCE958EEE4B291C1374E4CE48C8CFC0
                                                                                                                                                                                                                                                  SHA1:6F35CEB254B50FD23119E250FBF5DB8BC6D29DE5
                                                                                                                                                                                                                                                  SHA-256:72A5A13B2FF562300BD16973D4F7568141EFA434C913A170659C34D8DC0771A3
                                                                                                                                                                                                                                                  SHA-512:90E3375E253E34698466C1FEB79DDCD8F2DB8F23F44ACF75F6800A9ECE441CCE0FA54850D51503DA673AF148B4997FFC1EC53B3C56E1BE873B29BC978475977F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Za.titite svoj digitalni .ivot",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor radi na .uvanju va.ih li.nih informacija od padanja u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Bez obzira da li kupujete, koristite bankarske usluge ili pretra.ujete veb, na.i besplatni alati mogu sa.uvati va.u bezbednost-- a sajber kriminalci ne.e imati .anse.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor je besplatan alat koji .uva va.e li.ne informacije od pada u pogre.ne ruke.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Omogu.ite da vas WebAdvisor za.titi od virusa, malvera i drugih pretnji po va.u bezbednost na mre.i.",.. WAIFF_BUTTON_ACCEPT: "Za.titi me",.. WAIFF_BUTTON_REMIND_LATER: "Podseti me kasnije",.. WAIFF_BUTTON_DECLINE: "Ne, hvala"..}..//6DFEACC2836F5543D2955E6A9A48708DCAA122531C0857F611AD5F38A9149EA8E949381DD2CCB4B54C8FA540FE331E657EC77F617F084D9215FCAC3A8288F922++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1002
                                                                                                                                                                                                                                                  Entropy (8bit):5.520357138204716
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGKlvc49IeIuZR6/Otvo6WT8E9IehgNMxi72dUVIE40TMCO:Y9au+2M8E9nqMSOk40Tu
                                                                                                                                                                                                                                                  MD5:53291E841F78133612D2CEED35493ED5
                                                                                                                                                                                                                                                  SHA1:FCB7CC3152F472EAD955E6F97A3E77B671F29FE7
                                                                                                                                                                                                                                                  SHA-256:91C7B0C5EFDB5F40020B33EE626DA0850037CA3FD2617C6C6E4B3379E764DB6B
                                                                                                                                                                                                                                                  SHA-512:EC705FD1EC2CED44D3DFF507A31FB2A9C68B0A898A89436A16D07E1DAAA1E646A5176826B2A0A8D3DD099D9EB0F507B3E3EB31D6E3B2E89329FB3A08461B3DC8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Skydda ditt digitala liv",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor jobbar f.r att f.rhindra att din personliga information hamnar i fel h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_1: "Oavsett om du shoppar, utr.ttar bank.renden eller surfar p. internet kan v.ra kostnadsfria verktyg hj.lpa till att h.lla dig s.ker -- och n.tbrottslingarna kommer inte ha en chans.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor .r ett kostnadsfritt verktyg som hindrar att din personliga information hamnar i fel h.nder.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Aktivera WebAdvisor f.r att skydda dig mot virus, skadlig programvara och andra hot mot din s.kerhet p. internet.",.. WAIFF_BUTTON_ACCEPT: "Skydda dig",.. WAIFF_BUTTON_REMIND_LATER: "P.minn mig senare",.. WAIFF_BUTTON_DECLINE: "Nej tack"..}..//C5DD8703598B1C9479B775D8F6F05687A39282CD92FB6A023340F583B775703103F997B78EE840C68B0AC8E9E096424BAAF8638993526AE0DF63021E560A88CA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1061
                                                                                                                                                                                                                                                  Entropy (8bit):5.631821293910584
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGS2QvNaIeIse0jz0CtBsvzCOvje4DFkNHiNQd1NHVcdVQDV:PaahjzHtWbnZMH2QR
                                                                                                                                                                                                                                                  MD5:AB0BCF641E9CB622F5D3741D36A5F4E4
                                                                                                                                                                                                                                                  SHA1:72E37992E0C57E0AD44E0D03472D134898C10139
                                                                                                                                                                                                                                                  SHA-256:C2BF08768A67C13DDB703BE667E1A4BFFA71B724D1E7A4E70BF7E09135B0AADB
                                                                                                                                                                                                                                                  SHA-512:2EE897FF17F8CD91E4D47AB275CD00F8FF36921E6E70E67EB67C2D57ECA329C8996E059EF0D4798F77A4E4011A53C9AED97279E9788D7BDEFAA229FEE2CC1BEC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "Dijital ya.am.n.z. koruyun",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor ki.isel bilgilerinizin yanl.. ki.ilerin eline d..mesini engeller.",.. WAIFF_TOAST_DESC_2_COHORT_1: ".ster al..veri. yap.n, ister banka i.lemi ger.ekle.tirin, ister web'de gezinin, .cretsiz ara.lar.m.z g.vende olman.za yard.mc. olur; siber su.lular.n hi.bir .ans. kalmaz.",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor, ki.isel bilgilerinizin yanl.. ellere ge.mesini .nleyen .cretsiz bir ara.t.r.",.. WAIFF_TOAST_DESC_2_COHORT_2: "Kendinizi vir.slere, k.t. ama.l. yaz.l.mlara ve .evrimi.i g.venli.inize y.nelik di.er tehditlere kar.. korumak i.in WebAdvisor'. etkinle.tirin.",.. WAIFF_BUTTON_ACCEPT: "Kendinizi koruyun",.. WAIFF_BUTTON_REMIND_LATER: "Daha sonra hat.rlat",.. WAIFF_BUTTON_DECLINE: "Hay.r, te.ekk.rler"..}..//4733763885A4F0CBE71F154E1732926C5B3F517B835BE9F1FFED7C084CC221CD03B64

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):917
                                                                                                                                                                                                                                                  Entropy (8bit):6.338078767595641
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGFvQsaInleBd82wvxsnInlehoyliIodS8Vqwr7KFTiX:RaI4i2ZnI9b77X
                                                                                                                                                                                                                                                  MD5:E31EA455A252A16AE63F571F2558F351
                                                                                                                                                                                                                                                  SHA1:85A4C98F9EE863BD0693BF4F8DAF3DE9754232A6
                                                                                                                                                                                                                                                  SHA-256:F6B8C644C71CDEFB6036915531C3D328E73F0A149980C7862005B61B55329315
                                                                                                                                                                                                                                                  SHA-512:A38C87841714CC7AE187982563FCDA2E20EDB8D1158E3E49E6DBDF82EEDD0E2386C778D8A0C3E9C7E32EE419F6164BF4B530BFA4C75A0AC16112E39BA01F8B15
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........",.. WAIFF_TOAST_DESC_1_COHORT_1: ".... ...................",.. WAIFF_TOAST_DESC_2_COHORT_1: "........................................................",.. WAIFF_TOAST_DESC_1_COHORT_2: ".... ............................",.. WAIFF_TOAST_DESC_2_COHORT_2: "................................",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: ".....",.. WAIFF_BUTTON_DECLINE: "...."..}..//08C118F48DCB5DD454C97A1A4508971B7DCFF3A730E987EB761E4D2B0CFF573C8B2488DF2CD9622F41BDAAE55C8B681BAF049B42077D685BB3AA3920153EA4F0++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ext-install-toast-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):915
                                                                                                                                                                                                                                                  Entropy (8bit):6.381419326448278
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7uGYvJeiCCpqKvZeedNsyinkdSgVq4YNj1IL:GJRNxJL
                                                                                                                                                                                                                                                  MD5:068397E779297050800B9E8653111EAA
                                                                                                                                                                                                                                                  SHA1:ECFDC61B0C92DEE9A9432FEE1CCBC4427D99E1EA
                                                                                                                                                                                                                                                  SHA-256:9EBDDD6060785D2F9272D288B3B92FCDF97C83F55BE7F6070D9EB037CE223EF3
                                                                                                                                                                                                                                                  SHA-512:EF531CC79F85AA9801EFF83D4E67658B45DCDCE3BE94DD6BBCF276EF5045353D82FAD0183ECD19A9E7A2384B0FF69AE53E37623EB5F2945DA78ACD107696F92E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrExtensionInstall_ = {.. WAIFF_TOAST_TITLE: "........",.. WAIFF_TOAST_DESC_1_COHORT_1: "McAfee. WebAdvisor .....................",.. WAIFF_TOAST_DESC_2_COHORT_1: "...............................................",.. WAIFF_TOAST_DESC_1_COHORT_2: "McAfee. WebAdvisor ..........................",.. WAIFF_TOAST_DESC_2_COHORT_2: ".. WebAdvisor ...........................",.. WAIFF_BUTTON_ACCEPT: "....",.. WAIFF_BUTTON_REMIND_LATER: ".....",.. WAIFF_BUTTON_DECLINE: "......"..}..//44005B08579073257891516EF9EBDA28F27E9BB3644446D2278395347CEF382BE2D68259C9C47D7D7DE5BFDBC55C4E42BCEB91C5ECE4F45970626C57B3F613BD++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4962
                                                                                                                                                                                                                                                  Entropy (8bit):5.646884833588854
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Ht5PSpPUGEAopoM4odOR9EPH1h1bTzUXToCnqIK92n4laxOQDgu+:rqpcGEAQ54ROdhlTCTXqIKM4lansu+
                                                                                                                                                                                                                                                  MD5:4E27D3782D712E0D08FEC2F9775ADA9D
                                                                                                                                                                                                                                                  SHA1:AE9D9012D8021A1D0D2D42C8C31C5F3E6D367BB1
                                                                                                                                                                                                                                                  SHA-256:628FDB0502503B8AA055E24C2D156FED737ACD8F48F3B5E1CD9DB9DC6FB7C233
                                                                                                                                                                                                                                                  SHA-512:F70122D10100CAB9B549F3FC573356845AB9EC2DEBD209088CB70780BBE88DA7A8670E1DA540087AE03997500A484B254C8C5443A41C48A748DF0D9927725EBE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dokon.ete svoji ochranu na internetu . ZDARMA!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Jen tak d.l!",.. OEM_TOAST_VARIANT_INFO: "M..ete se na internetu c.tit mnohem bezpe.n.ji. P.idejte zabezpe.en. vyhled.v.n., abyste dokon.ili ochranu p.i proch.zen. internetu McAfee a zv..ili sv. bezpe.. na internetu.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Aktivov.n.m zabezpe.en. vyhled.v.n. jste dokon.ili nastaven. ochrany p.i proch.zen. internetu McAfee.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Zku.ebn. verze antivirov. ochrany McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrana internetov.ho prohl..e.e",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrana prohl..e.e je va.e linie obrany proti nebezpe.n.m webov.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4454
                                                                                                                                                                                                                                                  Entropy (8bit):5.394761777553124
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Hud7h5xpL1yuPQacJspPbkwriNTSwcvEFyFQFgvQ:M7hTpByuodJspPbrriNmwcvkZFg4
                                                                                                                                                                                                                                                  MD5:A659B76FE11F00CB564DE596F0123016
                                                                                                                                                                                                                                                  SHA1:C70CA0AF3D7DBAE353635B8BA1D386D31397B828
                                                                                                                                                                                                                                                  SHA-256:0A13969EEDBD963E86564D087DFF16C7ED3FE55872F1CB0468AFEAE0D85C2848
                                                                                                                                                                                                                                                  SHA-512:9BE6B449A761B1919C2EF07EFE7117C242F1260DDC5DE535F814F1BAD7FAAADBDD4C4950ABD46FB574429A8CC267E3B654694A54F2C7E4CC57AF51701DD37E6E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "G.r konfigurationen af din onlinebeskyttelse f.rdig . GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "S.dan!",.. OEM_TOAST_VARIANT_INFO: "Du kan have en endnu bedre beskyttelse online. Tilf.j s.gebeskyttelse for at g.re konfigurationen af McAfee Web Protection f.rdig og forbedre din sikkerhed online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du har afsluttet oprettelsen af din McAfee Web Protection ved at aktivere s.gebeskyttelse.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Pr.veversion af McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online browserbeskyttelse",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Browserbeskyttelse er din f.rste forsvarslinje mod usikre websteder, links, downloads, malware og meget mere.",.. OEM_TOAST_VARIA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4525
                                                                                                                                                                                                                                                  Entropy (8bit):5.357913243879113
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Hu7HbtZh8r8XUawmvah/R70a0+PNIk02+qjdLcSpQk86B:yHbF8rbme/RRpOk02+QtcSuk86
                                                                                                                                                                                                                                                  MD5:1784B37BB34D9318CF61BB12542473BB
                                                                                                                                                                                                                                                  SHA1:8A419D0B5CD92F8EA7A6DD501833EB932533FD28
                                                                                                                                                                                                                                                  SHA-256:B13B2FDF8304A8FFE6FA74AFDFA066B1B7191E9D6C0A4B51CB24299032EFEB4E
                                                                                                                                                                                                                                                  SHA-512:8D0CA8C3B407937505DF6F7E374AB1C8CB375D750F7920A9968B22625E504D7465D34618CE864FCD34D9627F13D610CD3E6A2397578FCF82F4641110D7A2FD1C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Komplettieren Sie Ihren Online-Schutz . KOSTENLOS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Sie nutzen nicht alle Funktionen!",.. OEM_TOAST_VARIANT_INFO: "Ihr Online-Leben k.nnte noch viel sicherer sein. F.gen Sie Online-Suchschutz hinzu, um den McAfee-Webschutz zu vervollst.ndigen und Ihre Sicherheit im Internet zu erh.hen.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Sie haben den Suchschutz aktiviert . der McAfee-Webschutz ist jetzt vollst.ndig eingerichtet.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee-Testversion",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Browserschutz",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Der Browserschutz ist Ihre erste Abwehrreihe gegen unsichere Websites, Links, Downloads, Malware und mehr.",.. OEM_TOAST_VARIANT_F

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6944
                                                                                                                                                                                                                                                  Entropy (8bit):5.098772797667829
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HwrU5F9ob1w9r4vQZEiH/MkCyf9Wxi8+cw2tV9fnozQRfQ7oRvt:QrU5FixMrp/MksxbhtV91I7oRvt
                                                                                                                                                                                                                                                  MD5:38A0E4A175309DB73A17985840ECB41E
                                                                                                                                                                                                                                                  SHA1:0EC458BDBED8B956044710CDE092D5104B8BCBC9
                                                                                                                                                                                                                                                  SHA-256:492BBCB89A9DCF4D33E173632CC93FD85CAD46542F9C4136E11531089870A1D9
                                                                                                                                                                                                                                                  SHA-512:531BD90BE6AC65954F34FA5E199F39C1DDF171BD5D5279CA7CAAFD3786B5590EC063BAF8C06928E83DA835DF12C640C79BBA57669BFFDC35A0FA38F374D197BC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "........... ... ........... ... ......... . ......!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......!",.. OEM_TOAST_VARIANT_INFO: ".... ........ .. ..... ... ........ ... .......... ......... ... ......... .......... ... .. ............ .. ........... ... ......... McAfee ... .. .......... .. ........... ... .........",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "............ .. ....... ... ............ ... .......... McAfee .............. ... ......... ...........",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "...... McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABL

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4727
                                                                                                                                                                                                                                                  Entropy (8bit):5.36476564696804
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HVm7IJTUE/c0dnhD6HaTKz+cfItWHMtDJHRLWyk7mEQheM0FP:IYUcno6mpbONH5Wt7mPheMCP
                                                                                                                                                                                                                                                  MD5:D93BD044D71235CD5B1D2126B1A5FD68
                                                                                                                                                                                                                                                  SHA1:239D7C744E60871D825505B9B559527741BB65BC
                                                                                                                                                                                                                                                  SHA-256:635CC2808EAA48CC3D6FBBD71135858542DDC257B48DD4A4EE99BFAF44FEEA91
                                                                                                                                                                                                                                                  SHA-512:DBE1474B9733D6EB0BD54E0A3E6A7D0C81B8B4C8C81B1EC22B67E23D508EDC525EB47C5063B3DC8B9F6A6ECE87D18603EB4EDF32DFB02D991767BE4A0B6AF25B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Refuerce su protecci.n online GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".Muy bien!",.. OEM_TOAST_VARIANT_INFO: "Puede navegar con mucha m.s seguridad. A.ada una capa de protecci.n a sus b.squedas en Internet con McAfee Web Protection.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Ha terminado de configurar McAfee Web Protection con la protecci.n para las b.squedas.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Versi.n de prueba del antivirus de McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protecci.n para navegar por Internet",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protecci.n del navegador es su primera l.nea de defensa frente a sitios web, v.nculos y archivos de descarga poco seguros, adem.s del malware y otras amenazas.",.. OEM_T

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4645
                                                                                                                                                                                                                                                  Entropy (8bit):5.372840787353813
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:H+uLpSRLUr0y8YDhD5MkLb6kyoRV41uRyrF4QVP2q:euLiQgu4kLbLyqMuRAFjVPX
                                                                                                                                                                                                                                                  MD5:A394E17B5CA626ABAAA6467077B3E5DF
                                                                                                                                                                                                                                                  SHA1:DAB7412F54533E5345D0458468DA19FC6E5BD101
                                                                                                                                                                                                                                                  SHA-256:340F71C8D0C4CE43CB6194F1387968363696FB6F3CB57643993CAF498FFFB578
                                                                                                                                                                                                                                                  SHA-512:FB9EA9016FD929604412B7C3059900A378A7C7CF274F997825466963C1E148E09C78AAFDF728BC191891A3CA7E85809EA003E7E9B04E7DB6E03B95C3FC7BAC79
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Completa tu protecci.n en l.nea. .GRATIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".Fant.stico!",.. OEM_TOAST_VARIANT_INFO: "Puedes estar mucho m.s seguro en l.nea. Agrega la protecci.n de b.squedas para completar McAfee Web Protection y mejorar tu seguridad en l.nea.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Has completado la configuraci.n de tu McAfee Web Protection activando la protecci.n de b.squedas.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Prueba de McAfee AntiVirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protecci.n del navegador en l.nea",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protecci.n del navegador es tu primera l.nea de defensa contra el malware, los sitios web, las descargas y los v.nculos inseguros, y mucho m.s

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4369
                                                                                                                                                                                                                                                  Entropy (8bit):5.382012747965098
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HCY1buqqISrqXmaENWWAyROr+DTVgjifdQhdM:i2bURGOAlyROrWgjCCha
                                                                                                                                                                                                                                                  MD5:67318590DD6DCF9C9FDEB28CBD2B08B3
                                                                                                                                                                                                                                                  SHA1:D60B883105C993EED5C3BB48C043BB89B67F6277
                                                                                                                                                                                                                                                  SHA-256:3BE92620EAC468E3550D908D89514979A3EC0F37260DD771DC5922A90D0391A0
                                                                                                                                                                                                                                                  SHA-512:1DF0CEE261A720F7DFA11A4736301404C4DFAC1952E135766475E4E7DB886B2EFA3EBDF32D2EFDC5DF9360BA7DE6AAE3FB2506CBD05646CAE5C73A2FDB1BC2FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "T.ydenn. verkkosuojauksesi . MAKSUTTA!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Hienoa!",.. OEM_TOAST_VARIANT_INFO: "El.m. verkossa voi olla turvallisempaa. T.ydenn. McAfeen verkkosuojaus hakujen suojauksella ja paranna turvallisuuttasi verkossa.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Viimeistelit McAfeen verkkosuojauksen ottamalla hakujen suojauksen k.ytt..n.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus -kokeiluversio",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Selaimen suojaus verkossa",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Selaimen suojaus on ensimm.inen puolustuslinjasi muun muassa vaarallisia verkkosivustoja, linkkej., latauksia ja haittaohjelmia vastaan.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "Hakujen suojau

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5002
                                                                                                                                                                                                                                                  Entropy (8bit):5.3618244169536
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HZzGKZjPEluOR2wzvjc8/MWaAE+XZKn3mTvARBdphbmbQQQJA3jqtQjQ7cjUgLn:lVEzx/Zk3uvAdfdJo1jzTn
                                                                                                                                                                                                                                                  MD5:6A3D4851DB8F6174B5B39B11ADD93574
                                                                                                                                                                                                                                                  SHA1:700B972FA021989DE003E925683A5F80D5ED495D
                                                                                                                                                                                                                                                  SHA-256:88DB68AB507E55379EEEA8411B174C649E878BED65D021F355BC6CCD76270FED
                                                                                                                                                                                                                                                  SHA-512:49E4F91CDFE623BA29D6FAD87188F5015A0E885DAA6E9B7502DD29B3D37F5A9D3944A83AF4988249375405DCF107D5C27B2C5C55AC911D084ED82BC1D6313B4A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Compl.tez votre protection en ligne - GRATUIT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Quelle bonne d.cision!",.. OEM_TOAST_VARIANT_INFO: "Vous pourriez .tre beaucoup mieux s.curis. en ligne. Ajoutez la recherche s.curis.e pour compl.ter la protection Web McAfee et pour renforcer votre s.curit. en ligne.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Vous avez compl.t. la configuration de votre protection Web McAfee en activant la recherche s.curis.e.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: ".valuation gratuite de l.antivirus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protection du navigateur en ligne",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protection du navigateur est votre premi.re ligne de d.fense contre les sites Web, lie

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4951
                                                                                                                                                                                                                                                  Entropy (8bit):5.368494552125785
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:H1dQtHATWE0/hUcGNyFmjjc8md8QPSsnRxKGF7juyNmYSff9j5rQgFSS:VKtrE0pIUL6sR727FBygFSS
                                                                                                                                                                                                                                                  MD5:056063BDD96CE5802216A7249606D273
                                                                                                                                                                                                                                                  SHA1:6C34DA5D6E8EE775472DD0740249DDF612C01264
                                                                                                                                                                                                                                                  SHA-256:0B1C31A69CD1D5C9EF04D5DB7460B63F5109A6CEAD5D94659B19D8887188A11F
                                                                                                                                                                                                                                                  SHA-512:CBE2BF3AF47CC40F441A9FC2B41756A37DA6C2D658F1D2FE8B29E3B56631B1B8BB038DDFA119AB7BB4F796FCC7A731469790378D8059B1015124361F8D685B1D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Terminez la configuration de votre protection en ligne . GRATUITEMENT.!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Bravo.!",.. OEM_TOAST_VARIANT_INFO: "Vous pouvez .tre beaucoup mieux prot.g. en ligne. Ajoutez la protection des recherches pour compl.ter votre protection web McAfee et renforcer votre s.curit. en ligne.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Vous avez termin. la configuration de votre protection web McAfee en activant la protection des recherches.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: ".valuation de l'antivirus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protection du navigateur en ligne",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protection du navigateur constitue votre premi.re ligne de d.fense contre les sites

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4651
                                                                                                                                                                                                                                                  Entropy (8bit):5.4634190327462555
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HCsNsKVqer5TZNOZG9OBhwMsvA0+Ovho6rQYBoF:zNsiqsZ4cM6A0+Ove60YiF
                                                                                                                                                                                                                                                  MD5:8780E1A0A4EC2CF2FC79819AC33B409E
                                                                                                                                                                                                                                                  SHA1:19CA2AC32060FB749041CECC15CD28458E7FD07A
                                                                                                                                                                                                                                                  SHA-256:388719F06F56B3B99ACF659127F76A968EF22F46DA3F4BCA540C613BCAF12AD8
                                                                                                                                                                                                                                                  SHA-512:FA9F7697ACF3B815760152349DDC1B01D0AC1F10AB19B91E6411486E0A0E2AF3B1A310FD260286CC8B57D927824AAE6876D3D6FFBE4CE728DEAB8A7CB69B5F22
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dovr.ite svoju online za.titu . BESPLATNO!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Tako treba!",.. OEM_TOAST_VARIANT_INFO: "Na mre.i mo.ete biti puno sigurniji. Dodajte za.titu pri pretra.ivanju kako biste dovr.ili McAfee Web Protection i pobolj.ali svoju sigurnost na mre.i.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Dovr.ili ste postavljanje svoje McAfee Web Protection omogu.avanjem za.tite pri pretra.ivanju.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Probna verzija McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Za.tita preglednika na mre.i",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Za.tita preglednika va.a je prva linija obrane od nesigurnih web-mjesta, poveznica, preuzimanja, zlonamjernog softvera i jo. mnogo toga.",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4620
                                                                                                                                                                                                                                                  Entropy (8bit):5.543617473209933
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HfqjRDpi/v3XWyYNDX5XcmPcnrW2S6CatskM0QlH7ct:/q7gGFDX5dorWKskCF7q
                                                                                                                                                                                                                                                  MD5:8C673408D8CA2ECC2C413D6E1DBBCD92
                                                                                                                                                                                                                                                  SHA1:3CA8B4AFF0D8B913A6B4DF15801BAC1CBB8810F9
                                                                                                                                                                                                                                                  SHA-256:18BCD1DB9FD5A0D472EE8126A777EB88888BADE3C309FD50865D3BFCA229ABA4
                                                                                                                                                                                                                                                  SHA-512:814B71BE326D93E7402ABF685AAF6D5CA8A6DC954934FE40AE6F3C4A923620C6456667B281FD61E5EED9347E1092563D2778B7DD43D7D85586CF5DCAD1DBD544
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Eg.sz.tse ki online v.delm.t . INGYEN!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Nagyszer.!",.. OEM_TOAST_VARIANT_INFO: "M.g nagyobb biztons.gban lehet online. Enged.lyezze a v.dett keres.st, hogy teljess. tegye a McAfee webes v.delmet, .s n.velje online biztons.g.t.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "A v.dett keres.s bekapcsol.s.val befejezte a McAfee webes v.delm.nek be.ll.t.s.t.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee v.rusirt. pr.baverzi.ja",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online b.ng.sz.v.delem",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "B.ng.sz.je v.delme a frontvonal a nem biztons.gos weboldalak, hivatkoz.sok, let.lt.sek, k.rt.kony programok stb. elleni biztons.g ter.n.",.. O

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4608
                                                                                                                                                                                                                                                  Entropy (8bit):5.24552695607158
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HQj/oecik1Rs8CwrTww7Jr6QdIBOG1XY4RO2YC+qQAjx2:4/obl1VnUw7Jr6QdIh1XY4RO2YC+pCw
                                                                                                                                                                                                                                                  MD5:5868296FE9E4C2686EBA44ACC7736D37
                                                                                                                                                                                                                                                  SHA1:083037480237422BA7042B443B9B8EDCDC91E1AE
                                                                                                                                                                                                                                                  SHA-256:612726B0CBFF2FC22923ED4AF818328F1322679C2680B7D7278AE77FEB4F5344
                                                                                                                                                                                                                                                  SHA-512:0E1830C3AEE62177D48C70998E25AADA0F9DF3EFABB93351336C0894FE9FF91117FF1D6A46C1E299C75B8AB8A2F2F8A4D1E880592E7E36E79FAE9718338276BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Completa la tua protezione online - GRATIS",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Ottimo!",.. OEM_TOAST_VARIANT_INFO: "Puoi migliorare notevolmente la protezione online. Aggiungi la protezione delle ricerche per integrare McAfee Web Protection e migliorare la tua sicurezza online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Hai completato la configurazione di McAfee Web Protection attivando la protezione delle ricerche.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Prova di McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Protezione online del browser",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "La protezione del browser . la prima linea di difesa da siti Web, collegamenti e download non protetti e dal malware.",.. OEM_TOAST_VARIANT_FEATURES_DISAB

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5215
                                                                                                                                                                                                                                                  Entropy (8bit):5.859003972604919
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HaYG+SPT4mep9K9B95H1bccLyf/9f71bYwNKiVEVH9skXbrbQCQ6L2nKQKUGC:q+SPT4mnh5d/KVYwNZiZ9RrOJ6C
                                                                                                                                                                                                                                                  MD5:A541AF3628C6487A87229D6ED38970FE
                                                                                                                                                                                                                                                  SHA1:259D22A54D1694ACEE13888FF0982BA325E142A7
                                                                                                                                                                                                                                                  SHA-256:2C5CB26A55EA781490D1FECE3F78535711BA884B4E899DA5B3F7C731890BE86C
                                                                                                                                                                                                                                                  SHA-512:0D7056DE6AD94E30ADE7EFC671C54EE5A81E4910A6B7922A71423A8260624EE2BFC3F6FCBC00E83A84439389BD6C5CC6B874D6CB060443C21D84B426DE03C6E5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "................. - .....",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".......",.. OEM_TOAST_VARIANT_INFO: "............................... McAfee Web Protection ..........................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".............McAfee Web Protection ...............",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "..... .............",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".........",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4770
                                                                                                                                                                                                                                                  Entropy (8bit):5.834460120265474
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HNby+JvldshnPhOVGUZoI+0MYAT2T1eHEzdaVQkwpSMH:tGk3sNhxHI+0cUKu06kTMH
                                                                                                                                                                                                                                                  MD5:80CD4DA8CD225A78DDF3E73CBE51EABD
                                                                                                                                                                                                                                                  SHA1:334ECADEBD1686FB1465CA4BA38FB29652F0EC54
                                                                                                                                                                                                                                                  SHA-256:1334BEC9DC21AA478DEA12A868AA7FDAF1A95990C1015019DDBE6B90907BBA65
                                                                                                                                                                                                                                                  SHA-512:581CE2F5BDE668724560657C0FD577ECB28361D3EDBC31A53E125EC06E4D0334C941120E424F4365F3BDE92316191F59F4741EB3280565B33FEA206E3917AD6F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "... ... ... ... ......",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......!",.. OEM_TOAST_VARIANT_INFO: "... ... ... . ..... .. ... .... ... McAfee . ... ... ... ... ......",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".. ... ..... McAfee . .. ... .......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee ...... ...",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "... .... ..",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".... ... .... .. . ..., .., ...., ... .. .. ... ... ......",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4467
                                                                                                                                                                                                                                                  Entropy (8bit):5.38161829670382
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HqSH3f2pqCBDGeE36ZmcQf5xPCN1LeCYrWbVhYqeQGE/MSbIY:KmW4eClJ/PCN1LXYr2LYqdGE/xbR
                                                                                                                                                                                                                                                  MD5:86593197A71C0F209DBE3A68004CB7C9
                                                                                                                                                                                                                                                  SHA1:6509AD251FE7DEF618F906752413A5AE514BD5CF
                                                                                                                                                                                                                                                  SHA-256:7F7CDDF4F4E42063B3E81598D9879E0B7DE40F496573E0DE47BF184AAEFD1C90
                                                                                                                                                                                                                                                  SHA-512:44221D254012DF747CB82A727F98C8B029AF4681CB0348A9CC60898D17D27BEB061987934255F490FA000CB93B24EBF53E42D65C84570E7A6A3FECEADDCF000A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Gj.r nettbeskyttelsen din komplett . KOSTNADSFRITT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Ikke verst!",.. OEM_TOAST_VARIANT_INFO: "Du kan bli mye tryggere p. nettet. Legg til s.kebeskyttelse for . gj.re McAfee nettbeskyttelse komplett og forbedre nettsikkerheten din.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du fullf.rte konfigureringen av McAfee nettbeskyttelse ved . aktivere s.kebeskyttelse.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Pr.veversjon av McAfee antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Nettleserbeskyttelse",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Nettleserbeskyttelse er ditt fremste forsvar mot usikre webomr.der, koblinger, nedlastinger, skadelig programvare med mer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4299
                                                                                                                                                                                                                                                  Entropy (8bit):5.379409348781231
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:H2AwS9S9NzRHuSpGikmkH4XRgPKvpR1E1B2azPDcF2g+FeksVMkgR1pfQ55C:WAweeN9hGikmkHDKpRS1EaTDw2g+Ffs8
                                                                                                                                                                                                                                                  MD5:C2AB04CD7E5E26640BB7A66E7B3EFDA5
                                                                                                                                                                                                                                                  SHA1:C0448971C5B43F92FB83436E7391B995BFF941BB
                                                                                                                                                                                                                                                  SHA-256:549457A9156FCBD81D5B46844D6DCC85FD983E44A25F510B4BDF8A60A0A52346
                                                                                                                                                                                                                                                  SHA-512:ED59892217E479264C8AE724A0CE254D5DF74862BF2033F947E7535F9E1E0ED32BDB3BA1FD0C98CAC15499CE60A7057B7B841BDF427DA518C0CEFB3B685E2B0A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Voltooi uw online bescherming . GRATIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Goed gedaan!",.. OEM_TOAST_VARIANT_INFO: "U kunt online veel veiliger zijn. Voeg zoekbescherming aan uw McAfee-webbescherming toe en verbeter uw online veiligheid.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "U hebt het instellen van uw McAfee-webbescherming voltooid door zoekbescherming in te schakelen.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Proefversie van McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Online browserbeveiliging",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Browserbeveiliging is uw eerste verdedigingslinie tegen onveilige websites, koppelingen, downloads, malware en meer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "Zoekbescherming",.. OEM_T

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4749
                                                                                                                                                                                                                                                  Entropy (8bit):5.577135253793333
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HeH6Ry8L5clQB1MuoIbuNO8Q2STtWQLpXsJi6jiTZ/80zthQX2w+:+Ht8tclQB1AnO8Q2STtWQLpXsJrEZ/8Y
                                                                                                                                                                                                                                                  MD5:6B0584C8750221C9B143AD8E4851F97E
                                                                                                                                                                                                                                                  SHA1:BAF3739AB3EB0EC8D737B0CDD7019D9770B26540
                                                                                                                                                                                                                                                  SHA-256:A129819ED747FABDE12841BFB9B25DEC69CF9FF4E25E96BCB73E5AE58400E560
                                                                                                                                                                                                                                                  SHA-512:7491F8665167EC0E4F56F66313769EF894BD8D77DFBED027AB15A2C16297EA81287D79265E25DC4A11CF2C6B3A19F24F9EBD8134738EA37CDF263A63C4F3F56A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Wzmocnij swoj. ochron. w Internecie . BEZP.ATNIE!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Dobra robota!",.. OEM_TOAST_VARIANT_INFO: "Mo.esz mie. znacznie wi.ksz. ochron. w Internecie. Dodaj ochron. wyszukiwania, aby wzmocni. ochron. funkcji McAfee Web Protection i zwi.kszy. swoje bezpiecze.stwo w Internecie.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Uko.czono konfiguracj. funkcji McAfee Web Protection poprzez w..czenie ochrony wyszukiwania.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Wersja pr.bna programu McAfee Antivirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrona przegl.darki w Internecie",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrona przegl.darki to pierwsza linia obrony przed niebezpiecznymi witrynami, ..czami, pob

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4556
                                                                                                                                                                                                                                                  Entropy (8bit):5.392364845070507
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Hlahgzv62PaQaLuR89CrPnzGS77lq+XQsnaS:FaqvFL7R89MPnzGS77U+AsaS
                                                                                                                                                                                                                                                  MD5:E620EE0E71FD5179379A8C1D4FCA2405
                                                                                                                                                                                                                                                  SHA1:9ECC0BEDF394A26462DAAA0A8339A5A2116E6BB2
                                                                                                                                                                                                                                                  SHA-256:B857F08E6793D3A7D1F7FCAB2CC03729864929D40890AC508CAA9C163C8C401F
                                                                                                                                                                                                                                                  SHA-512:E51CCBB50DFC2050608EA7CD9250061D7DD09E34CDA9B0966F2E8EE3833D4A76C4C0312F1A3AEBA825568BA5A85726BD81BF32470A0B1C2A4ECD5E0FB9919E2A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Conclua a sua prote..o on-line GRATUITAMENTE!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ". isso a.!",.. OEM_TOAST_VARIANT_INFO: "Voc. pode ter muito mais seguran.a on-line. Adicione prote..o de pesquisa para completar o McAfee Web Protection e aumentar sua seguran.a on-line.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Voc. concluiu a configura..o do McAfee Web Protection ativando a prote..o de pesquisa.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Avalia..o gr.tis do antiv.rus da McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Prote..o do navegador on-line",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "A prote..o do navegador . sua primeira linha de defesa contra sites, links e downloads inseguros, malware e muito mais.",.. OEM_TOAST_VARIA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4478
                                                                                                                                                                                                                                                  Entropy (8bit):5.365427676170518
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HI2q8anq+9cCh9FcTVvtObxsp0R1vsfYRq+XQwgac:o38eq7CTWRvtO6pe1vsfYg+Awdc
                                                                                                                                                                                                                                                  MD5:1FFACA84AB047522238575D26444B1C1
                                                                                                                                                                                                                                                  SHA1:E3A08051A07F92F334B6DE958336F1C3A503BCC9
                                                                                                                                                                                                                                                  SHA-256:F669083F2800C6CC1BE35B992CDA2922B55A493A6076260782D088524DB56DF8
                                                                                                                                                                                                                                                  SHA-512:3DF57FB94FBA7BD6E33381DF5F150AE3D7E49FA655283EDA272F371AE2267D599C10CC442EFD3D3BF960F739B293B2B3F1CE4705ACCE8187EEC3203FED3109E7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Complete a sua prote..o online . GR.TIS!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Boa!",.. OEM_TOAST_VARIANT_INFO: "Pode estar muito mais seguro online. Adicione a prote..o de pesquisa para completar o seu McAfee Web Protection e aumentar a sua seguran.a online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Terminou de configurar o seu McAfee Web Protection ao ativar a prote..o de pesquisa.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Avalia..o do antiv.rus McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Prote..o de browser online",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "A prote..o de browser . a sua primeira linha de defesa contra Web sites inseguros, transfer.ncias, malware e muito mais.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "P

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6441
                                                                                                                                                                                                                                                  Entropy (8bit):5.191712551362283
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:H3P3dV2BQF3iK4ttHiUWB3E4L2bLrrDSiaA1oSUd0BSO+Vft1ZQpmvfRYWc:v/2Bo3L4iPdMPnSvA1UQbGf6pMfRc
                                                                                                                                                                                                                                                  MD5:17601027BE0E1941274EC8AA97DA3F37
                                                                                                                                                                                                                                                  SHA1:4BE73FA80DB484EC1712BCD56D356CAA57C8687E
                                                                                                                                                                                                                                                  SHA-256:A4FE46EBD30F700AF434F14DBF0D9B9D803BB671A4175130AA1271736C84E0B4
                                                                                                                                                                                                                                                  SHA-512:33C99E1E4B601AF85F1DD4435481FE06A93CB779660F31B4DDE8EA50376F620B978C78DE2C675513340B3E825AE40AC34FDA3D71A437A063F8D0C25B63045677
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "......... .... ...... . ......... . .........!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "... .......!",.. OEM_TOAST_VARIANT_INFO: ".. ...... ........ .... ............ . .......... ........ ...... ......, ..... ......... McAfee Web Protection . ........ .... ............ . ..........",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".. ......... ......... McAfee Web Protection, ....... ...... .......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "....... ...... McAfee AntiVirus",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "...... ........ . .........",.. OEM_TOAST_VARIANT_FREE_LABE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4713
                                                                                                                                                                                                                                                  Entropy (8bit):5.639633098055761
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Hu/cMHiS0zIB64Vb8JmdTv6zInPVO+mMQ90P:2c+iE64xTdTvPVng90P
                                                                                                                                                                                                                                                  MD5:B1E8660F650C5C8D95DF80E87851321B
                                                                                                                                                                                                                                                  SHA1:C18411FD7C8B8A903EA90F82B72F87DA6B5E3F3F
                                                                                                                                                                                                                                                  SHA-256:D031D75D075E0A90E618AB591A19A7315D8CF731C75DF1646964C05509490390
                                                                                                                                                                                                                                                  SHA-512:E5A7313EEDD1EA96D6F395225ACEF16B730685FBB613417F08FA3FF6CF386A0A6969DC876538551B9695DD84DFB0DE248E939C52F40988E8C0B503D0740485AB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Dokon.ite nastavenie online ochrany ZADARMO.",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Chr..te sa.",.. OEM_TOAST_VARIANT_INFO: "Aj online m..ete by. v.bezpe... Pridajte ochranu vyh.ad.vania do produktu McAfee Web Protection a.zv..te svoju bezpe.nos. online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Zapnut.m ochrany vyh.ad.vania ste dokon.ili nastavenie McAfee Web Protection.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Sk..obn. verzia antiv.rusu od McAfee",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Ochrana online prehliada.a",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Ochrana prehliada.a tvor. prv. .rove. ochrany pred nebezpe.n.mi webov.mi lokalitami, odkazmi, stiahnut.mi s.bormi, malv.rom a .al..mi hrozbami.",.. OEM_TOA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4628
                                                                                                                                                                                                                                                  Entropy (8bit):5.433533100276745
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:H7718TA7STZFOZGOA9wSdASMoNNPDgYK0hQOLYBB+T:b7glDu8ASMAtjK0mOEBAT
                                                                                                                                                                                                                                                  MD5:60E06C7C2CC2E0EB1DD485432924B968
                                                                                                                                                                                                                                                  SHA1:21F75F04176180A254C7412A114D12E7C3B9EBEE
                                                                                                                                                                                                                                                  SHA-256:D98475CAC32A5E18EA43CC9D35D92119BD33C6DFF025DEB8F1834F92E0A1A593
                                                                                                                                                                                                                                                  SHA-512:7CCA8C25852A4F907890C73E8B3A7DEB4CF2A46CCBD029B60CEEC0E06A799F455CAA3BE251C657BDBB7E1D5BAB4C5BB92B0E82E060F254DDA08DABEF5AC3F617
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Upotpunite za.titu na internetu . BESPLATNO!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Prava stvar!",.. OEM_TOAST_VARIANT_INFO: "Mo.ete biti mnogo bezbedniji na internetu. Dodajte za.titu pregledanja kako biste upotpunili McAfee Web Protection i pobolj.ali bezbednost na internetu.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Upotpunili ste postavku McAfee Web Protection omogu.uju.i za.titu pregledanja.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Probna verzija McAfee antivirusnog programa",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Za.tita pregleda.a na internetu",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Za.tita pregleda.a je va.a prva linija odbrane od nebezbednih veb lokacija, veza, preuzimanja, malvera i jo. toga.",.. OEM_TOAST_VARIANT_FEATU

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4220
                                                                                                                                                                                                                                                  Entropy (8bit):5.444091067154872
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HkTQd3F1N1KuBfzHv7afFmZMfSseE08bwzGt9S0NpQIrCF+AQmGIA:KWVBbz5vsec0zK9p1LL/IA
                                                                                                                                                                                                                                                  MD5:06DDEDD0C278753F69E4FF4674E6614B
                                                                                                                                                                                                                                                  SHA1:3470530D55FE8DDDCB363470D54B9177EFEB2937
                                                                                                                                                                                                                                                  SHA-256:6076A19912D15B9DF572F3C268F825859B824F9193C9D64C57F95C7869974808
                                                                                                                                                                                                                                                  SHA-512:BAA58DEC69C7B6257C8880A0EDC6FB04974C68DD20197232A30D38162DABE60289C2FB3CA57B7D59E95D08963F6EBFDEEC6D689E8DA415FF42ED584D474057CC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "Fullborda ditt skydd online - KOSTNADSFRITT!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "S.d.r ja!",.. OEM_TOAST_VARIANT_INFO: "Du kan surfa mycket s.krare. L.gg till s.kskydd f.r att komplettera McAfee Web Protection och f.rb.ttra din s.kerhet online.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Du har fullbordat inst.llningen av McAfee Web Protection genom att aktivera s.kskydd.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "Provversion av McAfees virusskydd",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: "Webbl.sarskydd online",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Webbl.sarskyddet .r ditt f.rsta f.rsvar mot os.kra webbsidor, l.nkar, h.mtningar, malware och mer.",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "S.kskydd",.. OEM_TOAST_VARIANT_FEA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4525
                                                                                                                                                                                                                                                  Entropy (8bit):5.530398100834962
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HsafCWrSckFzm3EzHFSCvXV4lsQtFT7tyJd:MaKWrSzm3EzHFSCP43PBy/
                                                                                                                                                                                                                                                  MD5:A257776036EC055235476B933BB1A2F0
                                                                                                                                                                                                                                                  SHA1:489E0CA8ED86E572A4940979AAC1399D38AF8370
                                                                                                                                                                                                                                                  SHA-256:CC325C48332AD39AFF2C068020EFF1852A55B3AAE6CDF0617D587C0BC82078F5
                                                                                                                                                                                                                                                  SHA-512:04FD6465239C9E196B33F1B769C77B103B52E67F87319CBEBC26D1EBBEC8E0EC8BCB836283981B715B06CD0D18D17C273BB0B76F1ED1B6335FC30FC571297AA8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: ".evrimi.i koruman.z. tamamlay.n - .CRETS.Z!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "Tebrikler!",.. OEM_TOAST_VARIANT_INFO: ".evrim i.i .ok daha g.vende olabilirsiniz. McAfee Web Protection'. tamamlamak ve .evrim i.i g.venli.inizi art.rmak i.in arama korumas.n. ekleyin.",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "Arama korumas.n. etkinle.tirerek McAfee Web Protection'. .evrim i.i kurmay. tamamlad.n.z.",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus Denemesi",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".evrim i.i taray.c. korumas.",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: "Taray.c. korumas.; g.venli olmayan web siteleri, ba.lant.lar, indirmeler, zararl. yaz.l.m vb.'ine kar.. ilk savunma hatt.n.zd.r.",

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4033
                                                                                                                                                                                                                                                  Entropy (8bit):6.107989660169052
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:HaLl2LYL7hjCL3PLYIL5LzLLL62KaLpLpLbYnL3LVeLuL/0LoqLlLVLvLkKLZRLp:H69N08pRNQ/OJJNZsjB90G3Qm/aCQVH6
                                                                                                                                                                                                                                                  MD5:D2A4335DFB9EFCB73485D0C0807C2792
                                                                                                                                                                                                                                                  SHA1:CF447A28A70F88168DEFE266798BDFEF3A044F1A
                                                                                                                                                                                                                                                  SHA-256:EEEF0211C00E2E53D6DD6BE7B20D4379994D616691EC53B00FAB0CD180CE7041
                                                                                                                                                                                                                                                  SHA-512:CCD66DE9416D7F8D31E7D2654BAE7533048FCA8B8DF4A0D877767615B5D50EE375D3CADD41EF8F27BE037958734065DA1688E6067A4750E96EB5F52F75EB7E7B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: "........ . ..!",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: ".....!",.. OEM_TOAST_VARIANT_INFO: ".......................................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: ".......................",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "...........",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".......",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".................................",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "....",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_DESC: "......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-oem-ss-toast-variants-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4288
                                                                                                                                                                                                                                                  Entropy (8bit):6.168417961765325
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:HummxlGEjsinJjE8X7IujB0LbIF5fFrQTyKtyIs:OmmOvkEU7IuN0+5fF0vU
                                                                                                                                                                                                                                                  MD5:E3BA53E61771C8BFD208DF6AE3412D95
                                                                                                                                                                                                                                                  SHA1:64490728E322BCE3868B5D80109F923B4DC54155
                                                                                                                                                                                                                                                  SHA-256:20CAA87E1DE50DFDA0B0019D1FD7E425CE050613DC1222B6F8CDC8B5FF0926BB
                                                                                                                                                                                                                                                  SHA-512:0A5A25AA20A900D29CF5FC568D3C772F60ED91608D3C5C308E1377399902B54AEFBEAB4B708709C2BD2604F85F9A6BCDA5FBDEFD1845DBB02094D3A5ADB03335
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. // Specific for Cohort 1, 2.. OEM_TOAST_VARIANT_TITLE: ".......... . .....",.. OEM_TOAST_VARIANT_TITLE_SS_PROTECTED: "......",.. OEM_TOAST_VARIANT_INFO: "................ McAfee Web ...................",.. OEM_TOAST_VARIANT_INFO_SS_PROTECTED: "............. McAfee Web ......",.. OEM_TOAST_VARIANT_EXPIRED_LABEL: "EXPIRED",.. OEM_TOAST_VARIANT_EXPIRED_NAME: "McAfee Antivirus ..",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_LABEL: "ON",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_NAME: ".......",.. OEM_TOAST_VARIANT_FREE_LABEL: "FREE",.. OEM_TOAST_VARIANT_FEATURES_ENABLED_DESC: ".....................................",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_NAME: "....",.. OEM_TOAST_VARIANT_FEATURES_DISABLED_DESC:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3415
                                                                                                                                                                                                                                                  Entropy (8bit):5.6725182562708305
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:calbcPcTkV6hxvM/L4PgzN/6hxO232sN4agGux:GUwdkec2sN4agGux
                                                                                                                                                                                                                                                  MD5:1CE32A292F266E0D6E8079AE959D206C
                                                                                                                                                                                                                                                  SHA1:F9ECB2DBE6C0BB745329B84F7C1DC74AA6288B7A
                                                                                                                                                                                                                                                  SHA-256:7AE4303EDCBC48B3FAA5A7B0424845EAB9C756F2AEC392120D0EBE45348CEA19
                                                                                                                                                                                                                                                  SHA-512:FA221BBE7B16CE232CA17CF38F23CA71B86FF73F25A363F2E693B940546C06043AACCFC78BA92F647286E0E44965E7BC558B6BC9FF5E08BBBE7C4C06B9EF07D0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "N.pov.da",.. HELP_FAQ_TITLE: "Nej.ast.j.. dotazy",.. HELP_SUPPORT_TITLE: "Podpora",.. HELP_EMAIL_US: "Za.lete n.m e-mail na adresu",.. ABOUT: "O aplikaci",.. ABOUT_DESCRIPTION: "D.ky aplikaci {0} se m..ete na internetu l.pe rozhodovat.",.. CREATE_SAFER_PASSWORDS: "Vytv..en. bezpe.n.j..ch hesel",.. DOWNLOAD_CONFIDENTLY: "Stahov.n. bez obav",.. SETTINGS_SS_OPTION_ALL: "Informovat o bezpe.nosti v.sledk. hled.n. ve v.ech vyhled.va..ch",.. SETTINGS_SS_OPTION_NONE: "Neinformovat o v.sledc.ch hled.n.",.. SETTINGS_SS_OPTION_SS: "Informovat o bezpe.nosti v.sledk. hled.n. pouze ve slu.b. Bezpe.n. hled.n.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Vlo.te nebo zadejte adresu URL.",.. TRUST_SITE: "D.v..ovat str.nce",.. DONT_TRUST: "Ned.v..ovat",.. HELP_FAQ_SECTION_ONE_HEADER: "K .emu slou.. aplikace {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "D.ky aplikaci {0} se m..ete na in

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3222
                                                                                                                                                                                                                                                  Entropy (8bit):5.3882022792999305
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cIWPf2VFTTGDGMZO4WVFwT/s9vyNnma/DvOvEiFk83qS8sDQTjmHBgpKSF:9FMZAOgFiizJMjmWB
                                                                                                                                                                                                                                                  MD5:986CDDED8B1EE14C49744118BA341E1A
                                                                                                                                                                                                                                                  SHA1:D02FB5756007D45A4B6F53807AF68C67152167D0
                                                                                                                                                                                                                                                  SHA-256:EDD906A33E49B87978E8EB9BA897FB5D35996224686A2E4346E9CA84B747FD11
                                                                                                                                                                                                                                                  SHA-512:0C8AA9C6D3C4260972D5A0C1DBA6B7198F195987C7709F2208463C522C133B05835799048BFD7A21E5E2D44F27D88CFD1956C88447CD608574632C7A285CFB77
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Hj.lp",.. HELP_FAQ_TITLE: "Ofte stillede sp.rgsm.l",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Send en mail til os p.",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} hj.lper dig med at tr.ffe de rigtige beslutninger, n.r du er p. nettet.",.. CREATE_SAFER_PASSWORDS: "Opret sikrere adgangskoder",.. DOWNLOAD_CONFIDENTLY: "Sikre overf.rsler",.. SETTINGS_SS_OPTION_ALL: "Fort.l mig, om et s.geresultat er sikkert i alle s.gemaskiner",.. SETTINGS_SS_OPTION_NONE: "Fort.l mig ikke om s.geresultater",.. SETTINGS_SS_OPTION_SS: "Fort.l mig, om et s.geresultat kun er sikkert i Sikker s.gning",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Inds.t eller skriv URL-adressen",.. TRUST_SITE: "Har tillid til websted",.. DONT_TRUST: "Har ikke tillid",.. HELP_FAQ_SECTION_ONE_HEADER: "Hvad er {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} hj.lper dig med at tr.ffe de rigtige beslutninger, n.r du er p. nettet.",.. HELP_F

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3302
                                                                                                                                                                                                                                                  Entropy (8bit):5.3882318909350255
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:c5vPqTKqMocuMD9nd/9j25ktHec9VYwpu4sD2oitoq:BNMVLac+uYwp9sD2ptr
                                                                                                                                                                                                                                                  MD5:147D9271854988E85E6B7ABB0A19C8CC
                                                                                                                                                                                                                                                  SHA1:198BAF847182F5717A63BFC28AB69C6638E3975B
                                                                                                                                                                                                                                                  SHA-256:E60C824B97124AC58E92C4FC17DE0165E3ECE34D40FEE59B40D6FC225EDDF5BB
                                                                                                                                                                                                                                                  SHA-512:4191A40093720B3067C3AB5CBD8B5DF09223885690FB7499DA1439FFD0B7C77B748AA00E109723B1353D7A88F6FB5F9AE761A92216B50BAFABB383B8854A81B2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Hilfe",.. HELP_FAQ_TITLE: "H.ufig gestellte Fragen (FAQs)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Senden Sie uns eine E-Mail:",.. ABOUT: "Info",.. ABOUT_DESCRIPTION: "Dank {0} k.nnen Sie besser entscheiden, welche Websites Sie unbesorgt besuchen k.nnen.",.. CREATE_SAFER_PASSWORDS: "Sicherere Kennw.rter erstellen",.. DOWNLOAD_CONFIDENTLY: "Sichere Dateien herunterladen",.. SETTINGS_SS_OPTION_ALL: "In jeder Suchmaschine Bewertung von Suchergebnissen anzeigen",.. SETTINGS_SS_OPTION_NONE: "Keine Bewertung von Suchergebnissen anzeigen",.. SETTINGS_SS_OPTION_SS: "Nur bei der sicheren Suche Bewertung von Suchergebnissen anzeigen",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL einf.gen oder eingeben",.. TRUST_SITE: "Site als vertrauensw.rdig einstufen",.. DONT_TRUST: "Nicht als vertrauensw.rdig einstufen",.. HELP_FAQ_SECTION_ONE_HEADER: "Was ist {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Dank {0} k.nnen Sie

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5323
                                                                                                                                                                                                                                                  Entropy (8bit):5.039884397341082
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:czSqYMiAFSTIbO48c2aO490VuVMGzqRcAF+gx/ijYz2HC8Tt7iVJnIjz1NCPcWFa:DMO8w3BVGt22jz1QPltZIH9
                                                                                                                                                                                                                                                  MD5:5EEB7AEFCA08B09AE14A82AF082D0319
                                                                                                                                                                                                                                                  SHA1:25D9DBAED0B56792DA46B93EADE09A8292611688
                                                                                                                                                                                                                                                  SHA-256:87AE0C4040364164D26A77121A7B011553C6FCF36D57BC954FB46261AE16BB94
                                                                                                                                                                                                                                                  SHA-512:BD3FDF238F8CB5D42C584752F327D49CE7357D12B9E6F8FD8CC7787CCE674F188A4CB0D26695401137418C7F8EB7792776B20E2BFB4398EFA22538B60F9D3DC9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: ".......",.. HELP_FAQ_TITLE: "...... .........",.. HELP_SUPPORT_TITLE: "..........",.. HELP_EMAIL_US: "....... ... ...... ............ ............ ... .........",.. ABOUT: "...........",.. ABOUT_DESCRIPTION: ".. {0} ... ..... .. ......... .......... ......... ....... .. ... ......... ... ... Internet.",.. CREATE_SAFER_PASSWORDS: "............ ............. ........ .........",.. DOWNLOAD_CONFIDENTLY: "......... ...... .. ........",.. SETTINGS_SS_OPTION_ALL: ".. ............ .. ... .......... .......... ..... ....... .. ........... ......... ..........",.. SETTINGS_SS_OPTION_NONE: ".. ... ............ ..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2970
                                                                                                                                                                                                                                                  Entropy (8bit):5.340531156221564
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cwr9pTTyT7Few0MxjU99E/E0v7StLuJHTuiGextXq/JXTGpUx86NQ4QeQr4+8LkF:cwr9pPyTEMxI99E/fTStLOz7xtulGOx2
                                                                                                                                                                                                                                                  MD5:E416F05EF2C13255FB856E2540354401
                                                                                                                                                                                                                                                  SHA1:4A201A5C87AE5CC5FC1F0587B208B6797ED608CF
                                                                                                                                                                                                                                                  SHA-256:E53F29691725551E77455FE08AE06D49E6D76C700A314EB5B9C728A77F6664ED
                                                                                                                                                                                                                                                  SHA-512:71F8FE59EC173ED13EF7D3002B7AEB3B80710CF62D998386E4D8EB66B85CDFBAAC9E85C8B344B18751BCE9344AFFFA3E6726344B7B8DAC2A09A3884F68D35304
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Help",.. HELP_FAQ_TITLE: "Frequently Asked Questions (FAQs)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Email us at",.. ABOUT: "About",.. ABOUT_DESCRIPTION: "{0} helps you make better decisions about what you do online.",.. CREATE_SAFER_PASSWORDS: "Create safer passwords",.. DOWNLOAD_CONFIDENTLY: "Download confidently",.. SETTINGS_SS_OPTION_ALL: "Tell me if a search result is safe in any search engine",.. SETTINGS_SS_OPTION_NONE: "Don't tell me about search results",.. SETTINGS_SS_OPTION_SS: "Tell me if a search result is safe only in Secure Search",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Paste or type your URL",.. TRUST_SITE: "Trust site",.. DONT_TRUST: "Don't trust",.. HELP_FAQ_SECTION_ONE_HEADER: "What is {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} helps you make better decisions about what you do online.",.. HELP_FAQ_SECTION_TWO_HEADER: "How do I share {0} with others?",.. HELP_FAQ_SECTION_TWO_CO

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3318
                                                                                                                                                                                                                                                  Entropy (8bit):5.384176124857811
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cDEMyiTKKM+hOeBgn/qfBJq3/GQjD7mQujWoIcsAluB:vieH+g1D7mfIcsCuB
                                                                                                                                                                                                                                                  MD5:287426C61EF34FE81F04FF539428702A
                                                                                                                                                                                                                                                  SHA1:5722B989E9151788335E457F6D04DAA7E38C8605
                                                                                                                                                                                                                                                  SHA-256:2C6435C4521F498D03742FC5221E5C3F9FE364632D1F498B40FC062B3214D3F2
                                                                                                                                                                                                                                                  SHA-512:0695FEB3D1E32C9778F4BDC263882643B90579FA7C3A5893FF4787EED1B78CA4C4AC7C6C1D855D980D80D6AE7976FCE1815B3418FE802569E6A6BC5C5796F368
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Ayuda",.. HELP_FAQ_TITLE: "Preguntas frecuentes",.. HELP_SUPPORT_TITLE: "Soporte",.. HELP_EMAIL_US: "Env.enos un correo electr.nico a",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "{0} le ayuda a tomar decisiones m.s fundamentadas acerca del uso que hace de Internet.",.. CREATE_SAFER_PASSWORDS: "Cree contrase.as m.s seguras",.. DOWNLOAD_CONFIDENTLY: "Descargue con seguridad",.. SETTINGS_SS_OPTION_ALL: "Informarme si un resultado de b.squeda es seguro en otro motor de b.squeda",.. SETTINGS_SS_OPTION_NONE: "No informarme de resultados de b.squeda",.. SETTINGS_SS_OPTION_SS: "Informarme si un resultado de b.squeda es seguro solo en B.squeda segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Pegue o escriba la direcci.n URL",.. TRUST_SITE: "Confiar en el sitio web",.. DONT_TRUST: "No confiar",.. HELP_FAQ_SECTION_ONE_HEADER: ".Qu. es {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} le ayuda a tomar decisiones m.s fu

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3269
                                                                                                                                                                                                                                                  Entropy (8bit):5.39923044166933
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cDEMRrT9tM+hOeBJDfE/ZABFWeLT91e5kkmpouToIc2eoxkrHX:SRO+gEDUkkmAIc6eHX
                                                                                                                                                                                                                                                  MD5:9BE106DBA0A89616F11CF5439894919C
                                                                                                                                                                                                                                                  SHA1:39353BB978FF16BB7C377CE04E367F0D3FA57C93
                                                                                                                                                                                                                                                  SHA-256:185D769876360325900E05E3318664A02F5EABE5F4FACB348FB9979032C71D92
                                                                                                                                                                                                                                                  SHA-512:AAA3D7CD6E69109A1A646C6152F6F9F9CF3E3ABC42590CB25276E38097B6383947609CAF47DE9CD27185CE70CAC375518818D5DBB126252AA1CA3D8EF0A84C15
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Ayuda",.. HELP_FAQ_TITLE: "Preguntas frecuentes",.. HELP_SUPPORT_TITLE: "Soporte",.. HELP_EMAIL_US: "Env.enos un correo electr.nico",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "{0} lo ayuda a tomar mejores decisiones acerca de lo que hace en l.nea.",.. CREATE_SAFER_PASSWORDS: "Cree contrase.as m.s seguras",.. DOWNLOAD_CONFIDENTLY: "Descargue con confianza",.. SETTINGS_SS_OPTION_ALL: "Comunicarme si un resultado de b.squeda es seguro en cualquier motor de b.squeda",.. SETTINGS_SS_OPTION_NONE: "No comunicarme sobre los resultados de b.squedas",.. SETTINGS_SS_OPTION_SS: "Comunicarme si un resultado de b.squeda es seguro solo en b.squeda segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Pegue o escriba la direcci.n URL",.. TRUST_SITE: "Sitio de confianza",.. DONT_TRUST: "No confiar",.. HELP_FAQ_SECTION_ONE_HEADER: ".Qu. es {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} lo ayuda a tomar mejores decisiones acerc

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3156
                                                                                                                                                                                                                                                  Entropy (8bit):5.3436619335033475
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cFjnmzGSTEMQHo+X/lFYpHNVbA5yZq0Ui4ce:dzGSxDlNFR8i4F
                                                                                                                                                                                                                                                  MD5:78DC242841C8955CA096D7109F84940E
                                                                                                                                                                                                                                                  SHA1:1595F8915EF01CC7BE9D792216F96350A5096682
                                                                                                                                                                                                                                                  SHA-256:16FD60BA1EA186B157DCCFD608540B10BB066332450D3D99636DE206006D1A1D
                                                                                                                                                                                                                                                  SHA-512:521B6CEABCC8CD9914B5743C30F037199F37C7E37AF779BA599361F356E9D4E352E0BDD113A68DF8A131484DE7C057CE75D05A871852D3360939947358090101
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Ohje",.. HELP_FAQ_TITLE: "Usein kysytyt kysymykset (UKK)",.. HELP_SUPPORT_TITLE: "Tuki",.. HELP_EMAIL_US: "L.het. meille s.hk.postia osoitteeseen",.. ABOUT: "Tietoja",.. ABOUT_DESCRIPTION: "{0} auttaa sinua toimimaan verkossa turvallisesti.",.. CREATE_SAFER_PASSWORDS: "Entist. turvallisempien salasanojen luominen",.. DOWNLOAD_CONFIDENTLY: "Luotettava lataaminen",.. SETTINGS_SS_OPTION_ALL: "Ilmoita, onko hakutulos turvallinen, miss. tahansa hakukoneessa",.. SETTINGS_SS_OPTION_NONE: ".l. n.yt. ilmoituksia hakutulosten turvallisuudesta",.. SETTINGS_SS_OPTION_SS: "Ilmoita, onko hakutulos turvallinen, kun k.yt.n Suojattua hakua",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Liit. tai kirjoita URL-osoite",.. TRUST_SITE: "Luota sivustoon",.. DONT_TRUST: ".l. luota",.. HELP_FAQ_SECTION_ONE_HEADER: "Mik. on {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} auttaa sinua toimimaan verkossa turvallisesti.",.. HELP_FAQ_S

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3475
                                                                                                                                                                                                                                                  Entropy (8bit):5.381791221753888
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cyXk9LMTrBXOkXco29M5t6QUxT//fM5NzyKt6yQjhEp2:zZR+ksoX4xgbyK1QjhEw
                                                                                                                                                                                                                                                  MD5:487CD924C4ED60BD9F2EF8AB1E181DD5
                                                                                                                                                                                                                                                  SHA1:9D2C4D25151FE2D6ACD20B97194721545AC67BFB
                                                                                                                                                                                                                                                  SHA-256:68369D5DA42E5B5418FB2B35D0797C21AB502DF7D6416BB93EA137FDAC2BA53E
                                                                                                                                                                                                                                                  SHA-512:9BDCAA1E97D41FC69A0EC5FD95DFF88EE1F61B890A7D0618CC9AE752018A7567028FFE0D06840460F8DBA4E7878D797155581762883C823C6770721E9546C2D8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Aide",.. HELP_FAQ_TITLE: "Foire aux questions (FAQ)",.. HELP_SUPPORT_TITLE: "Soutien",.. HELP_EMAIL_US: "Envoyez-nous un courriel au",.. ABOUT: ". propos",.. ABOUT_DESCRIPTION: "{0} vous aide . prendre de meilleures d.cisions sur vos activit.s en ligne.",.. CREATE_SAFER_PASSWORDS: "Cr.er des mots de passe plus s.rs",.. DOWNLOAD_CONFIDENTLY: "T.l.charger de fa.on confidentielle",.. SETTINGS_SS_OPTION_ALL: "Me dire si un r.sultat de recherche est s.r dans tous les moteurs de recherche",.. SETTINGS_SS_OPTION_NONE: "Ne pas me parler des r.sultats de recherche",.. SETTINGS_SS_OPTION_SS: "Me dire si un r.sultat de recherche est s.r seulement dans la recherche s.curis.e",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Coller ou saisir votre URL",.. TRUST_SITE: "Faire confiance au site",.. DONT_TRUST: "Ne pas faire confiance",.. HELP_FAQ_SECTION_ONE_HEADER: "Qu'est-ce que {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3557
                                                                                                                                                                                                                                                  Entropy (8bit):5.407604941374556
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cyXkPWgMTpX56126MJk7OQTxN//i46XeNWtd0lDqKStVGC4jRgo5wRn:zrN1XU1G2xKnINCieo4
                                                                                                                                                                                                                                                  MD5:EBFF2F699FA2915800E9E6EAF6DAD6C1
                                                                                                                                                                                                                                                  SHA1:21E2827B4446D9AF0E9AC693E3A2405D989EFF39
                                                                                                                                                                                                                                                  SHA-256:4C5470EEF6430967DB9346B9FF1B55C286F3AFBF71071A0CC184DD45EC63B214
                                                                                                                                                                                                                                                  SHA-512:9773A3DD83DE8D775951250155C3BAAE277110AD14AEA6C7E7528BC671C38DC1539085FCB820E6EEB0932B87BBCBF248916989C73A124AB8BD6A3FF3ED4602A3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Aide",.. HELP_FAQ_TITLE: "Foire aux questions (FAQ)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Contactez-nous par e-mail . cette adresse",.. ABOUT: "A propos",.. ABOUT_DESCRIPTION: "{0} vous aide . prendre les bonnes d.cisions en ce qui concerne vos activit.s en ligne.",.. CREATE_SAFER_PASSWORDS: "Cr.ez des mots de passe plus fiables",.. DOWNLOAD_CONFIDENTLY: "T.l.chargez en toute confiance",.. SETTINGS_SS_OPTION_ALL: "Me dire si le r.sultat de la recherche est prot.g. dans tous les moteurs de recherche",.. SETTINGS_SS_OPTION_NONE: "Ne rien me dire sur les r.sultats de la recherche",.. SETTINGS_SS_OPTION_SS: "Me dire si le r.sultat de la recherche est prot.g. dans la recherche s.curis.e uniquement",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Collez ou saisissez l'URL",.. TRUST_SITE: "Approuver",.. DONT_TRUST: "Ne pas approuver",.. HELP_FAQ_SECTION_ONE_HEADER: "Qu'est-ce que {0}.?",.. HELP_FAQ

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3286
                                                                                                                                                                                                                                                  Entropy (8bit):5.450685577880872
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cv359TfWlMbZ5ur/cOKc+vOOES9Wxt9yzoIEZUDrBdjDeX:iLW2yYlVES9+96UuDrBdjDg
                                                                                                                                                                                                                                                  MD5:6B0B147B984611AD62B274061C434872
                                                                                                                                                                                                                                                  SHA1:5DAC514E617534A59C8561264196E52132E99D7D
                                                                                                                                                                                                                                                  SHA-256:F06A5F59D0E9189B98B1E8F2ADD444B458079F66B498EF4EE008D544AE5585D8
                                                                                                                                                                                                                                                  SHA-512:EAD2C79B8AE84D5BE8F3F9F835A1550AD601D0CB58639E410917E15CB51C76B7D5498F87BF67748D6761C7D37669E10ECD0C4E6563A17F89378E69E1AA879AD7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Pomo.",.. HELP_FAQ_TITLE: ".esto postavljana pitanja (.PP)",.. HELP_SUPPORT_TITLE: "Podr.ka",.. HELP_EMAIL_US: "Obratite nam se na adresi e-po.te",.. ABOUT: "O aplikaciji",.. ABOUT_DESCRIPTION: "{0} poma.e vam u dono.enju boljih odluka o tome .to .inite na mre.i.",.. CREATE_SAFER_PASSWORDS: "Stvorite sigurnije lozinke",.. DOWNLOAD_CONFIDENTLY: "Pouzdano preuzimajte",.. SETTINGS_SS_OPTION_ALL: "Obavijesti me ako je rezultat pretra.ivanja siguran u bilo kojoj tra.ilici",.. SETTINGS_SS_OPTION_NONE: "Nemoj me obavijestiti o rezultatima pretra.ivanja",.. SETTINGS_SS_OPTION_SS: "Obavijesti me ako je rezultat pretra.ivanja siguran samo u Sigurnom pretra.ivanju",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Zalijepite ili unesite svoj URL",.. TRUST_SITE: "Mjesto smatraj pouzdanim",.. DONT_TRUST: "Ne smatraj pouzdanim",.. HELP_FAQ_SECTION_ONE_HEADER: ".to je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} poma.e vam

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3670
                                                                                                                                                                                                                                                  Entropy (8bit):5.574443846574153
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:c491zbQ9T9aMhF7fQdq/SvRonzXfFNtvf1B1BER7yU8J:tbQ9hfQfRonzb/3iRGU8J
                                                                                                                                                                                                                                                  MD5:211C56AD5F383EB02F69BA89FACAAAC6
                                                                                                                                                                                                                                                  SHA1:45710CAC2EBBEC7BD5211C19819902703FF608AE
                                                                                                                                                                                                                                                  SHA-256:0751370CECD364008724CEDD53187F0BA2D8CD53C317B30876F43951DDC766F2
                                                                                                                                                                                                                                                  SHA-512:63BE908C6D7474E52D51F83F62E21F66449CF69A4583721D22E39789EAF4E845FA028B6F3E6765E5E44738D90FA6B9F9B574726AD5A644DE4F4E01DCAC42F452
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "S.g.",.. HELP_FAQ_TITLE: "Gyakran ism.telt k.rd.sek (GYIK)",.. HELP_SUPPORT_TITLE: "T.mogat.s",.. HELP_EMAIL_US: "K.ldj.n nek.nk e-mailt az al.bbi c.mre:",.. ABOUT: "N.vjegy",.. ABOUT_DESCRIPTION: "A(z) {0} seg.ts.get ny.jt ahhoz, hogy jobb d.nt.seket hozhasson az online vil.gban.",.. CREATE_SAFER_PASSWORDS: "Biztons.gosabb jelszavak l.trehoz.sa",.. DOWNLOAD_CONFIDENTLY: "Biztons.gos let.lt.s",.. SETTINGS_SS_OPTION_ALL: "T.j.koztasson a keres.s eredm.ny.nek biztons.goss.g.r.l b.rmely keres.motorra vonatkoz.an",.. SETTINGS_SS_OPTION_NONE: "Ne t.j.koztasson a keres.si eredm.nyekkel kapcsolatban",.. SETTINGS_SS_OPTION_SS: "A keres.s eredm.ny.nek biztons.goss.g.r.l csak a Biztons.gos keres.sben t.j.koztasson",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL beilleszt.se vagy be.r.sa",.. TRUST_SITE: "Megb.zhat. webhely",.. DONT_TRUST: "Nem megb.zhat.",.. HELP_FAQ_SECTIO

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3280
                                                                                                                                                                                                                                                  Entropy (8bit):5.318299995140633
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cF+xiITUmLgSM+xy07Zg/ikrQs9N46fkjorok0jQxsTWa:QIIag/+fENbsErI0xsj
                                                                                                                                                                                                                                                  MD5:1DAC66AF50FCE87B340469CD5F4EA749
                                                                                                                                                                                                                                                  SHA1:3920F569D92358810BA439FD30949C424DACB7EE
                                                                                                                                                                                                                                                  SHA-256:846156959A61C8949344F636FEBC9CAB9A41053F8422F9E389827A6D682432B2
                                                                                                                                                                                                                                                  SHA-512:216898CE8DB4D99F3E71E40E60BCBE03DAC34B627497FA54486A41FDE7662F155E5E1BEECA449D7E2FB5D445F697B750B44B61C5371B7F6E129CF25D7E39D18B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Guida",.. HELP_FAQ_TITLE: "Domande frequenti",.. HELP_SUPPORT_TITLE: "Assistenza",.. HELP_EMAIL_US: "Contattaci via email all'indirizzo",.. ABOUT: "Informazioni su",.. ABOUT_DESCRIPTION: "{0} ti aiuta a prendere decisioni pi. consapevoli sulle attivit. online.",.. CREATE_SAFER_PASSWORDS: "Crea password pi. sicure",.. DOWNLOAD_CONFIDENTLY: "Scarica con la massima sicurezza",.. SETTINGS_SS_OPTION_ALL: "Comunicami se un risultato di ricerca . sicuro in un motore di ricerca",.. SETTINGS_SS_OPTION_NONE: "Non comunicare nulla riguardo ai risultati di ricerca",.. SETTINGS_SS_OPTION_SS: "Comunicami se un risultato di ricerca . sicuro solo in ricerca sicura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Incolla o digita l'URL",.. TRUST_SITE: "Considera affidabile il sito",.. DONT_TRUST: "Non considerare affidabile",.. HELP_FAQ_SECTION_ONE_HEADER: "Che cos'. {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ti aiuta a prendere dec

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3760
                                                                                                                                                                                                                                                  Entropy (8bit):5.744044953556827
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cFuvhOT6tGCuqZu0KMV1V6Gq//0bNbJkKjixAwRm4wegixVU0s6:1YGtGCuyu0HfDFBPiKem4/gi/s6
                                                                                                                                                                                                                                                  MD5:5705CB5E22FF4A7F3AF488D8D754E1E3
                                                                                                                                                                                                                                                  SHA1:BB329D5C2A90344F4B420E6D223B66A0E9FE8E5E
                                                                                                                                                                                                                                                  SHA-256:4A8A67866841B4B790B1A5317999059335CC2F24A7063584F2450BC01FF34285
                                                                                                                                                                                                                                                  SHA-512:32A8AE21F4D5396A354615B9A0E0381369B3076BA3B11AFB42F40916CA6EAA229918D5402560DF6AB2639A736DD8CB2ED1E07484A7412D8967C2592FC30ACB42
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "...",.. HELP_FAQ_TITLE: "...... (FAQ)",.. HELP_SUPPORT_TITLE: "....",.. HELP_EMAIL_US: "........",.. ABOUT: ".......",.. ABOUT_DESCRIPTION: "{0} ...................",.. CREATE_SAFER_PASSWORDS: "...............",.. DOWNLOAD_CONFIDENTLY: "...........",.. SETTINGS_SS_OPTION_ALL: "..........................",.. SETTINGS_SS_OPTION_NONE: "..............",.. SETTINGS_SS_OPTION_SS: ".... .....................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL ................",.. TRUST_SITE: "........",.. DONT_TRUST: ".....",.. HELP_FAQ_SECTION_ONE_HEADER: "{0} .......",.. HELP_FAQ_SECTI

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3451
                                                                                                                                                                                                                                                  Entropy (8bit):5.825420860271677
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:c0hbqh5TgP81LM2z7i6B/+XP6HUdYXx/gAw8otAJ2y8BwG8:JWQ8S76X6Avot3hy
                                                                                                                                                                                                                                                  MD5:681288B9279C9CBC25583FE9BEBD7010
                                                                                                                                                                                                                                                  SHA1:43C5199831B5840915DB683237A646E93C819C1A
                                                                                                                                                                                                                                                  SHA-256:A740211144E010392A722A92F26611FC89EC4A9492F04DD39C6CCE8660D0E469
                                                                                                                                                                                                                                                  SHA-512:97BE222C733D9CD8FC0BD9624B61DC3872821435BCBE9702C2B85BA3A61E8999F8F27DAD8032EF66B4888D21ACE9BA14372166EF58226734126124895A62BC7D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "...",.. HELP_FAQ_TITLE: "... ..(FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: "... ..",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0}. .... ... .. . ... ... .. . ... ......",.. CREATE_SAFER_PASSWORDS: ".. ... .. ...",.. DOWNLOAD_CONFIDENTLY: "... ....",.. SETTINGS_SS_OPTION_ALL: ".. .. .... .. ... .... ..",.. SETTINGS_SS_OPTION_NONE: ".. ... .. ... ..",.. SETTINGS_SS_OPTION_SS: ".. ..... .. ... .... ..",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL. .. ... ......",.. TRUST_SITE: "... ..",.. DONT_TRUST: ".... ..",.. HELP_FAQ_SECTION_ONE_HEADER: "{0}. .....?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}. .... ... .. . ... .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3107
                                                                                                                                                                                                                                                  Entropy (8bit):5.357002813107769
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cA9ffAT6MuE50WT/CGoDAUtGZpn2g3BBIP:ejVoxtepD3B6P
                                                                                                                                                                                                                                                  MD5:2F10B37F542A46D1752ADCEF7B5BB5D6
                                                                                                                                                                                                                                                  SHA1:AA776B7E2B4035B2A94B309D4C6B8402A6171B9E
                                                                                                                                                                                                                                                  SHA-256:D2DA58C39AB525B77F4D21A7028526BC8F0CCBBF5BB1483A77ADCC8710BE76CB
                                                                                                                                                                                                                                                  SHA-512:6FB2DD20B5C71146F7DB145889749B826758F3DE36D66A6DB8638D42322398AE8E7D7136ECC4231CEA1C6DF66AF0426C628AF82BA42506C3AC1E5B56C9BC1E0A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Hjelp",.. HELP_FAQ_TITLE: "Vanlige sp.rsm.l",.. HELP_SUPPORT_TITLE: "St.tte",.. HELP_EMAIL_US: "Send oss en e-postmelding til",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} gj.r det enklere . ta bedre avgj.relser om hva du gj.r p. Internett.",.. CREATE_SAFER_PASSWORDS: "Opprett sikrere passord",.. DOWNLOAD_CONFIDENTLY: "Last ned uten bekymringer",.. SETTINGS_SS_OPTION_ALL: "Fortell om et s.keresultat er trygt, i enhver s.kemotor",.. SETTINGS_SS_OPTION_NONE: "Ikke fortell meg om s.keresultatene",.. SETTINGS_SS_OPTION_SS: "Fortell om et s.keresultat er sikkert, men bare i Sikkert s.k",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Lim eller skriv inn URL-adressen din",.. TRUST_SITE: "Klarer omr.de",.. DONT_TRUST: "Ikke klarer",.. HELP_FAQ_SECTION_ONE_HEADER: "Hva er {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} gj.r det enklere . ta bedre avgj.relser om hva du gj.r p. Internett.",.. HELP_FAQ_SECTION_TWO_HEAD

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3196
                                                                                                                                                                                                                                                  Entropy (8bit):5.33513380019923
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cwMUf5ztTk0aUPDMavouzNv/lzz0TldANPQ3tBvlv0Zg0:rhtaUQWiMctBvBIg0
                                                                                                                                                                                                                                                  MD5:7635F959635490EFC057663B259EB2D0
                                                                                                                                                                                                                                                  SHA1:F0DE31FFF76CBC8D97B295AC3D9EF48A8D35CC92
                                                                                                                                                                                                                                                  SHA-256:2B862B5D5E0514761183AA6F1097131E87554AC00B83E72A911432E884EA1E57
                                                                                                                                                                                                                                                  SHA-512:3953F5BDD3FB80961E7961212CBA06E59802F86CA17B7BD733C21085BA9C58521938CC89504317C9F73A00F2A71E2FE5E4121AF5058D1034B85F835CCAA6A7B5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Help",.. HELP_FAQ_TITLE: "Veelgestelde vragen",.. HELP_SUPPORT_TITLE: "Ondersteuning",.. HELP_EMAIL_US: "E-mail ons op",.. ABOUT: "Info",.. ABOUT_DESCRIPTION: "{0} helpt u betere beslissingen over uw online activiteiten te nemen.",.. CREATE_SAFER_PASSWORDS: "Maak veiligere wachtwoorden",.. DOWNLOAD_CONFIDENTLY: "Download probleemloos",.. SETTINGS_SS_OPTION_ALL: "Laat mij in elke zoekmachine weten of een zoekresultaat veilig is",.. SETTINGS_SS_OPTION_NONE: "Niets zeggen over zoekresultaten",.. SETTINGS_SS_OPTION_SS: "Laat mij alleen in Beveiligd zoeken weten of een zoekresultaat veilig is",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Plak of typ uw URL",.. TRUST_SITE: "Site vertrouwen",.. DONT_TRUST: "Niet vertrouwen",.. HELP_FAQ_SECTION_ONE_HEADER: "Wat is {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} helpt u betere beslissingen over uw online activiteiten te nemen.",.. HELP_FAQ_SECTION_TWO_HEADER: "Hoe kan ik {0} met

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3433
                                                                                                                                                                                                                                                  Entropy (8bit):5.608809207063229
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cnWv3LDTIKXe8FDXdIzMn5VRe/8gAR+3jRsFAEEGs6L49l0v2dUPJJJZ:ZPUKpFDOIiRc7EA+lXUPJJ7
                                                                                                                                                                                                                                                  MD5:1B0655B209680EC52E7AAF564F3F1147
                                                                                                                                                                                                                                                  SHA1:A4BA7EBFBCE7724ED390272E229242059111C8A5
                                                                                                                                                                                                                                                  SHA-256:E3761E59DDBCD74B8121027392D92DAEF066E575EC896D443165D265708A0162
                                                                                                                                                                                                                                                  SHA-512:1EC9EB8C50B89F1AEAADF8157C7F02D588ACD8D665C2F6EC86B078484AF371C1807781D9903EB2489A8F3DB195D4923A188F3AD9F7CB8FE03714CA9AAF605CE8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Pomoc",.. HELP_FAQ_TITLE: "Cz.sto zadawane pytania",.. HELP_SUPPORT_TITLE: "Pomoc techniczna",.. HELP_EMAIL_US: "Wy.lij wiadomo.. e-mail na adres",.. ABOUT: "Informacje",.. ABOUT_DESCRIPTION: "Program {0} pomaga podejmowa. rozs.dne decyzje podczas przegl.dania Internetu.",.. CREATE_SAFER_PASSWORDS: "Tw.rz silniejsze has.a",.. DOWNLOAD_CONFIDENTLY: "Pobieraj bez obaw",.. SETTINGS_SS_OPTION_ALL: "Pokazuj oceny bezpiecze.stwa wynik.w wyszukiwania w ka.dej wyszukiwarce",.. SETTINGS_SS_OPTION_NONE: "Nie pokazuj ocen wynik.w wyszukiwania",.. SETTINGS_SS_OPTION_SS: "Pokazuj oceny bezpiecze.stwa wynik.w wyszukiwania tylko w wyszukiwarce Bezpieczne wyszukiwanie",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Wklej lub wpisz adres URL",.. TRUST_SITE: "Zaufaj witrynie",.. DONT_TRUST: "Nie ufaj",.. HELP_FAQ_SECTION_ONE_HEADER: "Co to jest {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Program {0} pomaga podejmowa. rozs.dne

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3252
                                                                                                                                                                                                                                                  Entropy (8bit):5.391105831619536
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cc0m2Tpgz2z24eMgUWy0/IULhYRukp+ATR8tXVfNTiWC4:wloYdMIuQ8FVfhic
                                                                                                                                                                                                                                                  MD5:2E5EF44195F8C2DF73B2E860189724C4
                                                                                                                                                                                                                                                  SHA1:320A61BA8B311BD3F621CE501BE0874BACAF95F1
                                                                                                                                                                                                                                                  SHA-256:74AE28DAB2865D432D8AF840669AFB53A37FE367B511BFCF4FAC34C82BE28A46
                                                                                                                                                                                                                                                  SHA-512:96EDE9CA7A46A4729CC3803A9A6213A83C72391007F6F619BC189231A490465FB1D923C2BF57DF9FCA19120876E769A7B627622252F718ED11787FAE750BA48A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Ajuda",.. HELP_FAQ_TITLE: "Perguntas frequentes",.. HELP_SUPPORT_TITLE: "Suporte",.. HELP_EMAIL_US: "Envie um e-mail para",.. ABOUT: "Sobre",.. ABOUT_DESCRIPTION: "{0} ajuda voc. a tomar melhores decis.es durante suas atividades online.",.. CREATE_SAFER_PASSWORDS: "Crie senhas mais seguras",.. DOWNLOAD_CONFIDENTLY: "Fa.a downloads com confian.a",.. SETTINGS_SS_OPTION_ALL: "Avise-me quando um resultado de pesquisa for seguro em qualquer mecanismo de pesquisa",.. SETTINGS_SS_OPTION_NONE: "N.o me avise a respeito dos resultados de pesquisa",.. SETTINGS_SS_OPTION_SS: "Avise-me quando um resultado de pesquisa for seguro apenas com a Pesquisa segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Copie ou cole seu URL",.. TRUST_SITE: "Confiar no site",.. DONT_TRUST: "N.o confiar",.. HELP_FAQ_SECTION_ONE_HEADER: "O que . {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ajuda voc. a tomar melhores decis.es durante suas ativid

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3264
                                                                                                                                                                                                                                                  Entropy (8bit):5.39131822590979
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:ccGmQ7XTlHUszMAqjI/O/rgZaFWCG3Ix5amxnZ:I7hHUlmwamxnZ
                                                                                                                                                                                                                                                  MD5:2C919BCF8F2EED219B35CEAB18C6F251
                                                                                                                                                                                                                                                  SHA1:7D80587256B5FC9B3DF150804CF3445601DEEBE2
                                                                                                                                                                                                                                                  SHA-256:C76DB5DAB77301013A12E89D24D2975982B7F2B3A1F8FA16E5CFBEB9A0BE35B6
                                                                                                                                                                                                                                                  SHA-512:A61BC3B00CD5F5228225F82A17EA0418E07C236B7F7439BD0D855CE7197D1F7DD71F746755F88BD1561FDA34E483FF59F9A661B0AF1314A9CF9136EE6BC9D577
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Ajuda",.. HELP_FAQ_TITLE: "Perguntas Mais Frequentes (FAQs)",.. HELP_SUPPORT_TITLE: "Suporte",.. HELP_EMAIL_US: "Envie-nos uma mensagem de correio eletr.nico para",.. ABOUT: "Acerca de",.. ABOUT_DESCRIPTION: "O {0} ajuda-o a tomar melhores decis.es acerca das suas atividades online.",.. CREATE_SAFER_PASSWORDS: "Crie palavras-passe mais seguras",.. DOWNLOAD_CONFIDENTLY: "Transfira com confian.a",.. SETTINGS_SS_OPTION_ALL: "Indicar se um resultado de pesquisa . seguro em todos os motores de pesquisa",.. SETTINGS_SS_OPTION_NONE: "N.o me informar sobre os resultados de pesquisa",.. SETTINGS_SS_OPTION_SS: "Indicar se um resultado . seguro apenas na Pesquisa Segura",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Cole ou escreva o URL",.. TRUST_SITE: "Considerar site fidedigno",.. DONT_TRUST: "N.o considerar fidedigno",.. HELP_FAQ_SECTION_ONE_HEADER: "O que . o {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "O {0} ajuda-o a toma

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4697
                                                                                                                                                                                                                                                  Entropy (8bit):5.05412449617714
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cgyp6VTFkLeMF+TXVjM/2m9VzTUmw9+WTnoXTAqsS:LVRkHARMH4TnoDAqsS
                                                                                                                                                                                                                                                  MD5:73032437E73E7447AE70F9A44FEBCDC0
                                                                                                                                                                                                                                                  SHA1:1940D1CADF5E329593E97D26214646860ABE90BC
                                                                                                                                                                                                                                                  SHA-256:1E821A5862C6DEF65373A430903135B76356437EAB854F8414A0FBDD4B15879C
                                                                                                                                                                                                                                                  SHA-512:AB6F68D3E05307CC3E7FFCE6B017E1A873748875DBB712BC97E081B11659266458CA51015EB07193124E007BE3772F70F5D9ADAB670B88D4AE8036265D996D55
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: ".......",.. HELP_FAQ_TITLE: "..... .......... .......",.. HELP_SUPPORT_TITLE: ".........",.. HELP_EMAIL_US: "..... ........... .....:",.. ABOUT: ". .........",.. ABOUT_DESCRIPTION: "{0} . ... .........., ........... ..... ......... ........... . ..........",.. CREATE_SAFER_PASSWORDS: "........ ........ .......",.. DOWNLOAD_CONFIDENTLY: "........ ... ........",.. SETTINGS_SS_OPTION_ALL: "........ . ............ ........... ...... .. .... ......... ........",.. SETTINGS_SS_OPTION_NONE: ".. ........ . ............ ........... ......",.. SETTINGS_SS_OPTION_SS: "........ . ............ ........... ...... ...... . ..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3534
                                                                                                                                                                                                                                                  Entropy (8bit):5.654635030313481
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cwP+i9HTsGeKlMMUjY3n8BEM/f0vlJuOquLlXElBfoWagWpWrdimER7r+05+1s0T:cwPb9HTcKaMUy8aM/sX0ajnecmSr+HT
                                                                                                                                                                                                                                                  MD5:5F9B7CA900708D3D00AC53624C5A0E81
                                                                                                                                                                                                                                                  SHA1:B709D60FD41769D76BD06665D02DBE9296C83468
                                                                                                                                                                                                                                                  SHA-256:11F51735F5C39AB369A4D82C1315F565C500E2AF566F0991BF83A7C93FD00FE5
                                                                                                                                                                                                                                                  SHA-512:942E7EAA21F965F22786DC87DEC29DF4F47115C3971B80013CEFA447543C987F904C478EA47044E5362922EBE5E05AF2B243762BAB7197F847B4307A30F23ABF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Pomocn.k",.. HELP_FAQ_TITLE: "Naj.astej.ie ot.zky",.. HELP_SUPPORT_TITLE: "Podpora",.. HELP_EMAIL_US: "Po.lite n.m e-mail na adresu",.. ABOUT: "Inform.cie",.. ABOUT_DESCRIPTION: "Aplik.cia {0} v.m pom..e robi. lep.ie rozhodnutia o va.om .ivote online.",.. CREATE_SAFER_PASSWORDS: "Vytv.rajte bezpe.nej.ie hesl.",.. DOWNLOAD_CONFIDENTLY: "S.ahujte d.veryhodn. s.bory",.. SETTINGS_SS_OPTION_ALL: "Informova. o bezpe.nosti v.sledku vyh.ad.vania v ka.dom vyh.ad.vacom n.stroji",.. SETTINGS_SS_OPTION_NONE: "Neinformova. o v.sledkoch vyh.ad.vania",.. SETTINGS_SS_OPTION_SS: "O.bezpe.nosti v.sledku vyh.ad.vania ma informujte len v.zabezpe.enom vyh.ad.van.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Prilepte alebo zadajte adresu URL",.. TRUST_SITE: "D.verova. lokalite",.. DONT_TRUST: "Ned.verova.",.. HELP_FAQ_SECTION_ONE_HEADER: ".o je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "Aplik.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3203
                                                                                                                                                                                                                                                  Entropy (8bit):5.449178183879912
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cvh5lgT19NMMgHg8/9WQqRZt8JZZmVau8KP8jvv/FUD8VSr:BhlmJXPdSD8VSr
                                                                                                                                                                                                                                                  MD5:91776C4DCE4AE25054106EAAF0E5CF82
                                                                                                                                                                                                                                                  SHA1:04FDBCF9D80AF17ECE34B4689B02A20A23DB5B98
                                                                                                                                                                                                                                                  SHA-256:35414C84E97DC6217F49DA76C38973E7B78CB681E1DCE619F1DFA83EEC2E1A3C
                                                                                                                                                                                                                                                  SHA-512:5943901383F207EAC4572A8FD10BDE0A52F7E7F0E04B291E594271DF46207B8C40E1F8173BF44CCE9AABBCD66E670ECE766DA40F20A749A86FB98ED9CB1FF128
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Pomo.",.. HELP_FAQ_TITLE: "Naj.e..a pitanja",.. HELP_SUPPORT_TITLE: "Podr.ka",.. HELP_EMAIL_US: "Po.aljite nam e-poruku na adresu",.. ABOUT: "Osnovni podaci",.. ABOUT_DESCRIPTION: "{0} vam poma.e da donosite bolje odluke o svojim aktivnostima na mre.i.",.. CREATE_SAFER_PASSWORDS: "Kreirajte bezbednije lozinke",.. DOWNLOAD_CONFIDENTLY: "Preuzimajte bezbri.no",.. SETTINGS_SS_OPTION_ALL: "Obavesti me u svakom pretra.iva.u da li je rezultat pretrage bezbedan",.. SETTINGS_SS_OPTION_NONE: "Ne obave.tavaj me o rezultatima pretrage",.. SETTINGS_SS_OPTION_SS: "Obavesti me samo u bezbednoj pretrazi da li je rezultat pretrage bezbedan",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Nalepite ili unesite URL adresu",.. TRUST_SITE: "Veruj lokaciji",.. DONT_TRUST: "Ne veruj",.. HELP_FAQ_SECTION_ONE_HEADER: ".ta je {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} vam poma.e da donosite bolje odluke o svojim aktivnostima na mre.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3145
                                                                                                                                                                                                                                                  Entropy (8bit):5.469555751385765
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cayPkTXsNMjOlH/PROv5eFqNzXl9Rjz8BU535tP:3Dsu/TNl9Fz3bP
                                                                                                                                                                                                                                                  MD5:8F155685D5E52273E8603231579DDEC0
                                                                                                                                                                                                                                                  SHA1:AA44AA88B9EB1CD440C22166D7542384DBF1572F
                                                                                                                                                                                                                                                  SHA-256:4D70A2F7E7F1E8083E750F82CF3832CA00B5086EE4986470B0749E7084090074
                                                                                                                                                                                                                                                  SHA-512:224803062A4C68E5BC03178016F3F82149305D1DC4072424298B8CD21AF726CA44CB5196FC313FE9EF1283974589F9B187E1E45FD920BBD341507EBB0BAE2881
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Hj.lp",.. HELP_FAQ_TITLE: "Vanliga fr.gor (FAQ)",.. HELP_SUPPORT_TITLE: "Support",.. HELP_EMAIL_US: "Kontakta oss via e-post p.",.. ABOUT: "Om",.. ABOUT_DESCRIPTION: "{0} hj.lper dig att ta b.ttre beslut g.llande vad du g.r online.",.. CREATE_SAFER_PASSWORDS: "Skapa s.krare l.senord",.. DOWNLOAD_CONFIDENTLY: "S.kra h.mtningar",.. SETTINGS_SS_OPTION_ALL: "Informera mig om s.kra s.kresultat i samtliga s.kmotorer",.. SETTINGS_SS_OPTION_NONE: "Informera mig inte om s.kresultat",.. SETTINGS_SS_OPTION_SS: "Informera mig om s.kra s.kresultat, men endast vid s.ker s.kning",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "Klistra in eller ange webbadress (URL)",.. TRUST_SITE: "Ange som betrodd webbplats",.. DONT_TRUST: "Ange inte som betrodd webbplats",.. HELP_FAQ_SECTION_ONE_HEADER: "Vad .r {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} hj.lper dig att ta b.ttre beslut g.llande vad du g.r online.",.. HELP_FA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3451
                                                                                                                                                                                                                                                  Entropy (8bit):5.517767275362882
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:cUCFiIkATzMz/k1/DJMWeTc3a/B6eCVt/zes6t3K8SLcwl39cNyOA:gngIDKQ/ei/Bik39cN+
                                                                                                                                                                                                                                                  MD5:A679FE63A496141019718388B93F41BE
                                                                                                                                                                                                                                                  SHA1:23C688A4555E5D9E74EC55C4E8C389D91B3A9500
                                                                                                                                                                                                                                                  SHA-256:2BB125C0254413048BB41F43E5E1A2FC88934433AFEB43946DD976D71502F07A
                                                                                                                                                                                                                                                  SHA-512:F973DA2B927F5ADFFEE427C9943CAFF0B3FDFC570EECCD6C67CF2F734423EB8EC7003AB80C03673572339D04574854965A51CBDF00A458178C2EA26F45E5EBA1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "Yard.m",.. HELP_FAQ_TITLE: "S.k Sorulan Sorular (SSS'ler)",.. HELP_SUPPORT_TITLE: "Destek",.. HELP_EMAIL_US: ".u adresten bize e-posta g.nderin:",.. ABOUT: "Hakk.nda",.. ABOUT_DESCRIPTION: "{0} .evrimi.iyken ne yapaca..n.z konusunda daha iyi kararlar alman.za yard.mc. olur.",.. CREATE_SAFER_PASSWORDS: "Daha g.venli parolalar olu.turun",.. DOWNLOAD_CONFIDENTLY: "G.venle indirin",.. SETTINGS_SS_OPTION_ALL: "Herhangi bir arama motorunda bir arama sonucunun g.venli olup olmad...n. benimle payla.",.. SETTINGS_SS_OPTION_NONE: "Arama sonu.lar.n. benimle payla.ma",.. SETTINGS_SS_OPTION_SS: "Yaln.zca G.venli Arama'da bir arama sonucunun g.venli olup olmad...n. benimle payla.",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "URL'nizi yap..t.r.n veya yaz.n",.. TRUST_SITE: "Bu siteye g.ven",.. DONT_TRUST: "G.venme",.. HELP_FAQ_SECTION_ONE_HEADER: "{0} nedir?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2969
                                                                                                                                                                                                                                                  Entropy (8bit):6.138061744885662
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cii4bo8iTBSeLHzMP0jnlOe/50vovlun8uTAlHWx3sMvZpSIOeN5SfKj0gPBFlpW:cii4boXTNHzMP07we/OQvl08GN8oZkII
                                                                                                                                                                                                                                                  MD5:099FF0A2D163F4BD42BF7D0B81AA1280
                                                                                                                                                                                                                                                  SHA1:A153027E4B93478EAA75ADC5ECFF468E7801CDCD
                                                                                                                                                                                                                                                  SHA-256:91215BE8F51D46536B4284C43BDD48115246B3DCDC80ED537F9FF7FEA4F76815
                                                                                                                                                                                                                                                  SHA-512:7A058E418229A21072B536195B83C4619C2474215D2D2589A5B13D4041825E0A88C532DBCD6F6C70209616AC13FABBFADB2F46343003DAD7ECFB46193D07452E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "..",.. HELP_FAQ_TITLE: "...... (FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: ".........",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0}.................",.. CREATE_SAFER_PASSWORDS: "........",.. DOWNLOAD_CONFIDENTLY: "......",.. SETTINGS_SS_OPTION_ALL: ".....................",.. SETTINGS_SS_OPTION_NONE: ".........",.. SETTINGS_SS_OPTION_SS: "...................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "..... URL",.. TRUST_SITE: "....",.. DONT_TRUST: "...",.. HELP_FAQ_SECTION_ONE_HEADER: "... {0}?",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0}.................",.. HELP_FAQ_SECTION_TWO_HEADER: ".......{0}?",.. HELP_FAQ_SECTION_TWO_CONTENT: ".

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3046
                                                                                                                                                                                                                                                  Entropy (8bit):6.142381589154048
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cjEUAb0CTgSztJYMreb0j9ruR/o0v5uJufDeQO1LDohNp+i6Zj5dCQU8+N/Sog5:cjpAbxT2Mru0p6R/TBmWDVMz7fU/N/Sn
                                                                                                                                                                                                                                                  MD5:074DB446200882DC25777107B6384B08
                                                                                                                                                                                                                                                  SHA1:FEF487B0C540A925C08098FA9331EFF94B4A69F9
                                                                                                                                                                                                                                                  SHA-256:D959C314F52F516351B042A629153D4883B75A344DF6E3606D390DCF46A061BC
                                                                                                                                                                                                                                                  SHA-512:C8F4DE094CECF6B1DF5568C6CE88917583F9FDEA1CE2203A90F7611C08012393C4FDF70DFA62DCE3E0D5E7249C5197D13F0B89358D2FA44FC19E2073BAC2AAF8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOptions_ = {.. HELP: "..",.. HELP_FAQ_TITLE: "..... (FAQ)",.. HELP_SUPPORT_TITLE: "..",.. HELP_EMAIL_US: "...........",.. ABOUT: "..",.. ABOUT_DESCRIPTION: "{0} ..................",.. CREATE_SAFER_PASSWORDS: "........",.. DOWNLOAD_CONFIDENTLY: ".....",.. SETTINGS_SS_OPTION_ALL: "....................",.. SETTINGS_SS_OPTION_NONE: "..............",.. SETTINGS_SS_OPTION_SS: "...................",.. SETTINGS_DEFAULT_TRUSTED_TEXT: "....... URL",.. TRUST_SITE: "....",.. DONT_TRUST: "....",.. HELP_FAQ_SECTION_ONE_HEADER: ".. {0}.",.. HELP_FAQ_SECTION_ONE_CONTENT: "{0} ..................",.. HELP_FAQ_SECTION_TWO_HEADER: "......... {0}.",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3708
                                                                                                                                                                                                                                                  Entropy (8bit):5.703528964625756
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Kar2MPa6uw0VE2HYP9ouKQaMF2B8KVj5YVj8L7:K8zb0VE24FfKQXF2B8a3
                                                                                                                                                                                                                                                  MD5:3494487177BC568440687E563727CD20
                                                                                                                                                                                                                                                  SHA1:6BD9A3866BFB06BB24653DD0D172E6BF16F99137
                                                                                                                                                                                                                                                  SHA-256:13B6F42AE50C82C7CFD663E611CD164C9648AFF45254A656A0864E0399925FD8
                                                                                                                                                                                                                                                  SHA-512:917972BC21446EDCD94DA6A51E2E55339C044E6B0213EEEE0B0CD3404430C33B855DAD459E61A082904BAB1EFA202063B0DBDF24D3AC6461E152BBFB55C173F1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknut.m na mo.nost {0} dokon..te nastaven. programu WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Povolit roz...en.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nejste si jisti v..e uvedenou zpr.vou? Bu.te bez obav . va.e soukrom. je v.dy na.. hlavn. prioritou.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Pokra.ujte kliknut.m na mo.nost {0}. U. to skoro je!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Povolit roz...en.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "P.i p...t.m vyhled.v.n. budete po..d.ni o proveden. akce {0}, abyste dokon.ili nastaven. funkce Bezpe.n. hled.n..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Ponechat zm.ny",.... SETTINGS_OVERLAY_CONTENT: "Klikn.te na zpr.vu {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Bylo p.id.no roz...en. McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otev.ete nab.dku prohl..e.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3577
                                                                                                                                                                                                                                                  Entropy (8bit):5.4381316543356615
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:AqjTIrwTeQCMF0yt0nWmumEbX0B57Oye2wos/ctmwufpsdb4jHpsd9rijTl69:JIsdCMYnWmnEc7FxtmwipsGpnm
                                                                                                                                                                                                                                                  MD5:28EA768E62D0CECAF2A798C26713AAE6
                                                                                                                                                                                                                                                  SHA1:FBAE91590AD6C25E08CE6B32B8D3F5C2BE265955
                                                                                                                                                                                                                                                  SHA-256:702DD8ED83AC00AB37A10D67EEE210304C8E4F668FA105EC10421AF1D0E2B04F
                                                                                                                                                                                                                                                  SHA-512:8E5CD8B418FB47AB97BE7528C6DDF90A30ACB10A7532427D699B1E119E1CACE0D348F0C003DCCA8E42B5BB64622C80E3FD910CCA669A4F935F482E8C79558A28
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klik p. {0} for at fuldf.re konfigurationen af WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktiv.r udvidelse",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Er du i tvivl om, hvordan du skal forholde dig til ovenst.ende meddelelse? Bare rolig . dit privatliv er altid vores h.jeste prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klik p. {0} for at forts.tte. Du er n.sten f.rdig.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktiv.r udvidelse",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "N.ste gang du s.ger, bliver du bedt om f.lgende for at fuldf.re konfigurationen af sikker s.gning: {0}",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Behold .ndringer",.... SETTINGS_OVERLAY_CONTENT: "Klik p. meddelelsen {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-udvidelsen er blevet tilf.jet",.... INTRO_OVERLAY_CONTENT_1: ".bn menuen i Edge for at konfigurere Web

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3813
                                                                                                                                                                                                                                                  Entropy (8bit):5.419432609242921
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:KClwI7loU8z+JpKGZVp978ACtA6YI2l46D6sITl2klcuu:KUToUfZVp978AmA6Rw46D6sIp2+I
                                                                                                                                                                                                                                                  MD5:C214253921C6E52DCD0AC6FF79AADD47
                                                                                                                                                                                                                                                  SHA1:A3471DD61C1D67DD2F02B26C4173EDA5DE64DDA6
                                                                                                                                                                                                                                                  SHA-256:CD77F017C8445C5C7F6DD2C4052F5EA18FB0945E85754E2AAAE4B8A4D26C258D
                                                                                                                                                                                                                                                  SHA-512:3C9E6E2A9D56A7363729A21BCC902A5D914884EBFC81FA53F886DF88A52DDF23CA3478CB267E3F4A093EB96F49541DF58F83320231AED0DA8D07F9A43254E088
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klicken Sie auf {0}, um die Einrichtung von WebAdvisor abzuschlie.en.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Erweiterung aktivieren",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Sie sind sich unsicher wegen der oben angezeigten Meldung? Keine Sorge . der Schutz Ihrer Daten hat bei uns h.chste Priorit.t.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klicken Sie auf \"{0}\", um fortzufahren. Fast fertig!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Erweiterung aktivieren",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Bei Ihrer n.chsten Suche werden Sie aufgefordert, auf \"{0}\" zu klicken, um die Einrichtung von \"Sichere Suche\" abzuschlie.en.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".nderungen beibehalten",.... SETTINGS_OVERLAY_CONTENT: "Klicken Sie auf die Meldung \"{0}\".",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-Erweiterung wurde hinzugef.gt",.... INTRO_OVERLAY_CON

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5373
                                                                                                                                                                                                                                                  Entropy (8bit):5.070299580240164
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:E8VKRGASgEB4JcgBf05IdgKDy/ZZnEX89+92w5vzLz2Ww9xVH1pxvTSFPolGbBb+:PKUYel5agUIM392dF9xVV/vT2Kc9xKUa
                                                                                                                                                                                                                                                  MD5:BACBC1D5E0914A3C6AF3F48AE3342A74
                                                                                                                                                                                                                                                  SHA1:263AAF299F5EF7E6B07BEEAAB545CF879849920C
                                                                                                                                                                                                                                                  SHA-256:1BA38788D09FE24CA410EA52478D47C68AF479DC07EC9D73EC0ACB0D7CCD062A
                                                                                                                                                                                                                                                  SHA-512:A17DAEB1B3B9E379F09CBC5AE71199D1C8E1EB6BC79B974C70F3A22CA8CAB303A76EB025BCB96A91C77961E899C61C51BC1362151410B79DB0AAAEE2EC009AE3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "..... .... ... {0} ... .. ............ .. ....... ... WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "............ .........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "... ..... ........ ... .. ........ ......; ... .......... . .. ........ ... ..... ..... . ...... ... ..............",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "..... .... ... {0} ... .. ........... ...... ..........!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "............ .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "... ....... .... ... .. ...... ........., .. ... ....... .. {0} ... .. ............ .. ....... ... .......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3473
                                                                                                                                                                                                                                                  Entropy (8bit):5.459958570168688
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:hX+nTmLZpNvS6qfKmtBBiNgsbjBLNZoIJon512xyQy6ihdt7+Jb:FpfqfKwegw7jen2r
                                                                                                                                                                                                                                                  MD5:F1541B7543D1B58F8450D90F26C8A1F9
                                                                                                                                                                                                                                                  SHA1:C60F2CC25705314748F15DD0DB4370C0AA1BE60A
                                                                                                                                                                                                                                                  SHA-256:15E645C99927E9BC5144F85748198A66F20E521EEFAA07680C22751C25A03B6D
                                                                                                                                                                                                                                                  SHA-512:ADBFBBC5C52D41C11EB1E6AC1CDD86697DCCA60D867135002115F55F7E0A481B4C964F9B54E2FE69F99F106CD2782FCA200D1FFF5825BA67A4262A8B07D7E7BA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Click {0} to finish setting up WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Enable Extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Unsure of the message above? Don't worry &mdash; your privacy is always our top priority.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Click {0} to continue. You're almost done!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Enable Extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "The next time you search, you'll be asked to {0} to finish setting up Secure Search.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Keep changes",.... SETTINGS_OVERLAY_CONTENT: "Click the {0} message.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor extension has been added",.... INTRO_OVERLAY_CONTENT_1: "Open the Edge menu to start setting up the WebAdvisor extension.",.. INTRO_OVERLAY_CONTENT_2: "Avoid risky sites while you browse, shop, and stream with free web

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3561
                                                                                                                                                                                                                                                  Entropy (8bit):5.428699764656758
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:795vs3WVLAOOxYqGEsU9b5TaBl/t6/Pv5nQe:7LvKVk3U9tTa/E/PBQe
                                                                                                                                                                                                                                                  MD5:3C79C69B2C22D26FF28399D34DE7244A
                                                                                                                                                                                                                                                  SHA1:44269FDACFF10657BB535DEC8A58970363D0ED5D
                                                                                                                                                                                                                                                  SHA-256:752AC43D21870A09E7758B3F8014BF8795823052480969722D33812A5A91015C
                                                                                                                                                                                                                                                  SHA-512:D7FAA306590BE82964C9D6808749095685049E59DE66D5F09942B9E602CF9EA2867D2140BECA40AEB2AEF95ECCA9DEDC924C4D9B130B1CEAB398DC69C471A5CC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Haz clic en {0} para terminar de configurar WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Habilitar extensi.n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".No est.s seguro del mensaje de arriba? No te preocupes; tu privacidad siempre es nuestra m.xima prioridad.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Haz clic en {0} para continuar. Ya casi has acabado.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Habilitar extensi.n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La pr.xima vez que realices una b.squeda, se te pedir. que {0} para terminar de configurar la b.squeda segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conservar cambios",.... SETTINGS_OVERLAY_CONTENT: "Haz clic en el mensaje {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Se ha a.adido la extensi.n McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Abre el men. de Edge para empezar a configurar la extensi.n WebA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3447
                                                                                                                                                                                                                                                  Entropy (8bit):5.410709621150699
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:78BzdBs4G8LY3WBrDACAOuN0/4L9U1m4yxO2loA5nAQ1m4M0j+wbTcO1zPOE+sQQ:7qs4c3WBLAOuAd6j9bTNbOEQyNxe6x1v
                                                                                                                                                                                                                                                  MD5:02E227C0A2260F7811015371C94BE888
                                                                                                                                                                                                                                                  SHA1:3AC50CB97E7896022C8F0B2AC0F43C1560D9E54B
                                                                                                                                                                                                                                                  SHA-256:EDFC8AC3A79DF1E6926F9C12B1DA2E84BAF4788F4F4FF4CA493B9275F5D1C066
                                                                                                                                                                                                                                                  SHA-512:84E89B310B57E0D89B5E8664A07C65FABE4CFB14838A44014A6FC9DB929FDBC5D024C4D3796AF93A19F5B41F99CF537295E11A15F62E6139B7B316405BA3083A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Haz clic en {0} para completar la configuraci.n de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activar extensi.n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".Tienes dudas sobre el mensaje anterior? No te preocupes. Tu privacidad es nuestra prioridad.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Haz clic en {0} para continuar. .Ya casi terminas!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activar extensi.n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La pr.xima vez que realices una b.squeda, se te pedir. que {0} para que termines de configurar la b.squeda segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conservar cambios",.... SETTINGS_OVERLAY_CONTENT: "Haz clic en el mensaje {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Se agreg. la extensi.n de McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Abre el men. de Edge para comenzar a configurar la extensi.n WebAdvisor."

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3511
                                                                                                                                                                                                                                                  Entropy (8bit):5.432546603738584
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:PNyeWArmSSL0jMwX/Bz7N208N2Kv7qw0qhah7ddaXETuMgPl+5UAeWS/:PMYGwvBz7Np8N7wj1ddaUi145UAm
                                                                                                                                                                                                                                                  MD5:FAE7C899880D70456F2E2D99A31E7975
                                                                                                                                                                                                                                                  SHA1:D5FD039F6DDF84D4C023B5866DEB3599340A6960
                                                                                                                                                                                                                                                  SHA-256:F6EB64989E13613B9D26D008FC19BBD9B7F6B13DF67B1B65EE51F4D28C61A0FB
                                                                                                                                                                                                                                                  SHA-512:21AF0BB16F1B3DF483D82AF7E18A93010C828CE89479A206B46772A121E0077903116A845821B3252C0B91B96A35A350DC130C28BBFE360CFB9A6DD378660124
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Napsauta {0}, jotta voit viimeistell. WebAdvisorin k.ytt..noton.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ota laajennus k.ytt..n",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Etk. ole varma yll. n.ytetyst. viestist.? Ei h.t... Tietosuojasi on meille aina t.rkeint..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Jatka napsauttamalla {0}. Melkein valmista!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ota laajennus k.ytt..n",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Seuraavalla hakukerralla n.et pyynn.n {0} Suojatun haun k.ytt..noton viimeistelemiseksi.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "S.ilyt. muutokset",.... SETTINGS_OVERLAY_CONTENT: "Napsauta viesti. {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor -laajennus on lis.tty",.... INTRO_OVERLAY_CONTENT_1: "Avaa Edge-valikko aloittaaksesi WebAdvisor-laajennuksen m..rityksen.",.. INTRO_OVERLAY_CO

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3808
                                                                                                                                                                                                                                                  Entropy (8bit):5.389338411621855
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:RvCshWLo4LeWU3EWP8/41QYd2WwawjOk51nBXwQw81NimwIu4W8u4kVusr6p:hVt3EWPmWFwawSkpgQNYmwIHbHMry
                                                                                                                                                                                                                                                  MD5:1F96946C13815EB6CD1E20E44B18A05D
                                                                                                                                                                                                                                                  SHA1:FC5CAD8B9845E785A269F4D712915F551056B037
                                                                                                                                                                                                                                                  SHA-256:1795FC59D9BD7AC80EFB6402409DCDD46631D89D74189F702233FFD4705045E3
                                                                                                                                                                                                                                                  SHA-512:AE3EED80D12F9E03C8D8ABA3136D5022C520E2FE637DDF0714E2DD9A26145C805A93E917C4251C62E363F41052246E609437AA5B329A15694C71059DC30F502D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Cliquez sur {0} pour terminer la configuration de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Vous avez des doutes sur le message ci-dessus? Ne vous inqui.tez pas. votre confidentialit. est toujours notre priorit..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Cliquez sur {0} pour continuer. Vous avez presque termin.!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prochaine fois que vous effectuez une recherche, l'action suivante vous sera demand.e pour terminer la configuration de la recherche s.curis.e.: {0}.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Maintenir les changements",.... SETTINGS_OVERLAY_CONTENT: "Cliquez sur le message {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'extension McAfee. WebAdvisor a .t. ajout.e",.... INTRO_OVERLAY_CO

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3820
                                                                                                                                                                                                                                                  Entropy (8bit):5.393348134441983
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:q4Hj53EWP1ww63K2z1gUYmwEF2HfuVHfuf40x:q4HywPUYZ0C2N2f4m
                                                                                                                                                                                                                                                  MD5:33EE13908D070DBED590450A9815B52E
                                                                                                                                                                                                                                                  SHA1:25003D88A2F5BC645D0DEFB542CCCAD747961E40
                                                                                                                                                                                                                                                  SHA-256:1705E86C82B145515126D3FCB4B80A3D493582055DDE8E413487648D6F5107BE
                                                                                                                                                                                                                                                  SHA-512:BD3FBF1D845F73772D707677C7139A46F4598B4C30D64562B1BE2BF99B9A07253D67F6623E5F329280F04D33187F02E8C53F418EF4F71214F2AC96673E381F10
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Cliquez sur {0} pour terminer la configuration de WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Vous n'.tes pas s.r du message ci-dessus.? Ne vous inqui.tez pas, votre confidentialit. est toujours notre priorit..",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Cliquez sur {0} pour continuer. Vous avez presque termin..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Activer l'extension",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prochaine fois que vous effectuerez une recherche, il vous sera demand. de {0} pour terminer la configuration de la recherche s.curis.e.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Conserver les modifications",.... SETTINGS_OVERLAY_CONTENT: "Cliquez sur le message {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'extension McAfee. WebAdvisor a .t. ajout.e",.... INTRO_OVERLAY_CONTENT_1: "Ouvre

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3559
                                                                                                                                                                                                                                                  Entropy (8bit):5.502984682934437
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:iKtsjv9hNkY6z3qRQRMmCxgFXNNXxXlU201Ii8cb:iKev9I3oQRMmCxgFXNNXxXlv0ii8cb
                                                                                                                                                                                                                                                  MD5:50D2065FA485C0DD1B43F24FE3C98210
                                                                                                                                                                                                                                                  SHA1:D9C06221D3B5D7670B4B47247C8E2EB8E170B54A
                                                                                                                                                                                                                                                  SHA-256:61CF75B4DDBDA34BB10A9F0D3F9EE471E859711F29231887D4FFD03FC5D0590B
                                                                                                                                                                                                                                                  SHA-512:02839970F247AE48738AC898CEB6EA1C43837E2157846D7AFE289D01EED147DC213E48B2801C3467E858FC7888D1FA74E1D833CA62CAAACE29FF45062C067CDE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite {0} kako biste dovr.ili postavljanje WebAdvisora.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Omogu.i pro.irenje",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Niste sigurni p.to zna.i gornja poruka? Ne brinite . va.a privatnost je uvijek na. glavni prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite {0} za nastavak. Skoro ste gotovi!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Omogu.i pro.irenje",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Sljede.i put kada budete pretra.ivali, od vas .e se tra.iti da {0} da zavr.ite postavljanje sigurnog pretra.ivanja.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Spremi promjene",.... SETTINGS_OVERLAY_CONTENT: "Kliknite poruku {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodano je pro.irenje McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otvorite rubni izbornik za po.etak postavljanja pro.irenja WebAdvisor.",.. INTRO_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3871
                                                                                                                                                                                                                                                  Entropy (8bit):5.605970565233804
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:BjeL2klA7qs9fOpTbYFBbyN6t6rksl9EJky2twp+2mTpT+2:x7qwmJLrksTE74lf
                                                                                                                                                                                                                                                  MD5:67A92D709F88E2783C8F8AEF7B8B7D38
                                                                                                                                                                                                                                                  SHA1:A296CB8CD6DFE346B46D17DC74A2580CE68B49B9
                                                                                                                                                                                                                                                  SHA-256:BF358F095606236F58E0C367FF1DEB87976D9237BEE07DEE30EA83BBBE337167
                                                                                                                                                                                                                                                  SHA-512:9BC38A71A719809F484B69CEE95BC63A1AAC370B45BFCF588ECBB21DFA56E1CB9DDC7C1ACF9363A9C55CDE622C202D02E1A1A757F29E12BAECD1EE7B6E5DD169
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kattintson a(z) {0} lehet.s.gre a WebAdvisor konfigur.l.s.nak befejez.s.hez.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "B.v.tm.ny enged.lyez.se",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nem biztos a fenti .zenetet illet.en? Ne agg.djon. Szem.lyes adatainak biztons.ga a legfontosabb sz.munkra.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kattintson a(z) {0} elemre a folytat.shoz. Majdnem k.sz.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "B.v.tm.ny enged.lyez.se",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "A k.vetkez. keres.sn.l megk.rj.k, hogy fejezze be a Biztons.gos keres.s be.ll.t.s.t ({0}).",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".rizze meg a m.dos.t.sokat",.... SETTINGS_OVERLAY_CONTENT: "Kattintson a(z) {0} .zenetre.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Hozz.adta a McAfee. WebAdvisor b.v.tm.nyt",.... INTRO_OVERLAY_CONTENT_1: "Nyissa meg

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3451
                                                                                                                                                                                                                                                  Entropy (8bit):5.348340753731105
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:9wwjU923wJglntrSojRUym/tDu477DuKqougwwCZ7JBw/r11Aw+yFGxMfJ/QxM9i:9w0wJWteojRUyUw5Jaw5+/3Aw+ydJPw5
                                                                                                                                                                                                                                                  MD5:A2CFF2E2DD1598F0A0CA46EFCCCB2443
                                                                                                                                                                                                                                                  SHA1:76BB9CF06F0D18CC34A816EA354472252580576F
                                                                                                                                                                                                                                                  SHA-256:BC3199D0C90E4C6D0A27C28D8423C1262D578A9BDDFDC739A18732222C4707E8
                                                                                                                                                                                                                                                  SHA-512:34917EF5FB1C9A766240E2B26E4EBAE07A3512AA22FB8E07542CCD78E69A769A8AD75BEBBAF0518A5467725B564683C47B9E5CBEECFE6AA5926A7141498E1751
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Fai clic su {0} per completare la configurazione di WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Attiva l'estensione",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Hai dubbi sul messaggio mostrato sopra? Non ti preoccupare: la tua privacy . sempre la nostra priorit. assoluta.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Fai clic su {0} per continuare. Ci sei quasi.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Attiva l'estensione",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "La prossima volta che effettuerai una ricerca ti verr. chiesto di {0} per completare la configurazione di Ricerca sicura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Mantieni i cambiamenti",.... SETTINGS_OVERLAY_CONTENT: "Fai clic sul messaggio {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "L'estensione McAfee. WebAdvisor . stata aggiunta",.... INTRO_OVERLAY_CONTENT_1: "Apri il menu di Edge per iniziare a configurare

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4710
                                                                                                                                                                                                                                                  Entropy (8bit):5.646354476497411
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:5mF9hGIitPqUUJnILJn90N3l3QLzb3Nl3CprHEwPbbDiabGdtiDR9hG3sEl:5mF9hC91nQmLzTNoprH1b3JbctiDR9hk
                                                                                                                                                                                                                                                  MD5:5E4CDB82DA217D1D4DD72B0872A3BCB0
                                                                                                                                                                                                                                                  SHA1:F9D6C09464770771ABB54B7D61CF16CD673472A0
                                                                                                                                                                                                                                                  SHA-256:847D5CFB31F71F7D215D97A12397EBB181B9B5802E0EE5859AD8E94B495BD006
                                                                                                                                                                                                                                                  SHA-512:BEDD6E357D9BA53ECC7DBFF65444FC498358B96C34163F166C7CE266C1072E0A7ECCA6D4B22A2F569832591D1A8987E9F67D9C9B89C41D6399FF7732991D0A2B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "[{0}] ..............................",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "..............................................................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "[{0}] ..................",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: ".........[{0}] ........... ........................",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".......",.... SETTINGS_OVERLAY_CONTENT: "......{0}.......

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3733
                                                                                                                                                                                                                                                  Entropy (8bit):5.890401246526406
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:QYCvdMrjNB9ZGI4BGSS1FdMUB2dgSG36cBJsg57AB2vCC1vyqtYIvdalf:36ynuBGpFyUBkYBJsmcB2ZGQYlf
                                                                                                                                                                                                                                                  MD5:98C15C14F762399F4FF9F8D9E048F2E6
                                                                                                                                                                                                                                                  SHA1:2A9D0FD84501DC4093BEE69AA9BC428C9824342E
                                                                                                                                                                                                                                                  SHA-256:8FD50E1A9DAD1A6EEC53060E74F049B1CE96CC982024647A0B0B6A8725C333EB
                                                                                                                                                                                                                                                  SHA-512:1BC5742DF9A125D2DEF86D8005E87B9EA79378539215B58D36E93D519B01DC5532E9E3D1D3957A08E252C19AD68D048426EBD73BAA13896C6F144D278A88CBC3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "{0}.(.) .... ...... ... .......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: ".. ..",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: ".. .... .... ......? .... ..... ... .. ... .. ... ... ......",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "..... {0}.(.) ....... .. ........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: ".. ..",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "... ... . {0}.(.) .... .. .. ... ..... .... ......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: ".. .. ..",.... SETTINGS_OVERLAY_CONTENT: "{0} .... .......",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. ...... ... .......",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3225
                                                                                                                                                                                                                                                  Entropy (8bit):5.454970547992806
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:JQjwncYXavDKvukfwlPpu1pHSTpJMpGqZn:6jwW5p2pHYpJMpGOn
                                                                                                                                                                                                                                                  MD5:E7D31466659BFE662A74A3EBFC1115F7
                                                                                                                                                                                                                                                  SHA1:C8ADCD390083C649C941FA41AA921A9C9D08A08C
                                                                                                                                                                                                                                                  SHA-256:25F12BC56B2EF7010C71651B02B81EE7B3905D2F4F33C78C8E2E40490CB1C81D
                                                                                                                                                                                                                                                  SHA-512:888BF572B035F9E9994901C43418A189D9BE4035F3124A7C03E33E470CB2B2BD9A08BB9C749AC1F0A9F0CFD6AC150119D7F9A6B0153EB70C3BEE2110912483E0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klikk {0} for . avslutte oppsettet av WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktiver utvidelse",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Usikker p. meldingen over? Ta det helt med ro; ditt personvern er alltid v.r topp prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klikk {0} for . fortsette. Du er ferdig om et .yeblikk!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktiver utvidelse",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Neste gang du s.ker, vil du bli spurt om . {0} for . gj.re ferdig oppsettet av Sikkert s.k.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Behold endringer",.... SETTINGS_OVERLAY_CONTENT: "Klikk p. meldingen {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-utvidelsen er lagt til",.... INTRO_OVERLAY_CONTENT_1: ".pne Edge-menyen for . starte oppsettet av WebAdvisor-utvidelsen.",.. INTRO_OVERLAY_CONTENT_2: "Unng. risikofylt

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3315
                                                                                                                                                                                                                                                  Entropy (8bit):5.3846972061624845
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:hYNSUmrH9+LhVyH81/nxxM3P7zLFSOXYNXwBxrcB5w7qTF951eUq5j6YUNGUFUO:qWoM81/3czLFLYNa4BO7qTB38/pO
                                                                                                                                                                                                                                                  MD5:3CDC10A95FF36F2FF2EADEDF828B80F6
                                                                                                                                                                                                                                                  SHA1:A77CCEBC0430740856E958119D42DC2A60B0C21B
                                                                                                                                                                                                                                                  SHA-256:5B368A6EC4FD691B3EC759F9A8EF06573343BE0562616A6A9A43B64A42160C38
                                                                                                                                                                                                                                                  SHA-512:B76FF410AFCB6C98975F300AC6F2FC05381B56E33A6A4A3119075A12B978FB3D4D7C0156290D29C838C7601F2A6030FB1FB67B2AE13CB5200E5C40947E7F7690
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klik op {0} om het instellen van WebAdvisor af te ronden.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Extensie inschakelen",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Twijfelt u over bovenstaand bericht? Geen zorgen: uw privacy is altijd onze topprioriteit.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klik op {0} om door te gaan. U bent bijna klaar!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Extensie inschakelen",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "De volgende keer dat u zoekt, wordt u gevraagd om {0} om het instellen van Beveiligd zoeken te voltooien.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Wijzigingen behouden",.... SETTINGS_OVERLAY_CONTENT: "Klik op het bericht {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-extensie is toegevoegd",.... INTRO_OVERLAY_CONTENT_1: "Open het Edge-menu om de WebAdvisor-extensie in te stellen.",.. INTRO_OVERLAY_CONTENT_2: "Vermijd risi

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3592
                                                                                                                                                                                                                                                  Entropy (8bit):5.652266864021974
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:UMCvtaaOZWKfNNz9KqIbQUZW9TRNcWRlP+im+oS+oGIUwI0qUIX:UMC1aaOIxbQUI9TRpR95mhShnUB0qUIX
                                                                                                                                                                                                                                                  MD5:62917B9DE7549FF092647AE612BE657A
                                                                                                                                                                                                                                                  SHA1:3F37A32CA957BD472ED8A9579F68C95436B071E7
                                                                                                                                                                                                                                                  SHA-256:113358A4B5D1A9AA51848B0B1DC07DB55CB875EDF03D3AEA4334505A8436716C
                                                                                                                                                                                                                                                  SHA-512:AFB1445443A148A74873D3FF9164B9048564EABC112F996C2C1B30FC34F9FB755AB02EE245A8C6A76292F9F13437F3D785870ACA5F92BA11C003A295970CFCC4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknij przycisk {0} aby zako.czy. konfiguracj. funkcji WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "W..cz rozszerzenie",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Nie masz pewno.ci co do powy.szego komunikatu? Nie martw si. . Twoja prywatno.. to dla nas zawsze priorytet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknij przycisk {0}, aby kontynuowa.. Ju. prawie gotowe!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "W..cz rozszerzenie",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Przy nast.pnym wyszukiwaniu pojawi si. monit o u.ycie opcji {0}, aby doko.czy. konfiguracj. Bezpiecznego wyszukiwania.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Zachowaj zmiany",.... SETTINGS_OVERLAY_CONTENT: "Kliknij komunikat {0}",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodano rozszerzenie McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otw.rz menu przegl.darki Edge, aby zacz..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3368
                                                                                                                                                                                                                                                  Entropy (8bit):5.411669618684015
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:tBRKXbIv/U8cc0dGvgObgbIc1JS+RUkf8gy:tg8ccqsXcPSsUkfDy
                                                                                                                                                                                                                                                  MD5:F3E28D951D1347B5A8E92C686628CB32
                                                                                                                                                                                                                                                  SHA1:9F76F49E5E1BC175194C714953A69C89E2544814
                                                                                                                                                                                                                                                  SHA-256:F14E02B7D183DE9DFBE613E62C1D95AEC35C79B85E6DD4A0D2BC5FC90A775C49
                                                                                                                                                                                                                                                  SHA-512:4AE8B5A92287AC1A0AAE979D478C6CFD5AAC0765165CC26A80074C92A71D718521760778D581D9ACC6C4125ACB905F299EC9DE14CC19C88E0F73F42765BD25FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Clique em {0} para terminar de configurar o WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "N.o entendeu a mensagem acima? N.o se preocupe . sua privacidade . sempre nossa prioridade.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Clique em {0} para continuar. Est. quase terminando!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Na pr.xima vez em que pesquisar, ser. pedido que voc. {0} para terminar de configurar a pesquisa segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Manter altera..es",.... SETTINGS_OVERLAY_CONTENT: "Clique na mensagem {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "A extens.o McAfee. WebAdvisor foi adicionada",.... INTRO_OVERLAY_CONTENT_1: "Abra o menu do Edge para come.ar a configurar a extens.o do WebAdvisor.",.. INTRO_OVERLAY_CONTE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3444
                                                                                                                                                                                                                                                  Entropy (8bit):5.414333938149512
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:tcgHxIKIF/UyvFz7d+J0b5H3JgJSgnD2L+vl:tfHzC/V15gggnD2Kt
                                                                                                                                                                                                                                                  MD5:25E2F44C6CD133B099B9F49FE1E60070
                                                                                                                                                                                                                                                  SHA1:7DE934C907E2286A9CDF98E0F1EAAC95D301ACF9
                                                                                                                                                                                                                                                  SHA-256:1A96F565DBEA0224CA713BA4869BAEE11AFC04BB9A796E7615FC31BB1ED2740D
                                                                                                                                                                                                                                                  SHA-512:D69ED7B55A8E9179AECC3F9ACFF7C9E0C65E3E2F240FDF17C52E473E8AA52921B0B6B2F79730F45AB246470B95798C2B72D4780F8CE317AFA1B32F0FC0DBF003
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Clique em {0} para terminar de configurar o WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "N.o tem a certeza sobre a mensagem abaixo? N.o se preocupe: a sua privacidade . a nossa m.xima prioridade.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Clique em {0} para continuar. Est. quase!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Ativar extens.o",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Na pr.xima vez que pesquisar, ser. pedido {0} para terminar a configura..o da pesquisa segura.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Manter altera..es",.... SETTINGS_OVERLAY_CONTENT: "Clique na mensagem de {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "A extens.o do McAfee. WebAdvisor foi adicionada",.... INTRO_OVERLAY_CONTENT_1: "Abra o menu do Edge para come.ar a configurar a extens.o do WebAdvisor.",.. INTRO_OVERLAY_CONTE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4888
                                                                                                                                                                                                                                                  Entropy (8bit):5.13322206660522
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:km1cmOcoujLEUXirQfZVaSy/lcv8xv0pv6eyH5Z6LX6L0YA5ANvPuYV1kwgkebON:bSP52Z7Iqv8IvzSt/vPuYV9gkbEYZfB
                                                                                                                                                                                                                                                  MD5:8464FBF4B026D2ED80F0C4C406E7DB03
                                                                                                                                                                                                                                                  SHA1:B1F71D1678AD41C5213AD0789382C1918BCF33BC
                                                                                                                                                                                                                                                  SHA-256:498A6AFEC80C15A24AADEDB4DFA19F2ED0E406E2340E629FCCC0B7543779FE79
                                                                                                                                                                                                                                                  SHA-512:06490FD967349776FC20B1D2F885DBA5D8C5294A0C46E670D391734AE6A37506A692E471B72840CFC644658AB2E921C0F523F82AE374E72E2B866C1526EBE1DD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "....... {0}, ..... ......... ......... WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "........ ..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "............ . ......... ....? .. ............, .... .................. ... ... ....... ......",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "....... {0}, ..... ........... ..... ......!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "........ ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: ".. ..... .......... ...... ... ..... .......... {0}, ..... ......... ......... ........... .......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "......... .........",.... SETTINGS_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3645
                                                                                                                                                                                                                                                  Entropy (8bit):5.654582138744028
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Za1q+c5nLPgGcp7rGEaqHNGXaGWSnEBCh:Za1CcGcpPGEaoNGXaGWSnEBCh
                                                                                                                                                                                                                                                  MD5:D10BEE9E2F24452E61B7A38AC9602318
                                                                                                                                                                                                                                                  SHA1:36FD48D7854941D6FEA720879521870C443BD773
                                                                                                                                                                                                                                                  SHA-256:5A8F4621170505932A81F6542DB54ADE13C822689D4A3C488CE306B2EAE2CB62
                                                                                                                                                                                                                                                  SHA-512:F2CE9C24A0719F3FD919B5A63DA614310034D6810A605123D24A81A0017EB3EDBF3A675A7DE8689DBD715F9D23104396FBFC13062133BF91A9162A2DE7A7270F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite na mo.nos. {0} a.dokon.ite nastavenie slu.by WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Zapn.. roz..renie",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Neviete, .o znamen. uveden. spr.va? Nemus.te sa b.., va.e s.kromie je na.ou prioritou.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite na mo.nos. {0} a pokra.ujte. U. to skoro m.te.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Zapn.. roz..renie",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Pri .al.om vyh.ad.van. sa zobraz. v.zva {0}, aby ste dokon.ili nastavenie funkcie Zabezpe.en. vyh.ad.vanie.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Ponecha. zmeny",.... SETTINGS_OVERLAY_CONTENT: "Kliknite na spr.vu {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Roz..renie McAfee. WebAdvisor bolo pridan.",.... INTRO_OVERLAY_CONTENT_1: "Otvorte ponuku Edge a spustite nastavenie roz..renia We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3448
                                                                                                                                                                                                                                                  Entropy (8bit):5.5258323663503175
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:bOKu5rhXVaOiD7jvSrPKPq/BhedVJDBDKOTV08Eyj8GmS4kSOhi7ICcX7E0o7X7D:CKwa7ruIwBho7Pjxm+FhiJcrERrEzt92
                                                                                                                                                                                                                                                  MD5:DB2429854408F47C39CFF58EA2234126
                                                                                                                                                                                                                                                  SHA1:660AD2F6EE59019DAB2A4AFA3024BC13E88ACA4F
                                                                                                                                                                                                                                                  SHA-256:195CDCA022E9B3FEDEF21654E14E2248FD03619D31E005D33F96A3EB0DA5EB16
                                                                                                                                                                                                                                                  SHA-512:14647E139504DA336355937B1BF2290D7D0F3EEB69A8F6C7A6362C2D3056157A7CAE900AB7E75EA27950E7D0B8587C5C93295BA48605C0668790E3E9C7F0B620
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Kliknite na {0} da biste zavr.ili pode.avanje WebAdvisor-a.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Omogu.i ekstenziju",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Niste sigurni u gornju poruku? Ne brinite . va.a privatnost je uvek na. glavni prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Kliknite na {0} da biste nastavili. Skoro ste gotovi!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Omogu.i ekstenziju",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Slede.i put kada budete pretra.ivali, od vas c.e biti zatra.eno da {0} da zavr.ite pode.avanje bezbedne pretrage.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Zadr.i promene",.... SETTINGS_OVERLAY_CONTENT: "Kliknite na poruku {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "Dodata je ekstenzija McAfee. WebAdvisor",.... INTRO_OVERLAY_CONTENT_1: "Otvorite rubni meni da biste zapo.eli pode.avanje ekstenzije WebAdvisor.",.. INTRO_O

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3419
                                                                                                                                                                                                                                                  Entropy (8bit):5.535488804632093
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:XLtr87bPTBKfvmX6L9AvAMbEFGt9M+WRRZJ1aq3CTCc2ZeGd6J:btkPdKfvLLGS3NDZje
                                                                                                                                                                                                                                                  MD5:F5C16637BF72EDD5743D0C5F3D6117CE
                                                                                                                                                                                                                                                  SHA1:2748DB9C7C37737CAFD521B7CF2A67A719FB3E15
                                                                                                                                                                                                                                                  SHA-256:9DBE42068BEFCE8987CCFF69EB582A0BCFF6F16C04CF471F4320F59AF5266780
                                                                                                                                                                                                                                                  SHA-512:639FD3D8B7F588BB7796BA59BD90DFE7515FC5A5358EDB0051B47CD14C4EE69FD26E707AC74236C573245BFDD6FF4283FCED919EF4C38A740941650D9057CC43
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Klicka p. {0} f.r att slutf.ra konfigurationen av WebAdvisor.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Aktivera till.gg",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Os.ker p. ovanst.ende meddelande? Oroa dig inte . din integritet .r alltid v.r h.gsta prioritet.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Klicka p. {0} f.r att forts.tta. Det .r n.stan klart!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Aktivera till.gg",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Du blir tillfr.gad att {0} f.r att slutf.ra konfigurationen av s.ker s.kning n.sta g.ng du s.ker.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "Beh.ll .ndringar",.... SETTINGS_OVERLAY_CONTENT: "Klicka p. meddelandet {0}.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor-till.gget har lagts till",.... INTRO_OVERLAY_CONTENT_1: ".ppna Edge-menyn f.r att b.rja konfigurera WebAdvisor-till.gget.",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3505
                                                                                                                                                                                                                                                  Entropy (8bit):5.560477366213013
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:8gTrSRlazqTSoc8T4mq+pxP3yfK2XsCzjW3A/O20q3kJ:LMTSzUtCBwDJ
                                                                                                                                                                                                                                                  MD5:DE09C051CBC5D0A16DE9646EB1DD573F
                                                                                                                                                                                                                                                  SHA1:60676A3E60A7B84C021BFA46D897C294E4948CF1
                                                                                                                                                                                                                                                  SHA-256:F6245E1A4A8B807F1782B5F38A7E9B21D9FD8076AECC2180663CC1594402E9AE
                                                                                                                                                                                                                                                  SHA-512:62774122610B9237794AC5A1FEF3B228FA1211CCAA73A095B903EAB3DAC2643A01ED1EDA63B5045DA74208E57D002917C7756C1D47D8A3BAFD9EA14F313DB7A7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "Web Advisor kurulumunu tamamlamak i.in {0} ..esine t.klay.n.",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "Eklentiyi etkinle.tir",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "Yukar.daki mesajdan emin de.il misiniz? Merak etmeyin . gizlili.iniz her zaman birinci .nceli.imizdir.",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "Devam etmek i.in {0} ..esine t.klay.n. Neredeyse bitti!",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "Eklentiyi etkinle.tir",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "Bir daha arama yapt...n.zda, G.venli Arama kurulumunu tamamlamak i.in {0} i.lemi istenecek.",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "De.i.iklikleri koru",.... SETTINGS_OVERLAY_CONTENT: "{0} mesaj.na t.klay.n.",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "McAfee. WebAdvisor eklentisi eklendi",.... INTRO_OVERLAY_CONTENT_1: "WebAdvisor eklentisinin kurulumuna ba.lamak i.in Edge men.s.n. a.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3122
                                                                                                                                                                                                                                                  Entropy (8bit):6.212538664409796
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:6UrfcU6lnW9tyEQeLJrcwfrZaq0KSVnUUJfQpr1Z8y:6UrkF0t2excYzSVnUU9Kr1ZZ
                                                                                                                                                                                                                                                  MD5:945847BBCB1913BC9C9D5A165DB0F995
                                                                                                                                                                                                                                                  SHA1:F2BF3225E8B318BC8A1FBF68BE20CBBED4864167
                                                                                                                                                                                                                                                  SHA-256:38674F155AC95729FC671ED29B48AE19D69FBB0D6EB6A2BCAE49E19F39D4D3C4
                                                                                                                                                                                                                                                  SHA-512:A72415C4BA1530063EF7CCBDB3934DD746944664ECC29A40BA1CCE4CE584A0EC65D3995E9FEC1195A3069CB39EAF81D95F8E000D509E0BDC501EB2C220735877
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: ".. {0} ..........",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "...............................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: ".. {0} .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "............. {0} ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "....",.... SETTINGS_OVERLAY_CONTENT: ".. {0} ...",.. SETTINGS_OVERLAY_CONTENT_BOLDED: ".... ...........",.... INTRO_OVERLAY_CONTENT_1: ".. Edge ................",.. INTRO_OVERLAY_CONTENT_2: "..........................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-overlay-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3232
                                                                                                                                                                                                                                                  Entropy (8bit):6.28804097658073
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Fnm6KjBr0E5eC+WKA4DKoYwWAV85brkeUwmxm3VBpRBpG2m6xCG:JbM5dtKPDVfeZrkRwGm1pDbB
                                                                                                                                                                                                                                                  MD5:04F2F159FD84A76DAAA10031A812ABA8
                                                                                                                                                                                                                                                  SHA1:15B3F23697F56F0F0A1C4079E24BA050145D19C3
                                                                                                                                                                                                                                                  SHA-256:D511D934188402B3919DE4C77617E3C5FA5C52F5B542789BFA0A811840BFDA07
                                                                                                                                                                                                                                                  SHA-512:7E8EEA213CD528F52A6F4A143E2C06CA200E02370577004C11024452E72C48AD782578FE8FC5FCC5EB0D17F07E0B164C032FA286001C8A58F0D2BA17A27927AC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrOverlay_ = {.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1: "... [{0}] ... WebAdvisor ...",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_WA_CONTENT_2: "...............................",.... ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1: "... [{0}] .........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_1_BOLDED: "......",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2: "............... [{0}] ..........",.. ENABLE_EXTENSION_OVERLAY_SS_CONTENT_2_BOLDED: "....",.... SETTINGS_OVERLAY_CONTENT: "... [{0}] ...",.. SETTINGS_OVERLAY_CONTENT_BOLDED: "... McAfee. WebAdvisor ....",.... INTRO_OVERLAY_CONTENT_1: ".. Edge ........ WebAdvisor .....",.. INTRO_OVERLAY_CONTENT_2: "...............McAfee .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.483185986771839
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHP2cnmsWmQjdp:CRsyeBmWfV8ZSXSH7msWnxp
                                                                                                                                                                                                                                                  MD5:8A55E0A184A07C8A6847AEF2A3480C2A
                                                                                                                                                                                                                                                  SHA1:A0AC4E07A3DC7D69A6DE0CE5C18CE13FD57DD84F
                                                                                                                                                                                                                                                  SHA-256:856B51574ADF626B7190520C9C03441B4CFBEC34E66AE3270B6BA3A89A270764
                                                                                                                                                                                                                                                  SHA-512:A71AA6EF132A4C87B241CD268C3861DAD729A112EB60FBD2D0DCB9F8FFD3AF223DA13BC443F5317C77AA2D85A90F9226CB281032737F9999549507F79A15FE9D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//779B7FF97A347B2B60B9C695E9510C17D732EBB76D59FB261483CFA334C621BE432AAB53CC8D1E9E3D32EE1F9DE1586783006FB0F10AC2E82CFD3DCE40D484F1++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.470363467852289
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHjaLch8jQo3R/Jis:CRsyeBmWfV8ZSXSHj+Jjnt8s
                                                                                                                                                                                                                                                  MD5:68CE7E2CA2C47EFB97C447E9B1555BD6
                                                                                                                                                                                                                                                  SHA1:B0F3ED0ACA62EF41D101BCEB756565E70B541F5D
                                                                                                                                                                                                                                                  SHA-256:F6BEF1984BED66D908CD004B9B9D07CF00BA3DB3C169B17D672226633875CBE6
                                                                                                                                                                                                                                                  SHA-512:5E990CA464B56A08F0023FDDC197184283B847DEA21DDA98A2473098B643BDB5B88DEAB352FCB647AB0AA6FACF080469A0D3A7361168C74D44D18E68BC53CF45
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//C58CD5D0DDDA0BDC3DDF95C3EA647DCF210034D40B8A2B3C776FEF41796B0E506655473CC23984412910551A66AA79BB51A1AA5DC1EF9BDEF91A3545A14F32EE++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.464304293445782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH9gycgUUFoNaG5:CRsyeBmWfV8ZSXSH9gycMoP5
                                                                                                                                                                                                                                                  MD5:C7B219EC86DC401B23495DF92086686C
                                                                                                                                                                                                                                                  SHA1:64AC08BCC0E0F74D003EB965854B68F0CF7C396E
                                                                                                                                                                                                                                                  SHA-256:209FD86CEE00B85E500254C88FF405C5BFE10D324B0ED5E8D65ACA037ACD371B
                                                                                                                                                                                                                                                  SHA-512:86BEA1580AB20D690A99D6AF5D9FF6B9AAA5BDFED5E0FB42961E6ED23D44E4A7F89919031F614242C2B95A600B57A9B6EC60555D9927263B6F37727A3BA30112
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//11871E1444B5EFB64FDE040E276FDD5B610839D185910EB29BBAB0ED1DEE4C24CAFBB75A5B372E4ABFAEAA47CC45C0D31EF9508B835F6CB656F85E78CF829BFF++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.476492001999947
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRNuSwTu0GYOjW:pCPR+2cyeBmNEfSU8ZpoXSHquSXxyx99
                                                                                                                                                                                                                                                  MD5:56ACFC1DD811AD98D55879ED590E39A4
                                                                                                                                                                                                                                                  SHA1:5E5AE245F1600D0AA8F3C00C3DD1CEC41FF12981
                                                                                                                                                                                                                                                  SHA-256:2577A8EC6214327D469C6947FBEE3F627B5F1A1C7AAE6DAF79B61790DA402724
                                                                                                                                                                                                                                                  SHA-512:FCE2EAD90CBFBC2CFBA7842FD273EA9BB286E35B9C755A058A72E4ADC77FCD3CA1F4DC2932AD327BD1706FA02062A78D72BE3EBB2BB270E17EDF7DA66DCB9594
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//10A2AB7B43469BA25D1F69F13AB4C89B1A6A923B76FA2735C6BBFD3E1A30A4900FB12D4B2255D5ED08309C091724C51DBC83AC985FFC5D3B909DBD20E9BC0D53++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.483670313619899
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH280rSTVY3hd3:CRsyeBmWfV8ZSXSH+rSTVMh1
                                                                                                                                                                                                                                                  MD5:100F55A1A3DC968EFC26DDE73747FD87
                                                                                                                                                                                                                                                  SHA1:9DC3BBE79C82004FA1415B216D636E8C352779E1
                                                                                                                                                                                                                                                  SHA-256:7FD3C0E53C3CA5902FCE6D3C55E511EB29B9E1E4AA7CCF9610D692B194673EE5
                                                                                                                                                                                                                                                  SHA-512:9011528745B64B61DCA221AD55409B7F6D00195F47FCAB9384B467DAA6D10C398AADCFFB91B10C3C028C6E704A3EE1FD3ABA87F9579679CDB1C7519ADBEC4147
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//538533566FD1B9F5834362C7400758216C8737D085235B9E67B16E51DBE93F49D97847BE5BEFFEF8FA52BCD4E329FB7F8924585922B952AFB50DC98B8D5B6A8F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.4774614387651965
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHd8XIrv9tOYgEoj:CRsyeBmWfV8ZSXSHFrVwnj
                                                                                                                                                                                                                                                  MD5:5A402B5245FB541EA65C3C2ED575CF07
                                                                                                                                                                                                                                                  SHA1:30DA35F4D0ED12EB4CE927ED38D3F864EA2436B9
                                                                                                                                                                                                                                                  SHA-256:37D1E6393D86A7C8CC3888DD52FA30144F1A25831CA70716353CFEB005289BB4
                                                                                                                                                                                                                                                  SHA-512:6027308D33D201A298C5F40ED2ED375D99DB86ECE763B02AE460F78FE4A53A6724FF172E9A19C7FAFB5F1C5D3386ABD2496B0827AFFA9CF3F2F7493198380ADB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//49EF530EB3DA9A6889B72D369EDA9388CB601DD1B256148A7BCA5F055B02F4FAF8794A168DEDFF4E313D64C58C08D434E98B5DB85FA187BAE38D567DD473747C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.46410718057219
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHnNgHIUhZyMB7:CRsyeBmWfV8ZSXSHnyoUhZj7
                                                                                                                                                                                                                                                  MD5:F11DD951A4A0FEEE66F504B6F4A9E050
                                                                                                                                                                                                                                                  SHA1:5479885497E55472DF16689E2A72431F3EC65A90
                                                                                                                                                                                                                                                  SHA-256:CAC7FCC119F603D3209E606A13D4A8CCE1C1E7A4AF7986BC9762D01BA32D8D16
                                                                                                                                                                                                                                                  SHA-512:766B7F15C6B81B35612E24354D852E0A2FD1E6BDE9B848501BE5EF3B168A425F7CE9E716C622B1FC2DDCF1D8FA677145DDF3BD582A6E09EA2559FB25EA8B19AD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//6DBF9FBB37BB8547C23A00B408DFD5CBB8C9AD32D4D729539ACA64F0791E5891CFFBF35FDDB73A87B691112CA5BEB7DCBE008B8FA383F9DDD360293CA3E873C9++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.492592530316645
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHQSDBMtCIQB3:CRsyeBmWfV8ZSXSHQSlxB3
                                                                                                                                                                                                                                                  MD5:D27E51178B6CB12F7E2F723D058A9A1C
                                                                                                                                                                                                                                                  SHA1:5F9389CC1B9D99C23FDFFD79E50EEDB3FC324671
                                                                                                                                                                                                                                                  SHA-256:7E441138B08DB093B139815FB3E21D3809188BCF79CB4A1AE713A252BDEFF4DF
                                                                                                                                                                                                                                                  SHA-512:8F9EBB48F37519AD08590B8BFDA8B499B176B7F9AAAFBCD3CF26CAAE03E17EBAAD3D8A55C9AB1B60BC8004FD7B7A319B98E5452AEA2FDF62630FF30B06A9536A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//96448B1DF0CDFDEFA2055FD03D1354E1DF3B828E0A83026E0FA0FA0A300FC1F397F87814BF7782828DD4CA6AD45F73769B2A1461592B39597D2F9ADF7BAF8A3D++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.4578323481596085
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHXNMt3vgmdO:CRsyeBmWfV8ZSXSH9tn
                                                                                                                                                                                                                                                  MD5:69D6F26C5B12666C309F63AC3B2CDC80
                                                                                                                                                                                                                                                  SHA1:961FD14E2295D0D607D94DDF49C6B45CCAFC52D6
                                                                                                                                                                                                                                                  SHA-256:BB3EB893857EC7C6660E5C0DF53E9D08EAE83E65DD1CFB0F6C862C5B278DBE5D
                                                                                                                                                                                                                                                  SHA-512:DCDD6E6120E897CDE77A049415F2509CE6FDB6AC02FB1B54366A16FCCEBE51DAA3CBF5A4FBF67582C8CA077A7226DD2AB07C0DA7DA98B70261C7BE8E95AF8778
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//B825D07F236C9CBEAE089DFBF837BE2C3EFB400BC36D743EA83BD789EBF2609F9B75C5460DC4C2BB358D2EB01E04AA63BFE05A937DFAE33DCC2104C717AFD4E6++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.46207116731783
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRndCFqWf5h+rk:pCPR+2cyeBmNEfSU8ZpoXSHtFqg+rv5G
                                                                                                                                                                                                                                                  MD5:2E6FCD5DDB734322FBA066499382B954
                                                                                                                                                                                                                                                  SHA1:8736E82A7E77E09A9DDA64302FF55312D439C6B6
                                                                                                                                                                                                                                                  SHA-256:5765AB76060D562767F40D35822052B85F3D171D32478821B15E585E54C095DD
                                                                                                                                                                                                                                                  SHA-512:5A653BB7CC863387FF6D2B150E5F04CC5B452E4B37B75FF0EDF8C8EC76327C56F67C14C36AA067470942D80EE3F267F0A088484091C445A826E378206E85E50E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//48FC58BE02F6C12E9428DA51AE23662687C2F8DE207F3C277B89099A62861089EB66F2E94EA5DBC3DCC826FB5CFB7D6A02E9E532B35D13BDAD1D0DCC952D2399++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.456480118474768
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHORfkjyhh5MGigjqX4Sh:CRsyeBmWfV8ZSXSHORfn4GiZp
                                                                                                                                                                                                                                                  MD5:5EABA7C98C02265CDE1FB5EBF6CF9A40
                                                                                                                                                                                                                                                  SHA1:A4ED9BDCD9490BC4CC60E2743ACFC87B9E3EE693
                                                                                                                                                                                                                                                  SHA-256:1DB2AC3D031C03426CECF0C8A2B92578888DE604E62A5F2D642CA9EA9C3D3366
                                                                                                                                                                                                                                                  SHA-512:B456E348FB0AAE0CEC76D09DE428444649A2D5D8FD3F05E59DFDC6D1F7582000965893E2727FE149DD5A1A0FBA184B34CCC7FE62C30A1977A17A5EE1D720DC8B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//EEEDE7711DCA6590F99E7AF95AD32C88D88FBF57A6199760608887CCD2D9241AA15A8BA3CF78716E2DC1450FFF5FAB81AFD2799AD25FF38FC95DFEC736A28277++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.485651449071428
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHerozhKnCvwgF:CRsyeBmWfV8ZSXSHerC8Y
                                                                                                                                                                                                                                                  MD5:4CFBA2943AEC00CF3AC0F668DEEFAE1C
                                                                                                                                                                                                                                                  SHA1:B5D9BF4A8CE44999FBAF7A98758D587EC1016879
                                                                                                                                                                                                                                                  SHA-256:890E743E14006E8489157356D99D29D4F01E27CA283858AB0D84098BB522964D
                                                                                                                                                                                                                                                  SHA-512:E6CF38772EFBA67A5CD6ADDDBAB3DEE8E9D9F2393EFBCAFB6F14C4B10A1A6D3C6C1ED633C9EAE3361EB6E1DEBB11912F6F225A88A3186C4DB08016E2311648C5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//90EB780E16E8F65109458C1F86600208E13B07963E86071D5A9E1A29BFA4207CDA49DB66B367C3E4988699E55FB4094BC3F99498D5A8DE1CF9EDF62B86324A02++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.4743818470449295
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHoUlTvHcx1CTd/gQyO:CRsyeBmWfV8ZSXSHtycWQd
                                                                                                                                                                                                                                                  MD5:BDFF501C8E0FD793C9BB763D9C80CEDD
                                                                                                                                                                                                                                                  SHA1:F1FB7F3E9C7856094869D1AF2A73AF8457DD47BA
                                                                                                                                                                                                                                                  SHA-256:57E0D1E58AEDBA759D4C2FCFB60B62E6EEFB8C4D7D23D83366BA016006354935
                                                                                                                                                                                                                                                  SHA-512:43BEDB6029375DDCA9A5BB0CAB61B3110B80A8BB76F907332F53B152CF7BF8224C9708E938D34A6F53DBB5C7097170FF7F762BB008E0A30BFABB1E06F9FCCCCA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//198FC54EDE5D4DDFC0D1FB64FA7C3506E942E8826476BB919A06CE23D48B976D4D8D895EEB23735FFB1CA10B42D3612B78F90EEF39EEB6E7CC14393C73339859++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.475935258072216
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHrXqrjfgiWb74k:CRsyeBmWfV8ZSXSHMfgj
                                                                                                                                                                                                                                                  MD5:A0FA25412DD8F6B1642AEAB0C2B43A5C
                                                                                                                                                                                                                                                  SHA1:5D848F134B0FA49A6A9D79F51268DD46FCE984B8
                                                                                                                                                                                                                                                  SHA-256:6CB94F12C952A2919864F82F7655A4620FD6E546AE1E3CCA7B58D734210F5C70
                                                                                                                                                                                                                                                  SHA-512:0D9506C51A7A17D1AE9E0EE16CA71C955DB47B51224C54E7A83E2C9009A90C8A4A6DB057F82ED20167EA5C267FBB9A30DA50D8FE371C2708DA02A78F0D621BE9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//882A8F5DB2A0DBAF151EEB31B0D0AE06ED48BF60C78560F1A2EA8CA497AC4CD1DE1D0A4B6F934F54222F868298EA1B13594073882DE67FD43AFC30AD85C2AF35++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.495942385043319
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHPCRUxRCjmaS:CRsyeBmWfV8ZSXSHPCyxRC6J
                                                                                                                                                                                                                                                  MD5:50AB36BB209778F1C55CB5654D46334C
                                                                                                                                                                                                                                                  SHA1:A41546FF370A12AA41A279A321FCEC4E068328A9
                                                                                                                                                                                                                                                  SHA-256:D80CAEE10B16DEC90606E13724EDDD1B2944D219B2D553D388C4A815FB57C4A3
                                                                                                                                                                                                                                                  SHA-512:1A294716DF9FFD71532330395AFDCA704B93E7282DE1ADE6373D7D1E23972D46C34840C041E343B768A89B7C44D7613A1383AB19A547EBEB3D364C366E2F347C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//6F72F5C6915409203EC6C8F9EA50428B23E0C0273A6ADA6171053584A0B457F90ACB9904EB312411D3E573F53F22B5972DFA94254D4696E096C4535A02336385++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.469004306713551
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRHGC+zfeVDo8o:pCPR+2cyeBmNEfSU8ZpoXSHnzCo19B19
                                                                                                                                                                                                                                                  MD5:FBC234726DAC88382EF2C15DC96D0848
                                                                                                                                                                                                                                                  SHA1:6B70C0C9F92F3DB4A6FD03049A453D6481BB3CBC
                                                                                                                                                                                                                                                  SHA-256:C0FFAF02B0A499EE09496AE58C04C73DBF387CEB611890E2B3C154A3D788BE5E
                                                                                                                                                                                                                                                  SHA-512:12B092B5926DAAB4E8FBEEE24AED2B1FC830996A4D2CD10BBF100433C1F5EB36E1521515F7E1F3B031F5961A143FD0033A382AF66F0BC1B4C14805928C559B11
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//86A984FD038693739ECF3A9F7D76445D3D6A0ADD7B8EC77DD64A59D78DF249BFF53785D7720226AA6E34704D4346A56C6DB98D3223D16D022C62E3BD0B9F17A6++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.4738843132819595
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRkmdU6d67eeyp:pCPR+2cyeBmNEfSU8ZpoXSHIdma84T
                                                                                                                                                                                                                                                  MD5:0B4BD9B6B2F45C327AAC05A8C6A8082C
                                                                                                                                                                                                                                                  SHA1:41720B1C989F5AB1726C275A7E1ABEB83717F539
                                                                                                                                                                                                                                                  SHA-256:1CF758BEA8F6D3149A73E81BCA1418286D37F5FB02FFE136F125848FCB5B02F2
                                                                                                                                                                                                                                                  SHA-512:70837F65DEBB8FF916980C49D64F62468691DC4E166695B81A61F76E17A56E93A426C111961DDD4D9A1AB59331F29B009C2B2F05F32099BA58377E1E88CD814E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//A15C599ADD02FC398C10860BC0ECD1178EEE2186F59EB012C3C741A00204898956A0F59FEAF41E1661BBCA71D782D8FAF0E41FF7814809BD51CA6294B3F9A79D++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.470036256437061
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHH1dtKmwShBc:CRsyeBmWfV8ZSXSHH1dtKmwShi
                                                                                                                                                                                                                                                  MD5:044338D6F9E8275912F89814B2F30059
                                                                                                                                                                                                                                                  SHA1:DEA5721CC6F951B83CB0F662BA23E1B85E16C727
                                                                                                                                                                                                                                                  SHA-256:25801D244DD567C93558EB917FF5E18D1FD8E76D73983995DE07E0125E1A084A
                                                                                                                                                                                                                                                  SHA-512:EFCDDE83DE6083F7CF4B380B34A34DD50E95593CE5F64DE479C7ED649B961BC6CFF90E08E47E5D5024E92FFE29B2D9F352521A4FEA669208A980FB2199BEC509
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//8BD368FDFFB4EA20079B3E2C1276507EFFE5C7EFF4B8E3C7210CA0B9BF42A8B3203034E29CFD180F2481BF316EBEAED76C7CAEB96095901CFB69D82D3F9A61FD++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.422792541724916
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHjZRjgWRpk2CDD:CRsyeBmWfV8ZSXSHjjgWjJAD
                                                                                                                                                                                                                                                  MD5:682B9901E2904079F13F266C64B08E0C
                                                                                                                                                                                                                                                  SHA1:6C01EE55020FD9BC1B76B3B4B01D0E84A713D211
                                                                                                                                                                                                                                                  SHA-256:71258219C7357066CAED9F9111C17C338FB599814EC267E48042950A81AF8045
                                                                                                                                                                                                                                                  SHA-512:BFA51E4A88AF77B695EA9837C02B812BAFFA88F5E5526947454E11DF59C763F7427D16C7D696EC0CFA7689470740964AE74A68A16206525467418DB761F964CE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//F1F9AD5C3DC2AF99BAB05513A2D5FD66E11BE4A11B157E25D3ABEA79B14AE1F93BA7C7FC97F46A773BC883EDECB3E9EAA95EA0A1A977A201E0CDBABBD9219339++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.457875816162936
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeR6M1TnN2OWYj3:pCPR+2cyeBmNEfSU8ZpoXSHNIrNZIY
                                                                                                                                                                                                                                                  MD5:BA9175971DF351154157D53355F8D440
                                                                                                                                                                                                                                                  SHA1:DAA6CAECA319BD54C283C0E4AE6FDC318BC058AE
                                                                                                                                                                                                                                                  SHA-256:EFF588E1AED4F734C17E9CEABE1175C9DF43B6BAF11EA530A779D5EF43E8D274
                                                                                                                                                                                                                                                  SHA-512:FF66ED42900F13912AE5762DEB9AC64316179EA7773F5A7191F8AE77DD17DC20C78BD9DF1F0671191D7B6120FADA39E183E414250A5FDBD6D8A5DF4E0F1E98BB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//9A982904F084236422BE18EB0F6CE060BE8E15A2068C32D1CEB00F2E1733578B343AFCD3638193FDC6FB1C10B9EB1AF162FB1FD09E8313DB8C78F0EEFB0348DF++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.459356963784258
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHjIs/DCezHEJsS:CRsyeBmWfV8ZSXSHjIs/2ezSsS
                                                                                                                                                                                                                                                  MD5:83130A13CC410DE99D8F067412667E5D
                                                                                                                                                                                                                                                  SHA1:0A9C99FEDC871BD967B76381F16D1326D735629A
                                                                                                                                                                                                                                                  SHA-256:A9F0B9178322333DBDCC7AB5244CC0323A5BA02C00EC8C7E24BB2A7D4BBA8A66
                                                                                                                                                                                                                                                  SHA-512:47ECB482C8B515EC862B8A2AA863CDFF39C7A3A44C42B0BECD62356CD1711CE2F1DBCF691C31BEE437ECC37547553D4E355CFAD7AD7715AA090DA0D132355865
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//C331E0FFE037C234BE06DE25A983DF01EAE7A2726907BDE577A72E75C66BC0E1D75C05D1777E33A16EC428177A6646DD85B0FFBF10D2C6114249BA2CA1967A5E++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.475353258660528
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH6gsYswIlMen:CRsyeBmWfV8ZSXSH6gsYswIV
                                                                                                                                                                                                                                                  MD5:3BE119FE3E6330E0730A80796B3CA9FF
                                                                                                                                                                                                                                                  SHA1:2954293A16B2CBE1EF2FAD5CD611E97C3B9C3861
                                                                                                                                                                                                                                                  SHA-256:E503EB8BDF4E4CE922257ACFCE1F15E65BDB4419EC6AA124FB27DA33AA826BE1
                                                                                                                                                                                                                                                  SHA-512:83CE7F139C87550641EB5570A84E0809AFCC13916A9432D5DB418D9F0A098359EC1C678348846E0F9A244B43686B0B7F74E87F3A3B1F998FE08C30B43644BD49
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//F43809A83B5C6EA08A744E2130B9FEC4A9A8A8F61A85AEE97C4BD2FD31F4B2EB2AD3D2A77C5B147CB6AAC69BDE3762DD5F37D4A604CF7BF5978A17ED2229F911++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.493050363802037
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHIqGzzrVB1G:CRsyeBmWfV8ZSXSHwzzpG
                                                                                                                                                                                                                                                  MD5:8E3B30D31FDF8FC9FE9B7ACF335BCB5A
                                                                                                                                                                                                                                                  SHA1:755275E4FF374B07BA8DE6FB1EF971A829B006ED
                                                                                                                                                                                                                                                  SHA-256:B281FB28BB41C86CBB1FABDF93D044D8E2A772B543C5DDB610710260F34F8DED
                                                                                                                                                                                                                                                  SHA-512:222CFBEB1C6AEAB7308FA43093A045A2BBE2023F52C70C7BC8CD99962F3F1830728B498D88711A07CFA9631E28C2C50EEC58FDEFE996B80688ADAC89415B0C50
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//82FF624D72A6FAA2B1905C65C4A98BC593FB309A2D9E577663CCCE5B0AA6B8CAC826E0748828C5629818770FEF4353B0BF07D680757117E75913F9D65BBEA409++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.451309364031569
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeR2SBuQn/I4DDk:pCPR+2cyeBmNEfSU8ZpoXSH2V3UF
                                                                                                                                                                                                                                                  MD5:9C6061A4B4E67F431AAE63D76177DF30
                                                                                                                                                                                                                                                  SHA1:24985E30FF76B0EB81D86958AB50B21D8B983977
                                                                                                                                                                                                                                                  SHA-256:287CAC7868287E4D312F69ABD48B8BA302D58CE890C2C0ED4D124DC4A6969C3B
                                                                                                                                                                                                                                                  SHA-512:BEE3636943930ECD7CCA15EAE1DCF3CCF1012ED8C1E13CCD0B4FE46135EC9D821BA7CC1228A4341F86818F85FF69E6625886FD1F6AE5F79B333766FC783CD448
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//FCB8F4F8FB73E2B27C7FD72AD5AC853E39BB1264CBE60C947817E8E265C55B9CE77C76F5D3BEA0693D3C283727FA0B23847B9A7CD174F3B7533D4ED9878C8CAB++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.449750602929413
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:qwBMgWkWKs5RR+2cKQzGJC8WKskeGedmLpEfSvc8GNKpoXb2JpeRE7Z/eAtypsRW:pCPR+2cyeBmNEfSU8ZpoXSHV5xw1O2D
                                                                                                                                                                                                                                                  MD5:3091D3A063743E6FEBEAAB42B85A0DB7
                                                                                                                                                                                                                                                  SHA1:2A89C2D454D23D0E2CB15CA3E8524C29DFB59304
                                                                                                                                                                                                                                                  SHA-256:872017EF35CD1A11F77882E025F50B91F5E80ADE678C464C3A88DB285744D090
                                                                                                                                                                                                                                                  SHA-512:5AA8FF07251A479ADDC0F538CE9FBF5B4A75214072BF008EDA3353CC59AD569A8469933FE6D79273313A216D4CA34A8C78F2F37AF57328B74035E76A4658B582
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//D7DDD596097C38BCEB0D428FF821F99EC672C17DA78CA82818190A332A4A34CC0D8DA11F3ABDCCC4B388E13444AB6E4F3F7EB8B7371E2C135D00DC35DE21CC9E++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.492530568430693
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSH/8pmXflwTfbann:CRsyeBmWfV8ZSXSH/pBnn
                                                                                                                                                                                                                                                  MD5:BF7900147A827F07120DAF5B5B98734B
                                                                                                                                                                                                                                                  SHA1:AF92B2F400CDFA17BF6CFA00A84B2B30DC1085C1
                                                                                                                                                                                                                                                  SHA-256:E0995DE32214F75522586622DDF7F7555EE0733266D7B59603C82EBEE04B07CA
                                                                                                                                                                                                                                                  SHA-512:B72188F30E381332F5248E03161C411A29D36155586D3F74D3738936A9A5424F832B6697F62D4CCCA1009A2C24341ED99089E975AECE982C2063559F34D34105
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//74EB87A572168350886A4402BAF30706D52251A02D350BB88DFCE57137F9F41ACABBE056EB94FAE308606C845930EADF1B68B396070E96BB86A52C669E11A4D1++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-pscore-toast-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                  Entropy (8bit):5.487688196631357
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:pCPR+2cyeBmNEfSU8ZpoXSHrpT+S32YwKO:CRsyeBmWfV8ZSXSHh+S32Ye
                                                                                                                                                                                                                                                  MD5:9BAAC7F78864EF3593D6102291016028
                                                                                                                                                                                                                                                  SHA1:347A5AFBF7B14A46ECADE34515F18A8D04BEC100
                                                                                                                                                                                                                                                  SHA-256:B0D898CA87EDDCC009CF0F28B70E5264236536E7ABDBE2B16EF97A12DD6F66DC
                                                                                                                                                                                                                                                  SHA-512:FA9FB05A7B188B04656D387486366F5382313FD2DBEE66287FC28D790F0EC3AF13B3D304A6431053BFD02364B8107D455B46F63C6F24570C206CD1D5759DFB2E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _pscoreToast_ = {.. PSCORE_TOAST_DESC_HEADER: "Get to know your Protection Score",.. PSCORE_TOAST_DESC_BODY: "Your protection score helps you monitor your overall digital health and safety.",.. PSCORE_BUTTON_ACCEPT: "Get started",.. PSCORE_BUTTON_DECLINE: "Not now",..}..//83ADBEB9D45332DF7BF514453B957B6917B346DBAA0DAD3454E02359A289C1E9A797B83FFEE21184837400E309739B56228E4EBFB428610B63A367BD37E76904++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):716
                                                                                                                                                                                                                                                  Entropy (8bit):5.6123995105579825
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfx6v9LuO4biqra6fMocbkLwT5zxjAHo8+9wuRToEwCWHmlva:7e9SlNLiaf4v9KO4zG6fMocWIOHo8+9G
                                                                                                                                                                                                                                                  MD5:00F4E38B48072F3869B60E0D95C2A9B6
                                                                                                                                                                                                                                                  SHA1:C8CE5CA8F175008CCBEC78275E757F62FE9C635A
                                                                                                                                                                                                                                                  SHA-256:C2D22278512E32727CB434EA10F23C86AE9C08CAF0AE4DAB02F02FCB1041BB99
                                                                                                                                                                                                                                                  SHA-512:64429F44AD0594E529C1C4CE9FFB87981790E67BAAF4CA3E704FE13C2BAE720E602E9ED2D74F3E9664A91EC6B3C1524070137732798EB8B4E830996379C3C16D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verze",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//7915940C39986F4880E6A2FBC9737543635F5A1D110ED6E3AFFDAFAB149C5AFF1703FFC9466951316626F1FBB58178AEBD100D0078DABFC21D0714D0CEEA119F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):728
                                                                                                                                                                                                                                                  Entropy (8bit):5.552900854514872
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biUvzbkLwT5zxjAHo8wN9wuRTo6NHMxracRckCdXt:7e9SlNLiafLYFv9KO4Z7WIOHo8wN9ZR/
                                                                                                                                                                                                                                                  MD5:B2C903C076A41A1737DB816018633A98
                                                                                                                                                                                                                                                  SHA1:FAD0008D1C2D4713239C3D9058685919F656B7AD
                                                                                                                                                                                                                                                  SHA-256:F525F6EAF3880731B179D85B090C0632DA0D913FC84E5E3F98071AF276259F55
                                                                                                                                                                                                                                                  SHA-512:95283B3B641A234A122386A6E7D1D8358FD5AC67F1F72262E53B028A5927B12EAF501A2D4E4B45A14014D96CAE69C0E514540CEA80686F1696901E609E14E805
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "F.rdig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//514C43E98B794D2AC98CC2A39D1794688A93B8FE872BF50CB063364579F1BEA8C13AEB945A186AC919AC0B33B114C4CDF8877E143AD3B5EDF237023A807AE010++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):695
                                                                                                                                                                                                                                                  Entropy (8bit):5.549081746702864
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bi+p3ibkLwT5zxjAHo8+N9wuRToEKQw/Fht:7e9SlNLiafLYFv9KO4pSWIOHo8+N9ZRQ
                                                                                                                                                                                                                                                  MD5:D758E0A6DA482AE0EEB46E0B8A65C9CD
                                                                                                                                                                                                                                                  SHA1:7945EA60F5AFC84819283037B2FF493CB8224C5E
                                                                                                                                                                                                                                                  SHA-256:14F8DB188A0130B264D3A34D0ADD757FD1BE3C5A5E02E581BC0A9D578F736B87
                                                                                                                                                                                                                                                  SHA-512:E93EB661D24C40DD2375B521B256EE9F3CAE01868E261B2F4ECA39CF8BE37C7C0120097DAA365B8F5503D0388FA70E8E26E1F795E27E0BA903BC5444FEF2E55E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Fertig",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9F9083EA4FDED455F3A23B016952128F280E9BB91D2498BDFC250400DD82FD928136390AEA869B7A1C014FE3C0760121E9800361A5837B39456C1EDC9746BEF2++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):750
                                                                                                                                                                                                                                                  Entropy (8bit):5.77117399690753
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kft6v9LuO4bi7XKfRWkGmbkLwT5zxjAHo8JP9wuRTol6VFB:7e9SlNLiafEv9KO4mXCWkHWIOHo8JP9t
                                                                                                                                                                                                                                                  MD5:1C8FFEDEC34AB60D998C996AC7D55462
                                                                                                                                                                                                                                                  SHA1:58B78A462590B78A421024E70D4CF89434AA7BC1
                                                                                                                                                                                                                                                  SHA-256:CBCB9411E7947D6483DF5E05D967C9531AAAA0CA3F233E86994247818540CA5E
                                                                                                                                                                                                                                                  SHA-512:83A500DDD5064EC74808E28A1544862D47FA42188E0AD57B22E0241529147261DA4AF60017EFF000ADBF88E307A6FA56C78963D73AC9A6B2536E2FD2B9D81D56
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "...... ............ .... .........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: ".....",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D7F2DA34F1B7920CDF501DA892A6EF4E0F0482D5B374A1842AA59B4D81D84459C21E6F05926E192B86431EBB5037EB33BDA11B0E22308710E9627D7E7BBDD102++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):688
                                                                                                                                                                                                                                                  Entropy (8bit):5.487912643529434
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4biqkCbkLwT5zxjmT9wuRTo/upmkI2uDiSRgC:7e9SlNLiafLYFv9KO4zkCWIoT9ZRRIk8
                                                                                                                                                                                                                                                  MD5:CC46B4069EB88FCA4183A1802345E488
                                                                                                                                                                                                                                                  SHA1:06D6CABDCD0E67EBE402C81E12963AA00E04E799
                                                                                                                                                                                                                                                  SHA-256:ADF2EC9276CD96BAA46E217DCE9586664C7DFFA22986B26596AC985D3E0C3903
                                                                                                                                                                                                                                                  SHA-512:1DD44483C0ACF7442FE1DAADF0FD3256C1099EBF63265984CEC610F8811CEAE867A1081D8BB8B9B801E08BDE0E8D7E265BA4A36536B0E47FC000E262F23B8848
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Done",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//93ECAFC6B6FA905461032E6E8DB4729D2263C0306E689F6F2ED8EBDE9DEEB34B003A93CD10F9DA8B1526F7017FC0F77DFDA6CAA0F0FEE67BE1F16FE012A4EE93++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                                                                  Entropy (8bit):5.5223212774827966
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmuXnbkLwT5zxjcglP9wuRTo2XZwfIuN1gC:7e9SlNLiafrFv9KO40AnWIqgV9ZRFQf
                                                                                                                                                                                                                                                  MD5:54A4EB2032797DD5698E222029700740
                                                                                                                                                                                                                                                  SHA1:2F7E07CEB0295F3239CE8F12E8A9D40277CDD301
                                                                                                                                                                                                                                                  SHA-256:30055D95C0B902C93AA58EDB2743B19D928212C2F7549148E79EFAA99E263BF9
                                                                                                                                                                                                                                                  SHA-512:C05E874A388172D7CD8921F4C1F9D61AC8F03D0EB53EC4CDB0ECB530461264A948560B949FE6416BEA2077440AA44F0B60F0BB0C19A986F042433E2C141CE8C6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//D637B12E35A4ABAF510C98358FC89098EE8C5F537636E86A2E74A59998CBCCEADD062E0D121A282C7F190C2006C9FEF1A0F154606AF95776592B825C8C802D02++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                                                                  Entropy (8bit):5.537604554770778
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfri6v9LuO4bicmuXnbkLwT5zxjcglP9wuRTo6mVa4V9ncmIv:7e9SlNLiafrFv9KO40AnWIqgV9ZR1QfA
                                                                                                                                                                                                                                                  MD5:AB2324AA7C6A311DC97B36ADA22046CF
                                                                                                                                                                                                                                                  SHA1:5932FD81A2126A13F7C03910E68744C7F41DE394
                                                                                                                                                                                                                                                  SHA-256:A7D4654BAE3D149D345A887A7892962793D061C9E755F251A7D19C2F564B939B
                                                                                                                                                                                                                                                  SHA-512:E538DACA1AED4E6B3273DD1388B7A0FA576CD3ABDF156DCF6C3D816F14B7516711724C77E1C98E2B672981E32558CB7DFE4E4850A634F6C021BFE84BEF1EC267
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versi.n",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de Privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Aceptar",.. DONE: "Listo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1496EF941B55F4BF4FF8C580A2561563C6BC322E226844D8B8F8BACF0FBFDA7F6BA401BFB844DE187768CB4BE50BA3807F79D92D3D499CA70EB86A09479E101D++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):694
                                                                                                                                                                                                                                                  Entropy (8bit):5.5173328903737
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfft6v9LuO4biO6EGbkLwT5zxjAHo88WN9wuRTo8M9DEXW+A29dC:7e9SlNLiafsv9KO43GWIOHo8Z9ZRnS+Q
                                                                                                                                                                                                                                                  MD5:2EFAA2FE73F61AAA9575F06A7EE25AAA
                                                                                                                                                                                                                                                  SHA1:28DB2864BC91CFEC0F615800C7C48D0954F8DE61
                                                                                                                                                                                                                                                  SHA-256:3D65ACAD9615F07267279B3C6EF547C033D37B1F55E9F393BA5F07149BF158ED
                                                                                                                                                                                                                                                  SHA-512:57D8821F7C5EFA9B630E3CB0A9CFB51E0A1BC81D8FBCECB0595FA2373B3B8AC488717516EDBE4DF07E83D372E73341BD04A3907745D7AB5C08100FE9141B5E67
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versio",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "tietosuojaselosteen",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Valmis",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//592438C477D7D5A0FCDE0A4ABEEC1E61160F3ADB96ED593D2336CB7F85A5D7ED20530ED0297802AE44966CA63AEC0B0D86E87CCF49CB09DA32283990C5157737++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):710
                                                                                                                                                                                                                                                  Entropy (8bit):5.571075904252609
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieQdbkLwT5zxjAHo8g9wuRToHcONXKvL+u9vFJ:7e9SlNLiafLYFv9KO4wdWIOHo8g9ZR2Y
                                                                                                                                                                                                                                                  MD5:B1FEF06E6DB7C7840355CFDC9E66DFA9
                                                                                                                                                                                                                                                  SHA1:1A72F5525215F467F2687052C1C107143BFBC497
                                                                                                                                                                                                                                                  SHA-256:CA51CECD55303BF09C0F9E0E8285419EED57BB2E457E906FDC06763F1AABE64A
                                                                                                                                                                                                                                                  SHA-512:0D3A8FC6D51795EBD7116CF30FE7371A01ABAC64D898045EA8BF1E22C975E2E805B9ABF2B51BCD9B12A10CC56941320869E63A818DBAEAA72764010251757171
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "d.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E31462AD7B349988780C04B0BC7C8C4421A8A65C2B0267E5BA72FC3F8BB7278C1889AB97283D655440681525FC18608C9BF44C79B9E6B01A384AB197AD90FD4C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):710
                                                                                                                                                                                                                                                  Entropy (8bit):5.544187033409281
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieQdbkLwT5zxjAHo8g9wuRTompOE6pzxcgRg:7e9SlNLiafLYFv9KO4wdWIOHo8g9ZRHN
                                                                                                                                                                                                                                                  MD5:81FF80E529C769AECE9D98592D14A500
                                                                                                                                                                                                                                                  SHA1:88D9EC34A3852BB8577FDC4ED89AD71A79862F5C
                                                                                                                                                                                                                                                  SHA-256:98DDF02B185AC2036F8EBBB6ADF9C7B4FA14FC8CA9FBD19B7FFBFEA3770977F4
                                                                                                                                                                                                                                                  SHA-512:24C932AD5D51E1B014E8BBB5371104884EC3A20530F8D6653F28D6F52F2571A2ACDF70D803EF12FA7D974DD3907632676F0BEBA0CB679D46E46D3AB7B9B3CCE7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "d.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Termin.",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//6272E90B87E22993E4A9C7AFBD1EA5F6E826D3D603124F3F6DA42CB6FD6A7CA04857CE3220935E918503D17C26ED9CE2AD48B2A2C83030EBCF9BE923DD91B71E++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):703
                                                                                                                                                                                                                                                  Entropy (8bit):5.5270598050887205
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biaBzcbkLwT5zxjHT9wuRTo4jRF4zOAkE4XG0:7e9SlNLiaflv9KO43BoWIVT9ZR774zhK
                                                                                                                                                                                                                                                  MD5:7AAE3B6206C930CD459C11C26F120447
                                                                                                                                                                                                                                                  SHA1:9B5AE66FBDE3B0E7AD58C1D69A7DAF40AACEDC67
                                                                                                                                                                                                                                                  SHA-256:8DCD9C2FB5873BB4F522C9E8209A0CD93242C1B1B47EC53166E2E03355668E1D
                                                                                                                                                                                                                                                  SHA-512:47977AC2A48626E4500E7E8A84E9843FF2C7CF5CC403AC58629B13D0DFA288BE320A48436332D0AC2FEF97D7959F14BE2DDFBB50FA35516C03070E56A694DDA3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//C5921FB8FE54F0C9BADA85486599B32A165D30DEEA2DDBC8609E4045DAA88AD032F6AB1D073C3AEC92DB86343CB0733C39A62CA3F84D756E6E086481CE8F7AAF++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):699
                                                                                                                                                                                                                                                  Entropy (8bit):5.578115457562142
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfQdU6v9LuO4bihIHmdcbkLwT5zxjAHo8Kwv9wuRToXaaMM:7e9SlNLiafQd7v9KO4k6ocWIOHo8Kwvw
                                                                                                                                                                                                                                                  MD5:BEB5960C719B090AA684968F630B674F
                                                                                                                                                                                                                                                  SHA1:30F3214BFE12A27A84BDC14446F4F57AF96E46B9
                                                                                                                                                                                                                                                  SHA-256:3851B97C8DBCFE1A9E85AB1B712E3F4B8388BFD7EC665211C83D66A59C5A8772
                                                                                                                                                                                                                                                  SHA-512:33E3874AF7AD6186532F1B5EC90156287C3D73837183EE4934D7919AA8A43145DFC6413840782E759E8B65211673AE3A8794DA424EC9B565875CEA709D6AD17F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzi.",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "K.sz",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//0D63EE19641986D9D825A8C5134A9CE24F11402D1E1B0E33B2454ACB50E4A62EF5E0C8E59D2ABEA7BF41C597CE801D9CE9A00D9E4A4FFA823C7789863F9BE63C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):697
                                                                                                                                                                                                                                                  Entropy (8bit):5.505876168763784
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfy6v9LuO4biNp7mbkLwT5zxjm79wuRToSj0hWSWzpp+8:7e9SlNLiafVv9KO4apKWIo79ZRXPzpg8
                                                                                                                                                                                                                                                  MD5:A14208DB73B39365C4D6C838776981D9
                                                                                                                                                                                                                                                  SHA1:FEB20B19EF9C58C6CC10914A9E139ECC617D91A1
                                                                                                                                                                                                                                                  SHA-256:E13248A02CC9BF468A097DBAFF0BEED57176284BD10E431E4005C525B91C8618
                                                                                                                                                                                                                                                  SHA-512:53A3E81DB1AD91A64D281AE089C8AB4526873D7A1EBBA27C93146320CB132160EF7441DDECFC715C2F28F5901E74E9B1EC02116C247C287458AE4F7DD5899373
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versione",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Notifica sulla Privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fine",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//9D53CF31538C018BAE126DDA881FFD6C157AD09EBFB4BDBA389AED758E33FCE052A61F8F331AEC363DAE8E19DA957FBD41B0D08A44EBDA2D4CDEC8D669091087++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):808
                                                                                                                                                                                                                                                  Entropy (8bit):5.7409373263357235
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7e9fLdo5ijdfA6Dlv9o4A2AWIOHo8UHv9ZR6Ued3:K9fLdICdfA49XLAWIOfUHFKdd3
                                                                                                                                                                                                                                                  MD5:28B7739A421835EB9CD88B6013D4E689
                                                                                                                                                                                                                                                  SHA1:DCF2CCD130415AC7F2C45E4495AAFC5EC976B058
                                                                                                                                                                                                                                                  SHA-256:0C69D07D25EADA8203C4207A619F31992E1EC223D9550E645E2780C4BF3C29FA
                                                                                                                                                                                                                                                  SHA-512:501684FDD4B4569C5BFB7A4F7E4C32B7FD8272E2B4961958F64B03E6B74D5767E19E17133F43A3CE5ED4DD932DE509C96C2D57F53B8C60318F03AE764A86EE0E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "..... .........",.. PRODUCT_NAME_LIVE: "..... ......... ...",.. PRODUCT_NAME_TRADEMARKED: "...... .........",.. VERSION: ".....",.. WEBADVISOR: ".........",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//26438DF7DDD1B7091ED260C5751D4A077CA382594D057744E7A18123A105135A5502DE2EC8D32B83E5301B99F1BF5EEC74B00DEF5B1B21DBF4CDBD9CC6109029++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):742
                                                                                                                                                                                                                                                  Entropy (8bit):5.82878368970307
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSd6ds63i7R6ikfV/i6v9kc4biyGbkLwT5zxjsGiFW9wuRToa+g/N0u+Ho:7e9Ed13isnfVtv9kc4sWIViQ9ZR2gl4I
                                                                                                                                                                                                                                                  MD5:53F240755A3E1938272249CCF8BD05D7
                                                                                                                                                                                                                                                  SHA1:770F628BB772CC9461CF3D234E061EA4D810B119
                                                                                                                                                                                                                                                  SHA-256:51DCD424DE086E10A9591AB85F830A8F466108F9DBBAA4B47A6DBAFB04BF2986
                                                                                                                                                                                                                                                  SHA-512:54E1024EFC0B118C78C2406FB7D92E9794A241CBDE0D122957CC2C0C9628B443EE3EB7BEB916C83AD6BA7E8A706BFC8B7A78513119902A867A3728938EDE2A50
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee ......",.. PRODUCT_NAME_LIVE: "McAfee ...... ...",.. PRODUCT_NAME_TRADEMARKED: "McAfee. ......",.. VERSION: "..",.. WEBADVISOR: "......",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//277BE604E32720DCF4BFF19AAA4CE10DDD8BABD440063659C78111528AE8B9281D266930182575EBEEBD256C8A040C4507A85B56B99FD882D9F3380D6FDEEA77++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):696
                                                                                                                                                                                                                                                  Entropy (8bit):5.566757432761514
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kf3Hi6v9LuO4biqyNLMBHbkLwT5zxjmf9wuRToQMLVXQQgAe:7e9SlNLiaf3Fv9KO4zyNsHWIof9ZRtMA
                                                                                                                                                                                                                                                  MD5:13FAE2BC4589EEB043806433697F4963
                                                                                                                                                                                                                                                  SHA1:3D8CFA01762AEE740AA79236BADF9377275C8056
                                                                                                                                                                                                                                                  SHA-256:F566A0C874B6497D4062F50ED554E5B997E4802E3B38AE70F59ED5787E39ACE9
                                                                                                                                                                                                                                                  SHA-512:0A9DA7FA70D04D7AB53E4B7965EE8B6985BA1B2F6B2BACDFBEA92958ADAED25DC469BF6CA81B17BB75F53D3F5E39EFC3828984CC2346D1AFA6E6DAD14F364025
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versjon",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Fullf.rt",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//E6C0634EF860473E5E1AC5DB56979665B177B654AF315AE120E64100E5693F76AC7D9890274062266625FE1B3B2BE60A8D8495F7A38F8C8C5EC99648483D6C21++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):746
                                                                                                                                                                                                                                                  Entropy (8bit):5.619956078029764
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfP6v9LuO4biKGCEnbkLAWB2CT5zxjAHo8CW9AWB2CuRToJI5rcn4:7e9SlNLiafyv9KO4TGCEnWtB26OHo8Cb
                                                                                                                                                                                                                                                  MD5:92F19DA62297C36C9E535BC5BF8B2F61
                                                                                                                                                                                                                                                  SHA1:4BACE2C47E227ED1FEA94EF2712745FCC7F17E2D
                                                                                                                                                                                                                                                  SHA-256:55CA92573C4E375DD2036798B34060BB822CB3B30396806A414539B5BF247474
                                                                                                                                                                                                                                                  SHA-512:7B8F12E39550B6ED65D50606D4CA8D8D52252D0527FE62538F1653339E3FCD36E16F096391D63A1A0A2FCCA1C210F16D0E79EDC0F66008D3BB0F8F12E20A69A1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Versie",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Gereed",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//85B81632B31DF611B6DB04A1F9D62E994290E36CF52C98D4DBD8811EE052DF144CC11541848F2D1C2C3DB510126DF77205BF71332EE9E5CB31D881E9C857B245++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):709
                                                                                                                                                                                                                                                  Entropy (8bit):5.575958834672549
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kf6v66v9LuO4bipidGGnbkLwT5zxjmO9wuRTo/xumdtLwnVC7dTN3:7e9SlNLiaf6vtv9KO4oMGGnWIoO9ZRi/
                                                                                                                                                                                                                                                  MD5:0303083C987D0942CFF17CE9D0027E93
                                                                                                                                                                                                                                                  SHA1:FF1E0146514A442652002DD534A41046937B5914
                                                                                                                                                                                                                                                  SHA-256:56188A2ED3326B0860D9CF76D6961CB643FC1A2F93E2FFB4DA2ABC0FF8640116
                                                                                                                                                                                                                                                  SHA-512:ECC7AB3D3F27CB2383AA8C49F86F6C6BFA1027148997D4F92825D9B730641D214C95C0BE924B71575B1395A61267F34CBA6CF27D13E2F8D9EFDF753E6749C76C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Wersja",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Gotowe",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//2B110267F6341264500B29DC41AFD0C0D54141C5440DF4870008641509E32199642C5F03BF1696B79BA1C750119560BDEC726C2E3E852CCC3A6285FD7890EE61++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                                                                  Entropy (8bit):5.549994684984163
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4bicmHbkLwT5zxjAHo8kf9wuRTo12WFze9jTXEPvOun:7e9SlNLiafBv9KO40HWIOHo8K9ZR2Mt6
                                                                                                                                                                                                                                                  MD5:801B89861183733EA35C952F78618985
                                                                                                                                                                                                                                                  SHA1:E32C18AC6CA2B460C09759604CFC012AA030C03C
                                                                                                                                                                                                                                                  SHA-256:95115CF18EE1E1A4896B08DBA7F24D012FB1B019215F86EC0FCE99141DEA9EFB
                                                                                                                                                                                                                                                  SHA-512:3E0654E78080E2B6C5FF461F9DC4F85AD29D19754DD46880E80A4208E134CE2D5B6E449F9AC65592DC2BBDC2B7E44234998F0F7700CFA1E0218851FD5EEF5531
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//38319A37158F74349C56AE780D2FE1EA74369BCF9BF2139B6E7E1F6356EE6BF27E0781B2EC874623B3ACBC61CBD4F20A336E5563F143AC8483FE50230576700A++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                                                                  Entropy (8bit):5.5619311609747175
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfqX6v9LuO4biHfHbkLwT5zxjmkf9wuRToePiIUngpgph8kWhuGCs:7e9SlNLiafBv9KO4ofHWIoK9ZR1BUkvt
                                                                                                                                                                                                                                                  MD5:0826E1B34CD2718A14E67DB7471FEFF8
                                                                                                                                                                                                                                                  SHA1:466CF995CD7E7673DF269E4DA917833DECFDEAEF
                                                                                                                                                                                                                                                  SHA-256:E84BDF8D70A4D9032B2ECD3B2920DFA245E4420A1A05D2681A661D358D6804BB
                                                                                                                                                                                                                                                  SHA-512:041E3F2164BA3C67A4F306855B59AF7BC516AFCEADD315FFE8E28A573CF2FE2DFD1B8F62A2C509ED85D9D24D95D56EEEB7D22D10A5CA007BF13A24F069089031
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Vers.o",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Conclu.do",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//62715013ADB65289BD1425F49A9D44B5CF85BB826081DA7BECE9C3AE4217243A475EC1084D7F31910504181A52A7F7B35DA37012AB7F3002AE77CF8DF6F40CC2++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):751
                                                                                                                                                                                                                                                  Entropy (8bit):5.755930371819692
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kf96v9LuO4bi4epiXbkLwT5zxjhKgE9wuRTowy3NvVknWaZpFkWc:7e9SlNLiafUv9KO4sWWISt9ZRmvVknP6
                                                                                                                                                                                                                                                  MD5:CB17FD8DACE0C83B800F99F280D52A63
                                                                                                                                                                                                                                                  SHA1:337B214690529E33BA2294A73E957F6D608788B0
                                                                                                                                                                                                                                                  SHA-256:04271C792B07D7C0AA35385B55D51D3CD95398588C2F45D934775E669BB183AA
                                                                                                                                                                                                                                                  SHA-512:6C47919977A192326E14B13C58CBF056901B12CC03B4C22B15D299E0D7538F49C21873E0A744E77924492468EA4F7F42FC42DBA610B24872DDEA397AE4539CD8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "......",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "........... . ..................",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "......",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//88620717E9EE799EB8AA7F2E1760C2014F35B651171979FE060EC65AA5F267F05ADEDAC3569FF2A423984079CA92354D45A0F0554C8443802E3B39E48FEC628D++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):719
                                                                                                                                                                                                                                                  Entropy (8bit):5.6102161711105865
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfa6v9LuO4biIAbkLwT5zxjAHo8+9wuRToS+Y4nU:7e9SlNLiafNv9KO4uWIOHo8+9ZR8Y4nU
                                                                                                                                                                                                                                                  MD5:54082BF3A6B20F715D94808EF1951E71
                                                                                                                                                                                                                                                  SHA1:B338216AA1F573D6F3EE14D26A514C5B9741C3EF
                                                                                                                                                                                                                                                  SHA-256:C291BC36DF5BED83B96AC1A20B18B1B26A50035BF78B392A87A8205AC3EF169E
                                                                                                                                                                                                                                                  SHA-512:126630161BD3266CAF11661A20AF0662EAE3263CA0D489CDF1B03796F2C732BABD865A37AE7B143ABD8EFA6AE1CFDD928710F33008058D22E8C153EFD8AF39E6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzia",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Vyhl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "OK",.. DONE: "Hotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//5624C53BCE8EA93E7C318B6470C5FD2BEA3CDF9448B5D8D70C5A88356E4684C1840F2A24BACB9BB5EC460482E3A6AD71B85856879DC16C66C82BC35A4E3EF13B++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):706
                                                                                                                                                                                                                                                  Entropy (8bit):5.554327092493012
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfv66v9LuO4biagkcbkLwT5zxjHT9wuRToojRkm5e4eRgiX20qdSh:7e9SlNLiaflv9KO4cjWIVT9ZRnfeBg0X
                                                                                                                                                                                                                                                  MD5:0C9AFEA80408DB59A843AAFA6C0BC23C
                                                                                                                                                                                                                                                  SHA1:D9BECCE27AC0CC8ABD9DABB30EE7B23618CA7E7F
                                                                                                                                                                                                                                                  SHA-256:F3ED198C41D3CDA9E9C973CE8C69650A2D66F8A496822AAC76FBBD4B23B779F9
                                                                                                                                                                                                                                                  SHA-512:34C1977CEABEDA559AAD30E9162D3C4DEBCDD852EB3B79EF137739430479CDD0B6054D56973EECAA13B184596C42CB987DA26ED37D34DF34B7E7C8AF4F35D7CB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Verzija",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "U redu",.. DONE: "Gotovo",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//1A84BCFAB89E78FD65597DBB6DEDC6ECA87B05E1F9B47ABDC62D1AD910BA86893B1F3895942A45176464D7D9FEC7BACF6A8B07D4191E028305DAD41F83806930++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):690
                                                                                                                                                                                                                                                  Entropy (8bit):5.513710902007872
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfLYi6v9LuO4bieGbkLwT5zxjmf9wuRTofn0mzpNlBFjhoepkhn:7e9SlNLiafLYFv9KO4JGWIof9ZRcn0c+
                                                                                                                                                                                                                                                  MD5:F70671A24786782017CD814AC6AC72C1
                                                                                                                                                                                                                                                  SHA1:26F9AC77B1764AD13371B720A92F3A15158BEE40
                                                                                                                                                                                                                                                  SHA-256:CD852B915D12B12640D3E5197CEB2D464A1B495CB78A3B6680C3F09EAD0ED91E
                                                                                                                                                                                                                                                  SHA-512:AB57130DC2E669B486BE710A98AC90F37D0C27970EF2CE12D6F1ED2A544103AAD0FD166373A8D76F2E62B8A506233A4FCB5DBFBCCFFE3B4B85D7259E470C4E9F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "Version",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Ok",.. DONE: "Klart",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//F9E40AAC3AB58D47F27C4E63326E01B8315CDD4E1995A9F361D05DD7B20E79F8EBE2F210A12CF91EBE35A4C492EF923C7A37BEBD67F790E5AA02D49BB75EF0EA++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):696
                                                                                                                                                                                                                                                  Entropy (8bit):5.545555209314935
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfT6v9LuO4bij2VbkLwT5zxjAWoN9wuRToq8TMJ81S1oQtZvrgn:7e9SlNLiafGv9KO48QWIuv9ZR3qr
                                                                                                                                                                                                                                                  MD5:6968161BAA9545B01DDA30AF5FB7A36F
                                                                                                                                                                                                                                                  SHA1:7E78CE16FE43653B060C217ED37A1CD65C38CD04
                                                                                                                                                                                                                                                  SHA-256:148E55B8F85C7837B17520E2100AA5C2A8F956FBEACB18E84876F7C12A98C654
                                                                                                                                                                                                                                                  SHA-512:2B47FD43A6BE7701B6EB24174EEB78251E194EE8764B04F0CF53CB33C063EE08DE6D535C1CD2033FCEBF36309E3797C76139014D4A2EE5773EF076DB6DFF77BD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "S.r.m",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "Tamam",.. DONE: "Bitti",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//8776C33924D3DE44C8ADF4713EB85340482CAC0087E39DAE7CD3D05592F58E39FD4C4D7E36F383819137D5CFB5EEA1E8CE9717243D9763F93875A3834861584A++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):719
                                                                                                                                                                                                                                                  Entropy (8bit):5.935688545805366
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSuKxi7s6kfF6v9bgbi5ywbkLwT5zxjtDYv9wuRTopfLfT7XbP7:7e9uui7s/fsv9bg4ywWIv49ZRufLXbz
                                                                                                                                                                                                                                                  MD5:80C3F7CF329979756A2483C61FDC94E0
                                                                                                                                                                                                                                                  SHA1:4D789234D75ACF3E6876C742D7E4B2DB660E15A4
                                                                                                                                                                                                                                                  SHA-256:77888F083FA21B5CFD2EB5CBE5C6407A7421BB04D76F127F49DD5BD426D1C572
                                                                                                                                                                                                                                                  SHA-512:4C2C012A7D27C2C0DE54B1650D24AB7C909A871CEFF1410D1E2EB3BC9F8783F8928F812813D970AEA92D7989CF669771B7FFA18431A3132510D4CC459204D81A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: ".......",.. PRODUCT_NAME_LIVE: "..........",.. PRODUCT_NAME_TRADEMARKED: ".... ....",.. VERSION: "..",.. WEBADVISOR: "....",.. COMPANY_NAME: "...",.. PRIVACY_NOTICE: "......",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//F6E98D5300FA7FAC3CDBD26ECC83D725DB0761530427BCE04CAF85A01F83E6368A59F8EE59AAF5009800F25844EFB5700CEED010C18D0F0F99E2C31715A94B21++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):694
                                                                                                                                                                                                                                                  Entropy (8bit):5.6689804706681635
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7ekSSlN95i5kfF6v9LuO4biP3emebkLwT5zxjgDYv9wuRToar0jJ5H91/f:7e9SlNLiafsv9KO4d1WIG49ZRhr0jP/f
                                                                                                                                                                                                                                                  MD5:5BC62AD32578785B4E38CC765AD01B86
                                                                                                                                                                                                                                                  SHA1:388C382BEDA295EDAA6ED522EFABF3F4F917976C
                                                                                                                                                                                                                                                  SHA-256:888CB78E02C9F494C4C43B93D35379125379F52DD5EFCB9EF93B985142A2A710
                                                                                                                                                                                                                                                  SHA-512:4DD4107512C06F65816C0926FA7E35BE8DEF88923C5EC14F3FEF175D579163BF1B8DFD73B3921E684F038B82B6D45D1BF43705F0BAAC266F3FF0EFAF33CAE0C5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrShared_ = {.. PRODUCT_NAME: "McAfee WebAdvisor",.. PRODUCT_NAME_LIVE: "McAfee WebAdvisor Live",.. PRODUCT_NAME_TRADEMARKED: "McAfee. WebAdvisor",.. VERSION: "..",.. WEBADVISOR: "WebAdvisor",.. COMPANY_NAME: "McAfee",.. PRIVACY_NOTICE: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. CHROME: "Chrome",.. FIREFOX: "Firefox",.. IE: "Internet Explorer",.. OK: "..",.. DONE: "..",.. LICENSE_AGREEMENT_URL: "https://www.mcafee.com/legal",.. COMPANY_NAME_TRADEMARKED: "McAfee."..}..//3BFEE6F1AAA6203888EACD212AA6EA71B5BEE9F5E25B2EBFBF7067F80AE1F91149DA1C89745A5D6C58244D823622DBDAD484EB12F3CCDC2A6A8C7775DA7229D1++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3828
                                                                                                                                                                                                                                                  Entropy (8bit):5.649207863349993
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:ElmtVPut9muF9guJVDWtfDUEWP4gU4zTA46AOifPY:ELt9mG9gMVDMfD7VgUeb6Z9
                                                                                                                                                                                                                                                  MD5:1B10868D37908BD86B7016A29B5F25EE
                                                                                                                                                                                                                                                  SHA1:C2E4775797236C4D6ADA09ACCA7DF1396A253C6B
                                                                                                                                                                                                                                                  SHA-256:243269C9EE1A0B2214FBCC4D8B8CC60B19C49DE2391657D61566D94B633DBC8E
                                                                                                                                                                                                                                                  SHA-512:17790A9419F8C60D7827E7EA0F6F6C2342262A5A0E329FB7646BF7F194C29122A2BF6851F8F3EFDD8B4D592F02AE7A9417C837D0CBDD9AAD490C3016D4B19D99
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "M.te z.jem o je.t. lep.. zabezpe.en. vyhled.v.n.?",.. TOAST_VARIANT_CHECKLIST: "Ano, chci po restartov.n. zapnout slu.bu Bezpe.n. hled.n..",.. TOAST_VARIANT_BUTTON: "Hotovo",.. TOAST_VARIANT_BUTTON_FREE: "Hledat se zabezpe.en.m . ZDARMA",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Hledat bez ochrany",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nechci bezplatnou ochranu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.e webov. ochrana nen. zcela nastavena . aktivujte ji zdarma",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Dokon.ete nastaven. bezplatn.ho proch.zen. internetu McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chra.te sv. osobn. .daje",.. TOAST_VARIANT_1_INFO: "Proch.zejte web a vyhled.vejte s v.dom.m, .e va.e osobn. .daje jsou chr.n.ny. .ekneme v.m, kter. str.nky jsou bezpe.n. . a kter. mohou b.t nebezpe.n..",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3597
                                                                                                                                                                                                                                                  Entropy (8bit):5.38823145550783
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:w/A9Lqnt+lLcLvjcU7s1KWfENcDh22BqOQiixQ:etCLovj5AIWfENkBqBy
                                                                                                                                                                                                                                                  MD5:DFC68793AEBF3814FFC8951F1C9788C6
                                                                                                                                                                                                                                                  SHA1:E34F45A30A65D8C82389F8BB9E5CE0F9D255DBFD
                                                                                                                                                                                                                                                  SHA-256:1278F116A2F0E427DFCE371703EDC0E43D866FA6FD05524E6C1FD621B5D13475
                                                                                                                                                                                                                                                  SHA-512:0A97336896050C8A613F4BBB5623E59D9D39734E4AEF008B6A5A01661D317DA57C6F87012E46225A1581D31F833B181EC7D6840DD3B4038AABC566096843C242
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vil du tilf.je ekstra s.gebeskyttelse?",.. TOAST_VARIANT_CHECKLIST: "Ja, aktiv.r sikker s.gning, n.r jeg har genstartet browseren.",.. TOAST_VARIANT_BUTTON: "F.rdig",.. TOAST_VARIANT_BUTTON_FREE: "S.g p. sikker vis . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "S.g uden sikkerhed",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jeg vil ikke have gratis beskyttelse",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Din webbeskyttelse er ikke fuldt konfigureret . aktiver den gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "G.r konfigurationen af din gratis McAfee-webbeskyttelse f.rdig",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Beskyt dine personlige oplysninger",.. TOAST_VARIANT_1_INFO: "Gennemse og s.g, vel vidende at dine personlige oplysninger er beskyttet. Vi fort.ller dig, hvilke websteder der er sikre og hvilke der kan v.re farlige.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Fjern bekymringen fra

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3722
                                                                                                                                                                                                                                                  Entropy (8bit):5.3472044793355
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:MO3e8qGlKtiKL/7vdAmPegpo1fkJFfVQz4bLECx8OoEHHyg:xdqGYtj/7vdAjgpSfkJBVQ8bI6Bo6Hyg
                                                                                                                                                                                                                                                  MD5:0A2ED30C3EECB4CF37765E646CACC6CB
                                                                                                                                                                                                                                                  SHA1:A12B346BCB761123CD56F7E5C2CCB89EFDEF06CE
                                                                                                                                                                                                                                                  SHA-256:CC221A68C93F13C53558D2055BDA3FAB80D10F40C90EE51336540032CDB4A260
                                                                                                                                                                                                                                                  SHA-512:AD7900FEDC2769C1FC137042F5857DA305C8AC5BB13B0C7B2D067B82FA45B2C5B7FE013A26DB4BFE668F947AE2D17309CB94113C955C1DA64C3D16538F5AD1A4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "M.chten Sie zus.tzlichen Schutz bei Online-Suchen?",.. TOAST_VARIANT_CHECKLIST: "Ja, die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. TOAST_VARIANT_BUTTON: "Fertig",.. TOAST_VARIANT_BUTTON_FREE: "Sicher suchen . KOSTENLOS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Ungesch.tzt suchen",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ich m.chte keinen kostenlosen Schutz",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Ihr Web-Schutz ist nicht vollst.ndig eingerichtet . jetzt kostenlos aktivieren",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Schlie.en Sie die Einrichtung des kostenlosen McAfee-Web-Schutzes ab",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Sch.tzen Sie Ihre pers.nlichen Daten",.. TOAST_VARIANT_1_INFO: "Surfen und suchen Sie mit der beruhigenden Gewissheit, dass Ihre Daten sicher sind. Wir zeigen Ihnen, welche Websites sicher sind . und welche nicht.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_T

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6107
                                                                                                                                                                                                                                                  Entropy (8bit):5.0275663208917445
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:3/3ftrYEERsgXRx/+P5BLE27ww5X4e0TSS8bW0u2Ml4:33trhEfXT+P5lrMSS8bEbq
                                                                                                                                                                                                                                                  MD5:E371C4E4181BB6C48BA1059BAF7F825E
                                                                                                                                                                                                                                                  SHA1:B65EBD4853A55203D7B2CB4427D0B0E060B0A0EF
                                                                                                                                                                                                                                                  SHA-256:4E0049A9B211F6E189F266BBB0AA2A535EF1B524A5077BE437C8ECEC67AA2A1D
                                                                                                                                                                                                                                                  SHA-512:9EB8139A47A6C2D3662ECEE5875E9B0321D08C565D9D607E90BF5DEB2D890ABAE9C87E3141288D6697E1D69FAAA0D786A8347BA11129444473DC6C6CAFD5A873
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...... .. .......... ........ ......... ..........;",.. TOAST_VARIANT_CHECKLIST: "..., .. ............. . ....... ......... .... ... ............ ... ............ ...........",.. TOAST_VARIANT_BUTTON: ".....",.. TOAST_VARIANT_BUTTON_FREE: "....... ......... . ......",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".. ....... .........",.. TOAST_VARIANT_BUTTON_NOT_WANT: "... .... ...... .........",.. TOAST_VARIANT_TITLE_NOT_SETUP: ". ........... ... ......... ... ..... ...... ........................ ... .......",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "........... .. ....... ... ...... .......... Web ... .. McAfee",.. // Toast varia

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3367
                                                                                                                                                                                                                                                  Entropy (8bit):5.339447864418538
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:KDGTsDGspn5vrfL5mwfPUpGRtBRTyCM0RL+K8KfEKxKxUT4TyALYrkyL0LEtTC6m:XIisJlwrmtBJZM4d9AY4GbJpMlD+R6
                                                                                                                                                                                                                                                  MD5:D65E21982BE527D20993CD94770C365E
                                                                                                                                                                                                                                                  SHA1:DCAE25BB116F7E57C2D417D3E6D7D023FEA5C609
                                                                                                                                                                                                                                                  SHA-256:F8A20862376EB665A3552163ACE561D8FFF208FE3873EA1BE074F8A8416CD9FE
                                                                                                                                                                                                                                                  SHA-512:F2A00E42497F571643695246417A0A6E115112FD9E04743E9DE7F66F5C73EF17816AC788F6B4580E7F702F234236E499F36E8BAF1DFBCBA00FB75E399D1FFE57
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Would you like to add extra search protection?",.. TOAST_VARIANT_CHECKLIST: "Yes, turn on Secure Search after I restart my browser.",.. TOAST_VARIANT_BUTTON: "Done",.. TOAST_VARIANT_BUTTON_FREE: "Search securely . FREE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Search unprotected",.. TOAST_VARIANT_BUTTON_NOT_WANT: "I don.t want free protection",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Your web protection isn.t fully setup.enable it for free",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Finish setting up your free McAfee web protection",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Safeguard your personal info",.. TOAST_VARIANT_1_INFO: "Browse and search with confidence knowing your personal info is protected. We.ll tell you which sites are safe &mdash; and which could be dangerous.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Take the worry out of the web",.. TOAST_VARIANT_2_INFO: "Browse worry-free k

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3632
                                                                                                                                                                                                                                                  Entropy (8bit):5.3655626722955745
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ks358rLYfTJnrXJm8Up0RtjRoZgeCYSL+VKDKNuKA5K7oUlYZxBOGsdUXc+Kno3U:vRg0tjy4BONb9GEjiGWPc+BIT
                                                                                                                                                                                                                                                  MD5:7086DB58BEF90E2485362A687B1193E2
                                                                                                                                                                                                                                                  SHA1:40F7EF9DF1B038E21C2407B2700EECCC770EC715
                                                                                                                                                                                                                                                  SHA-256:73E3F3A389CB6D68CB8364E22C7ADC14D4B799E935764C0C704D27F3ADB76899
                                                                                                                                                                                                                                                  SHA-512:A3EF7BC7CC94B67999A85C7127F4E08F53AE3A07D90762DD050E6A2B39670E0EBA32578C3B08068E15E341F630E5E802E63B03AE6AD270B08F79D7003CCE6E0E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".Quieres a.adir protecci.n extra en tus b.squedas?",.. TOAST_VARIANT_CHECKLIST: "S., activar la b.squeda segura despu.s de reiniciar mi navegador.",.. TOAST_VARIANT_BUTTON: "Listo",.. TOAST_VARIANT_BUTTON_FREE: "Buscar de forma segura GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Buscar sin protecci.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: "No quiero protecci.n gratis",.. TOAST_VARIANT_TITLE_NOT_SETUP: "A.n no has terminado de configurar tu protecci.n web: es gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termina de configurar tu protecci.n web de McAfee gratis",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Protege tu informaci.n personal",.. TOAST_VARIANT_1_INFO: "Navega y busca con confianza sabiendo que tu informaci.n personal est. protegida. Te indicaremos qu. sitios web son seguros y cu.les podr.an ser peligrosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Olv.date de los pe

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3652
                                                                                                                                                                                                                                                  Entropy (8bit):5.368536208302948
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:KHJS5wrLYl0ImbIrXJmfUp0RtjvZgPChBxZSLWKJKDuKlZKIUldZxecemv+G0pPN:QskmV0tjvHhHs4Db+XVpIWYcXBMEuaM
                                                                                                                                                                                                                                                  MD5:C6C6C0D571E7CB6CC5F59B4FCAE365BF
                                                                                                                                                                                                                                                  SHA1:F31FB42D5B7A12FE26D2DAECEF38474682A2AC45
                                                                                                                                                                                                                                                  SHA-256:31DBA508B21F883090D05786870C58B4D9699EA1504A08DD91E7C7DE4C17DAE1
                                                                                                                                                                                                                                                  SHA-512:185777C5FB3B47873306144B669DC68DBD5DF829E7E1EFF7B26153EFA50C3EAD4216D7241A62F730F7E6D056C9A76F8AB37050A916F5F42937C2235C89EC3E0F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".Te gustar.a agregar protecci.n de b.squeda adicional?",.. TOAST_VARIANT_CHECKLIST: "S., activar B.squeda segura despu.s de reiniciar mi navegador.",.. TOAST_VARIANT_BUTTON: "Listo",.. TOAST_VARIANT_BUTTON_FREE: "Busca de forma segura, GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Buscar sin protecci.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: "No quiero protecci.n gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Tu protecci.n web no est. completamente configurada: habil.tala gratis",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termina de configurar tu protecci.n web gratuita de McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Protege tu informaci.n personal",.. TOAST_VARIANT_1_INFO: "Navega y busca con confianza sabiendo que tu informaci.n personal est. protegida. Te diremos qu. sitios son seguros y cu.les podr.an ser peligrosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Navega por la

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3556
                                                                                                                                                                                                                                                  Entropy (8bit):5.351456330736935
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:dWem9nFXHGetHHST0of6hMJHL5Y+jMp1t3NQh8G6:shXmetHyYof6hMJHLm+jEt3NSU
                                                                                                                                                                                                                                                  MD5:3E35952F91E14F643ABF2158AC781B8E
                                                                                                                                                                                                                                                  SHA1:07BE2380AEA1C0C75FEFF727F0EA433B90D57D75
                                                                                                                                                                                                                                                  SHA-256:2DEA9DBD87C484B89384B3F3C46020E376674C0CB780B04699682E354A647294
                                                                                                                                                                                                                                                  SHA-512:82C14CE249BF7ED53A7B052A3D4582AA3823D4C3D605FAB4A588E6929615A92B82E6A3BF3AA27EFBCFFA73B2F94C587CDF47099F22840D6662435A453397937B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Haluatko lis.suojausta hauille?",.. TOAST_VARIANT_CHECKLIST: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. TOAST_VARIANT_BUTTON: "Valmis",.. TOAST_VARIANT_BUTTON_FREE: "Hae suojatusti . MAKSUTTA",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Hae ilman suojausta",.. TOAST_VARIANT_BUTTON_NOT_WANT: "En halua ilmaista suojausta",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Verkkosuojausta ei ole otettu t.ysin k.ytt..n . ota se k.ytt..n maksutta",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Viimeistele McAfeen maksuttoman verkkosuojauksen k.ytt..notto",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Turvaa henkil.kohtaiset tiedot",.. TOAST_VARIANT_1_INFO: "Selaa ja hae huoletta . henkil.kohtaiset tietosi suojataan. Kerromme, mitk. sivustot ovat turvallisia ja miss. voi piill. vaaroja.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Ei huolen h.iv.. verkossa",.. TOAST_VA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3937
                                                                                                                                                                                                                                                  Entropy (8bit):5.32281826348224
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:a/ScFsBmXt/CuFCNSCAQ9BYYmWJmn9AvwuHAnp/SsQWgXReX:aKOEAt/tFqSpQ9BhrmKYEApKsQA
                                                                                                                                                                                                                                                  MD5:5E5D7AFF28354B21C5A1E9FF5E5F445F
                                                                                                                                                                                                                                                  SHA1:1320DE789DBAB278A23B9A220EC6E3021C9DE0E9
                                                                                                                                                                                                                                                  SHA-256:05F9D8EE834A095D78AEBA4B337DF6E1D2E30930149F6EDC5A4CBCA44DD9CB8F
                                                                                                                                                                                                                                                  SHA-512:AD3A6168A54ACAD4793A51A0A4B21131994DCC51B3D862E5CFDEB1E38210516A306858BCDB12D55681CB276A68ED3652498E998B1EEF0254C06A4DDB52140A9B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Aimeriez-vous ajouter une protection suppl.mentaire . vos recherches?",.. TOAST_VARIANT_CHECKLIST: "Oui, activez la recherche s.curis.e au red.marrage de mon navigateur.",.. TOAST_VARIANT_BUTTON: "Termin.",.. TOAST_VARIANT_BUTTON_FREE: "Recherche s.curis.e - GRATUIT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Recherche non prot.g.e",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Je ne veux pas de protection gratuite",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Votre protection Web n'est pas enti.rement configur.e. Activez-la gratuitement.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Compl.tez la configuration de votre protection Web McAfee gratuite",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Prot.gez vos donn.es personnelles",.. TOAST_VARIANT_1_INFO: "Naviguez et recherchez avec confiance en sachant que vos donn.es personnelles sont . l'abri. Nous vous indiquerons quels sites sont s.rs et ceux qui pr.sentent un danger."

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4024
                                                                                                                                                                                                                                                  Entropy (8bit):5.3193359368658095
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:b34FUJtSNXfN0SPAuWXhC00ZmnfQR9SujAnV3Jym4b:bQMtkWS4umSmoCgAVab
                                                                                                                                                                                                                                                  MD5:A1892E90594E3605834BEC1E7931CF1D
                                                                                                                                                                                                                                                  SHA1:F6098342968B92E3F300BDFA8A723BA6908671FE
                                                                                                                                                                                                                                                  SHA-256:57D605C9A444A6EE90DC8BEE5D0B33E010E0F259576BFAD4546B09DD8C0AD4F1
                                                                                                                                                                                                                                                  SHA-512:3E7E10ECC980BC07613B9C4A9B35D4D3C61BD16E00F71D25D8ED996F583EF03EDDB1524CF9A3AC5D88A2BC228197DA70F5293DF7F4780BD494B9C1C0A5E4F580
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Souhaitez-vous ajouter une protection de recherche suppl.mentaire.?",.. TOAST_VARIANT_CHECKLIST: "Oui, activer la recherche s.curis.e apr.s le red.marrage du navigateur",.. TOAST_VARIANT_BUTTON: "Termin.",.. TOAST_VARIANT_BUTTON_FREE: "Rechercher de fa.on s.curis.e . GRATUITEMENT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Rechercher sans protection",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Je ne souhaite pas de protection gratuite",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Votre protection Web n'est pas totalement configur.e. Activez-la gratuitement",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Terminez la configuration de votre protection Web gratuite McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Prot.gez vos informations personnelles",.. TOAST_VARIANT_1_INFO: "Naviguez et recherchez en toute confiance en sachant que vos informations personnelles sont prot.g.es. Nous vous indiquerons quels sont les sites s.c

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3635
                                                                                                                                                                                                                                                  Entropy (8bit):5.451457989016017
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:ajcHGot9qU8FSKd49nVVtx5B9Psk+20fm0F:zBt9z8Fjd493txz/L0fmU
                                                                                                                                                                                                                                                  MD5:635A8B7F820BB0D938227C1D4EAB0281
                                                                                                                                                                                                                                                  SHA1:E7C3AEB1FEE9E598DE081EDD47BF0C81C5C9DF82
                                                                                                                                                                                                                                                  SHA-256:C148F624285950E8B4B1984735624DE878F8BFE122A01954B21F45CBD0804679
                                                                                                                                                                                                                                                  SHA-512:A7699FA0FBDCD0B17E1F88999E45E01AFCECFE9EAAD973D8F1341A37445B2439D856BF7C1E801AA69DC82D66D36448C3D3BD0DE23E41208D91E175EE711B95D4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".elite li dodati dodatnu za.titu pri pretra.ivanju?",.. TOAST_VARIANT_CHECKLIST: "Da, uklju.ite Safe Search nakon .to ponovno pokrenem preglednik.",.. TOAST_VARIANT_BUTTON: "Gotovo",.. TOAST_VARIANT_BUTTON_FREE: "Tra.ite sigurno - BESPLATNO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pretra.ivanje neza.ti.eno",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ne .elim besplatnu za.titu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.a web za.tita nije u potpunosti postavljena - omogu.ite je besplatno",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Zavr.ite postavljanje besplatne McAfee web za.tite",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Za.titite osobne podatke",.. TOAST_VARIANT_1_INFO: "Pregledajte i pretra.ujte s povjerenjem znaju.i da su va.i osobni podaci za.ti.eni. Re.i .emo vam koje su web lokacije sigurne & mdash; a koje bi mogle biti opasne.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Uklonite

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3828
                                                                                                                                                                                                                                                  Entropy (8bit):5.519316831709829
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:KQpmKkwbL+sDfLlUpxKRtIC0vCGNAgc+LP+K5LK3TRKwJKV54QUQQ99P1s+l2cSl:6QtdTBPqw3Tg/UgbCx+lN4Dg
                                                                                                                                                                                                                                                  MD5:96E295A9F114204E890862271C63D880
                                                                                                                                                                                                                                                  SHA1:6878B3AE55F0949F06AC8DF45831CDC551826B24
                                                                                                                                                                                                                                                  SHA-256:AFCFA1C8DD34E600C3258226C78FADDC260DE7187BECE3F04AA3110615E5459A
                                                                                                                                                                                                                                                  SHA-512:19F84EE8BBD7D996684496B0B0333987280C0172FDD20A1A7523595DB734A73551A8BFBABBD508B0BA209D0A2AD0081480BCE410FE6C11D15DD23CC618062E3C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Extra keres.si v.delemre is sz.ks.ge van?",.. TOAST_VARIANT_CHECKLIST: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tom a b.ng.sz.t.",.. TOAST_VARIANT_BUTTON: "K.sz",.. TOAST_VARIANT_BUTTON_FREE: "Keressen biztons.gosan . INGYEN",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Nem v.dett keres.s",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nem szeretn.k ingyenes v.delmet",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Webes v.delme nincs teljesen be.ll.tva . kapcsolja be ingyenesen",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Befejezte az ingyenes McAfee webes v.delem be.ll.t.s.t",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Szem.lyes adatok v.delme",.. TOAST_VARIANT_1_INFO: "Magabiztosan b.ng.szhet, hiszen szem.lyes adatai biztons.gban vannak. Megmondjuk, hogy mely oldalak biztons.gosak, .s melyek lehetnek vesz.lyesek.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3548
                                                                                                                                                                                                                                                  Entropy (8bit):5.225354583301116
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:9xj3zLp7tpe0ddA4Pxt9Qmcnq1qYENfDI/0DEufz3:T17tpe0sQxt9QZ+qHY0xfz3
                                                                                                                                                                                                                                                  MD5:C699BE946595D5570117C65EFC33D351
                                                                                                                                                                                                                                                  SHA1:2AD5115FBC1C3B6D21575004BD044F4D3FECBAA3
                                                                                                                                                                                                                                                  SHA-256:4D56FD1B919C62545A20051E60B3B7CBBD6714948DCAFEFB3A91FF4823B5ADEA
                                                                                                                                                                                                                                                  SHA-512:EBE4B83924023ADFDB56AD456FD77B119FB1DFBC9FE2171CB4B338AE72425DFD73EBC034F8BE9A9CF95145307BF80170877350EF4C766FA7EEF41BC896642E5D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vuoi aumentare la protezione delle ricerche?",.. TOAST_VARIANT_CHECKLIST: "S., attiva la ricerca sicura dopo il riavvio del browser.",.. TOAST_VARIANT_BUTTON: "Fine",.. TOAST_VARIANT_BUTTON_FREE: "Ricerca sicura . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Ricerca senza protezione",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Non desidero la protezione gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "La protezione Web non . configurata completamente. Attivala gratis.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Completa la configurazione di McAfee Web Protection",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Tutela le tue informazioni personali",.. TOAST_VARIANT_1_INFO: "Naviga e cerca senza timore sapendo che le tue informazioni personali sono protette. Ti segnaleremo i siti sicuri e quelli che potrebbero essere pericolosi.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Naviga sul Web in tutta tranquillit.",

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3960
                                                                                                                                                                                                                                                  Entropy (8bit):6.013797513205256
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:6hHMKEaeQVt4/aWso3rOx4mc2JYtwhnoIZH7ShZ0:YB5ztO57Ox4mJ8Eogmv0
                                                                                                                                                                                                                                                  MD5:40C99A285789A907E8BEF19FB7B52C28
                                                                                                                                                                                                                                                  SHA1:91FCBE513966FE10F78BE3D6DD8AA870788D7ECC
                                                                                                                                                                                                                                                  SHA-256:EC8238149FBDA3CA54C7C2220E992D19347387AFDE2B798062D218754ABFB87A
                                                                                                                                                                                                                                                  SHA-512:25B20C459978D9F30DA84564038F5FB2497196CA3C50DEC649B71CFAFDD878B95DAACF7934A79A216D7BBA248AD95B6D8F532DC805A3132BEDE8F5C0913ED7C3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "..............",.. TOAST_VARIANT_CHECKLIST: ".................. ...........",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: "..... - ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "..........",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Web ...................................",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "........ Web ...................",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "............",.. TOAST_VARIANT_1_INFO: "..................................................",.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3783
                                                                                                                                                                                                                                                  Entropy (8bit):5.9318006777716
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:KwNX9/6gkTR6wtUp7RtlvCI/Lg7KoR/+KNM2KHK4Uq0RxIZr1ZNpiL8s/cCM7R+W:P26Ft8+W/rNIqxmQlbe6qX7
                                                                                                                                                                                                                                                  MD5:D1F82AA54D8927A5408E7F40A522959A
                                                                                                                                                                                                                                                  SHA1:C515FF839390EB21E564ECA95F28B0638F1D22AF
                                                                                                                                                                                                                                                  SHA-256:323724ADD81E31420FFEF259F0D55830A48EDE568829254AB4AC076102A689C4
                                                                                                                                                                                                                                                  SHA-512:252CF1BDF3890420BA59B56C8FFA9D7CCA6D75304F8E8B8FBDCA82638CFB76AEB6527A9C9D38A526248604D74AD28F84E6DC0952AC97BF34085155F005C2BAE7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".. .. ... ........?",.. TOAST_VARIANT_CHECKLIST: "., . ..... .. ... . .. ... .......",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: "... .. - ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".. .. ..",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".. ... .... ....",.. TOAST_VARIANT_TITLE_NOT_SETUP: ". .. ... .... ...... ... ........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".. McAfee . .. ... ......",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: ".. ... ......",.. TOAST_VARIANT_1_INFO: ".. ... .... .... .... ....... ... .... ... . .. .... .......",.. // Toast variant 2 specific.. TOAST_VARIANT_2_T

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3599
                                                                                                                                                                                                                                                  Entropy (8bit):5.366390217230944
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:wMQx7teYFyZ8K3XdIcJK10kNeso2bMUaMZiBdiPQ:8teYFyZ8K3N9E10kNtoYMUaMZo
                                                                                                                                                                                                                                                  MD5:B6779C95B817DDA4E330B888D069BF45
                                                                                                                                                                                                                                                  SHA1:98C7C2F7F92447FB366EFA9AE083204F37466AA8
                                                                                                                                                                                                                                                  SHA-256:9C1F0ED884D7047FFA694C48DB200939B3692EE1D2BF635DEEE6AFD44CE7AF0D
                                                                                                                                                                                                                                                  SHA-512:6ADFE8FCB5CF891EC81D88E9087BB88A38F5BD23950B446F48B06766F24AA29A6ACEC9529E37966ECE99C19FA839600A920662B6F4B91FFF935B1A65CCF925F3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vil du ha ekstra s.kebeskyttelse?",.. TOAST_VARIANT_CHECKLIST: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt.",.. TOAST_VARIANT_BUTTON: "Ferdig",.. TOAST_VARIANT_BUTTON_FREE: "S.k sikkert . KOSTNADSFRITT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "S.k uten beskyttelse",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jeg vil ikke ha kostnadsfri beskyttelse",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Nettbeskyttelsen din er ikke ferdig konfigurert . aktiver den kostnadsfritt",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Konfigurer resten av nettbeskyttelsen din fra McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Beskytt personopplysningene dine",.. TOAST_VARIANT_1_INFO: "Du kan surfe og s.ke uten bekymringer i visshet om at personopplysningene dine er beskyttet. Vi forteller deg hvilke omr.der som er sikre og hvilke som kan v.re farlige.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Slipp . beky

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3539
                                                                                                                                                                                                                                                  Entropy (8bit):5.3233739834300255
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:WupCvikhC0tR356VrLrVHgKFteK5/AhK/pxFoD4QkH2:WupCvikbt9AVrLrVHhuk/AhK/pxOD4Qr
                                                                                                                                                                                                                                                  MD5:3265D24F7B970691AE283AA43AA82D38
                                                                                                                                                                                                                                                  SHA1:44A6DCD5CDC1850B588854B867EDB3B7A6A9F2DB
                                                                                                                                                                                                                                                  SHA-256:390661E5979CC2481DDA85BBBBCC35D90C9E4FA5A3DD0F6AB18A7F824237A244
                                                                                                                                                                                                                                                  SHA-512:18D4C45393F35C584F8C07E7FB023CC55C44C4B65B206DF3872704230D96EFF59B610472692E664A075D77ADDD86EE46CE431300513C1AA0A72ACD04E59E677B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Wilt u aanvullende zoekbescherming toevoegen?",.. TOAST_VARIANT_CHECKLIST: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. TOAST_VARIANT_BUTTON: "Gereed",.. TOAST_VARIANT_BUTTON_FREE: "Veilig zoeken . GRATIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Onbeschermd zoeken",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ik wil geen gratis bescherming",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Uw webbescherming is nog niet volledig geconfigureerd. Schakel uw bescherming gratis in.",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Uw gratis McAfee-webbescherming instellen",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Bescherm uw persoonlijke gegevens",.. TOAST_VARIANT_1_INFO: "Browse en zoek vol vertrouwen in de wetenschap dat uw persoonlijke gegevens worden beschermd. We laten u weten welke websites veilig zijn, en welke mogelijk niet.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Zorgeloos browsen",

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3618
                                                                                                                                                                                                                                                  Entropy (8bit):5.593202969337174
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:QrIqKLAst649Gs63IcBPevJwh8i8iiQlacMrIMXkIxL:QcHtn9/pcBPevJwh8i8iiQlacMcMVF
                                                                                                                                                                                                                                                  MD5:B2EF550A2B6B891FC4885EDC053196ED
                                                                                                                                                                                                                                                  SHA1:DCF3E630E1FEEF0F3EBD207FCAA54954C32D3271
                                                                                                                                                                                                                                                  SHA-256:58BD78EE577D8A7C3DB8B7E4D3FDB88A362F192C1F9230CAA14DECEE5C981663
                                                                                                                                                                                                                                                  SHA-512:77AD4D35C0D99F0901123E8B8B4E03ED7C35452FC127073ABBCCA625DA6C3017C0513A2C1F11F7F0132C018D423548C6A20212F434B90B346103D9E60532150F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Chcesz zwi.kszy. bezpiecze.stwo wyszukiwania?",.. TOAST_VARIANT_CHECKLIST: "Tak, w..cz Bezpieczne wyszukiwanie po ponownym uruchomieniu przegl.darki.",.. TOAST_VARIANT_BUTTON: "Gotowe",.. TOAST_VARIANT_BUTTON_FREE: "Wyszukuj bezpiecznie . BEZP.ATNIE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Wyszukuj bez ochrony",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nie chc. bezp.atnej ochrony",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Twoja ochrona w sieci Web nie jest do ko.ca skonfigurowana . w..cz j. bezp.atnie",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Uko.cz konfiguracj. bezp.atnej ochrony sieciowej McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chro. swoje dane osobowe",.. TOAST_VARIANT_1_INFO: "Spokojnie wyszukuj i przegl.daj, wiedz.c, .e Twoje dane osobowe s. chronione. Powiemy Ci, kt.re witryny s. bezpieczne, a kt.re nie.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Spokojnie korzyst

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3738
                                                                                                                                                                                                                                                  Entropy (8bit):5.341816172018693
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:KpaRlEpnKqfJuUuRwyUptRtbVaKjJOhCf+L7UKkKwKfK6TU0kPVdq54420uUFLtO:w3HtvJxfqFZC/tdHLwjL7+
                                                                                                                                                                                                                                                  MD5:76F46CD2B966706F21093AA71A1A8EF5
                                                                                                                                                                                                                                                  SHA1:BCE9512FDC8257AE0AB1D367A453DA4B5D8B9193
                                                                                                                                                                                                                                                  SHA-256:A7488A665B0498C299063FA3BC97E99523E91FEEC72E6598072210FEEE03998F
                                                                                                                                                                                                                                                  SHA-512:AED61176AF728CFEA03C90FD795114C2402ED8C6818DD3CC9128370C1EA1AE9FC45D8E34D2127E9806ABF41AC5F2BF65E8DB66F6384063E0D8C3FAA03F06EDFF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Voc. gostaria de adicionar prote..o de pesquisa extra?",.. TOAST_VARIANT_CHECKLIST: "Sim, ative a pesquisa segura depois que o navegador for reiniciado.",.. TOAST_VARIANT_BUTTON: "Conclu.do",.. TOAST_VARIANT_BUTTON_FREE: "Pesquise com seguran.a GRATUITAMENTE",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pesquisa n.o protegida",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Eu n.o quero prote..o gr.tis",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Sua prote..o na Web n.o est. totalmente configurada. Ative-a gratuitamente",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Conclua a configura..o da prote..o gratuita da Web da McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Proteja suas informa..es pessoais",.. TOAST_VARIANT_1_INFO: "Navegue e pesquise com confian.a, sabendo que suas informa..es pessoais est.o protegidas. Informaremos quais sites s.o seguros . e quais podem ser perigosos.",.. // Toast variant 2 specific.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3683
                                                                                                                                                                                                                                                  Entropy (8bit):5.333373479671786
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:KVFTplRl0d61FB0yUpDRtbVaK6HOd0TZeC5p30BL7UKkKHKMKFTUBk30aB5qyQOc:GE3ttmud03zEPFqtvEezHWNd62
                                                                                                                                                                                                                                                  MD5:507B9571E311F50013920017D26891B7
                                                                                                                                                                                                                                                  SHA1:8F66344D4870A95D6558EB91EE894CCE2C560633
                                                                                                                                                                                                                                                  SHA-256:5E7798ADC4AB204D50ECF6984AFA3285E3E795066A5A95BB3369171199059C86
                                                                                                                                                                                                                                                  SHA-512:8B0760E09F14391DF1E4B32782CA8FED55108729FD04FB9256FA16F1383C05C5C669B3E69E18EC6DA2CA7AFE2E661CEC9D9E5F643605022842E35C2D77CC925E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Pretende adicionar prote..o de pesquisa suplementar?",.. TOAST_VARIANT_CHECKLIST: "Sim, ativar a pesquisa segura ap.s reiniciar o meu browser.",.. TOAST_VARIANT_BUTTON: "Conclu.do",.. TOAST_VARIANT_BUTTON_FREE: "Pesquisar em seguran.a . GR.TIS",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pesquisar sem prote..o",.. TOAST_VARIANT_BUTTON_NOT_WANT: "N.o quero prote..o gratuita",.. TOAST_VARIANT_TITLE_NOT_SETUP: "A sua prote..o Web n.o est. conclu.da: ative-a gratuitamente",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Termine a configura..o da sua prote..o Web da McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Proteja as suas informa..es pessoais",.. TOAST_VARIANT_1_INFO: "Navegue e pesquise com a confian.a de que as suas informa..es pessoais est.o protegidas. Vamos indicar-lhe que sites s.o seguros e os que podem ser perigosos.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Deixe

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5374
                                                                                                                                                                                                                                                  Entropy (8bit):5.134747831277087
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:/Li+T0t5WKRmY8vzQedwpNv473IdQ/NtRk3:f0t5Dl8vzQex7DNPU
                                                                                                                                                                                                                                                  MD5:6AC6EA6256C064FAE13981FA508E046D
                                                                                                                                                                                                                                                  SHA1:97AB6B196AB4DEBA93EA779BE7E0F0C9CC19D4BB
                                                                                                                                                                                                                                                  SHA-256:82AE1DA37D5BBA6BE06FE96F45B521E2140BE6D714AF1188C2E393BCA664E063
                                                                                                                                                                                                                                                  SHA-512:6A4067E422B3F11317DFFE8F224AB3FB4399F0A3CE53E0822CF433DDBA260F4CE90BD90F65669A44B536DC02B9FFE8BD68BCDEA127743AFA348B4246DBBDC214
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...... ........ .............. ...... ......?",.. TOAST_VARIANT_CHECKLIST: ".., ........ .......... ..... ..... ........... .........",.. TOAST_VARIANT_BUTTON: "......",.. TOAST_VARIANT_BUTTON_FREE: ".......... ..... . .........",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "..... .. .......",.. TOAST_VARIANT_BUTTON_NOT_WANT: "... .. ..... .......... ......",.. TOAST_VARIANT_TITLE_NOT_SETUP: ".... ...-...... ......... .. ......... . ........ .. .........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "......... ......... .......... ...-...... McAfee",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........ .... ...... ..........",.. TOAST_VARIANT_1_INFO:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3752
                                                                                                                                                                                                                                                  Entropy (8bit):5.646352630188663
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:G/v3lJ6qJt9g29MgiL+tBjYE7+R8LB0HDDx+UHnFn:G3l4At9g29MnL+tpYE7o8LB0Xx+GFn
                                                                                                                                                                                                                                                  MD5:391A2E6DD3E758834DF894E83A12EBF8
                                                                                                                                                                                                                                                  SHA1:0CF94794984AA8C1B21014D812719EB5D677FAB2
                                                                                                                                                                                                                                                  SHA-256:535322F326167CB53DB5E7F9DD0FF3E2A92AFD140105A210B0F3BEAC0E49BCA9
                                                                                                                                                                                                                                                  SHA-512:6492C0523193497F1284A9084C2DF32E60C54985E1B86F9BBEEA8872525E85CAE16868E85CA461A5D792AE3CECA269A214B191A9D461E5B0D5019EA094681FC8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Chcete zv..i. zabezpe.enie vyh.ad.vania na internete?",.. TOAST_VARIANT_CHECKLIST: ".no, zapn.. zabezpe.en. vyh.ad.vanie po re.tarte prehliada.a.",.. TOAST_VARIANT_BUTTON: "Hotovo",.. TOAST_VARIANT_BUTTON_FREE: "Vyh.ad.va. so zabezpe.en.m . ZADARMO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Vyh.ad.vanie nie je chr.nen.",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Nechcem ochranu zadarmo",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Webov. ochrana nie je .plne nastaven. . aktivujte ju zadarmo",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Dokon.ite nastavenie webovej ochrany od McAfee zadarmo",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Chr..te svoje osobn. .daje",.. TOAST_VARIANT_1_INFO: "Preh.ad.vajte web a.vyh.ad.vajte inform.cie bez ob.v v.aka ochrane osobn.ch .dajov. Uk..eme v.m, ktor. lokality s. bezpe.n. a.na ktor.ch hroz. nebezpe.enstvo.",.. // Toast variant 2 specific.. TO

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.445792953663574
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:5541sqXt9UFE+s49f8cQq5gAWFLrf9UQbb:5Yt9UFq49LQqyfFvOQbb
                                                                                                                                                                                                                                                  MD5:4BF1A45DD0062D14B5E73AA77D5E4264
                                                                                                                                                                                                                                                  SHA1:3DAEB57E91EE1520654627AEEC3656F7346D2886
                                                                                                                                                                                                                                                  SHA-256:624ACB70E6C4387F96BD5A39B74A146AC9400795398168817362D3E15792B556
                                                                                                                                                                                                                                                  SHA-512:AF5AD3754806776B378EE00F14360E4339B475CC90952541765C35517399F1DCE43E2E42D15AEDBE8306E08ED74E7135F3ECAD9895C6890E82464FB7774EF9DF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: ".elite li dodatnu za.titu pretrage?",.. TOAST_VARIANT_CHECKLIST: "Da, uklju.i Secure Search nakon .to ponovo pokrenem pregleda..",.. TOAST_VARIANT_BUTTON: "Gotovo",.. TOAST_VARIANT_BUTTON_FREE: "Pretra.ujte bezbedno . BESPLATNO",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Pretraga nije za.ti.ena",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Ne .elim besplatnu za.titu",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Va.a za.tita na internetu nije u potpunosti postavljena.omogu.ite je besplatno",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Zavr.ite postavku va.e McAfee za.tite na internetu",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: ".titite li.ne informacije",.. TOAST_VARIANT_1_INFO: "Pregledajte i pretra.ujte bez brige znaju.i da su vam li.ne informacije za.ti.ene. Re.i .emo vam koje lokacije su bezbedne . a koje mogu biti opasne.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Uklonite brigu sa veba"

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3492
                                                                                                                                                                                                                                                  Entropy (8bit):5.431086625606851
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:KaGqWQzrHqWU7B10Up8LRtXbY8ACXGiLuKcUCLK6LKVKo9U31Ta920FLlpx/TV56:B6CtsQ2klVdM5+9npxU2oBZvOGj
                                                                                                                                                                                                                                                  MD5:70B8C274779F7889BD6A8AFF5E18D565
                                                                                                                                                                                                                                                  SHA1:820BD74BFBD9D238B22FB259C265827F872CFB87
                                                                                                                                                                                                                                                  SHA-256:C7C2FF04AC3C5904F54FB52B50CABC1C8F35E37C2B66427CCAE2E8F56D8614BE
                                                                                                                                                                                                                                                  SHA-512:C0FD21AD75E602E725A334227760475DC02294770758861A1445A8CE9294C0A76A01D5C6B9122FF37C3A6C8AB260150D9495850996DDC849D93A2E5B399BAECD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Vill du l.gga till extra s.kskydd?",.. TOAST_VARIANT_CHECKLIST: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. TOAST_VARIANT_BUTTON: "Klart",.. TOAST_VARIANT_BUTTON_FREE: "S.k s.kert - KOSTNADSFRITT",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Oskyddad s.kning",.. TOAST_VARIANT_BUTTON_NOT_WANT: "Jag vill inte ha kostnadsfritt skydd",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Inst.llningen av ditt webbskydd .r inte fullbordat - aktivera det kostnadsfritt",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "Fullborda inst.llningen av ditt McAfee-webbskydd",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Skydda din personliga information",.. TOAST_VARIANT_1_INFO: "Surfa och s.k tryggt i vetskap om att din personliga information .r skyddad. Vi ber.ttar vilka webbplatser som .r s.kra . och vilka som kan vara farliga.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Surfa p. n.tet utan oro",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3702
                                                                                                                                                                                                                                                  Entropy (8bit):5.50838372099097
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:K2rafAlFLhKpoLQHdPUpI5LRtHyderOYC3LCyrsgLLsnLKIlIKfLKb3LKyjqMURs:CCIbtSgyGyouKx+bG/dDeFfQ3t16h8E
                                                                                                                                                                                                                                                  MD5:7271EB48AC8670DCFB2660DFE70AFFB7
                                                                                                                                                                                                                                                  SHA1:E43A98848A809F9378A2B2ADCB40886A5ECA27D5
                                                                                                                                                                                                                                                  SHA-256:1E28229CF8C4EBF3BB6D878EDCE4C0E20BF80308F8153F1BF324C0AFDB98A4FE
                                                                                                                                                                                                                                                  SHA-512:A7DCB170713CBCD66FD31D1E8E6D5C571A11CB246DCB3603CE234DF1A9F3FF07DEF5A1339AC2C96639F6024D69B02313BFD07E6343B6BA0D90C5E1438E2E8E77
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "Ekstra arama korumas. eklemek ister misiniz?",.. TOAST_VARIANT_CHECKLIST: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. TOAST_VARIANT_BUTTON: "Bitti",.. TOAST_VARIANT_BUTTON_FREE: "G.venli arama yap.n - .CRETS.Z",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "Korunmadan arama yap.n",.. TOAST_VARIANT_BUTTON_NOT_WANT: ".cretsiz koruma istemiyorum",.. TOAST_VARIANT_TITLE_NOT_SETUP: "Web koruman.z tam kurulmam.., .cretsiz etkinle.tirin",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".cretsiz McAfee web koruma kurulumunuzu tamamlay.n",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "Ki.isel bilgilerinizi koruyun",.. TOAST_VARIANT_1_INFO: "Ki.isel bilgilerinizin korundu.unu bilerek g.venle gezinin ve arama yap.n. Hangi sitelerin g.venli, hangilerinin tehlikeli olabilece.ini size s.yleyece.iz.",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "Endi.eleri webten uzak tutun",

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3220
                                                                                                                                                                                                                                                  Entropy (8bit):6.3278451090740155
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:KpV0YrIr3BkaxUpYNRtt5K2dCaLQzKeKGBKHlKCQUDlFJ5g68a1MzflHS/+xKAYq:aS9KotKvaLJ8CJFPl8aSwXNtl43ec
                                                                                                                                                                                                                                                  MD5:D3F97BFDCE355DDE0CF1F3553D16BE65
                                                                                                                                                                                                                                                  SHA1:29042AABB6ECA8DD6ACC3813FA43731490F5D5E6
                                                                                                                                                                                                                                                  SHA-256:B309E8FEE0E568DE9999166FA80166C043EA11275CF9E668969653A50F072838
                                                                                                                                                                                                                                                  SHA-512:2DA5402CE577B7F3CDB3CC15FA39977C204BB1C4D6B3CAB66F4FE225B760F630CC589665C056C0FDD6F7A83371C88A63B19FE25AAD43AE68B1A6D44EAE6FC9AE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "...........",.. TOAST_VARIANT_CHECKLIST: "................",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: ".... . ..",.. TOAST_VARIANT_BUTTON_UNPROTECTED: "......",.. TOAST_VARIANT_BUTTON_NOT_WANT: "........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "...................",.. TOAST_VARIANT_TITLE_FINISH_SETUP: ".............",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........",.. TOAST_VARIANT_1_INFO: ".................................................",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: "......",.. TOAST_VARIANT_2_INFO: ".........................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-ss-toast-variants-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3309
                                                                                                                                                                                                                                                  Entropy (8bit):6.333278042576984
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:LjGwO6t6wKA44s2xr92kwcK8jtUuhSSmSK:tt6wc4s2xrskwc3U6SS/K
                                                                                                                                                                                                                                                  MD5:35EBE25CC3A2E5DB8F8BCDC7F40F5AF7
                                                                                                                                                                                                                                                  SHA1:0750AFD4587645E7A27EA892101D88EF4AC82329
                                                                                                                                                                                                                                                  SHA-256:A46AF7AF0A79C5262FF095245702E882129D76E97C2BCF64C922F4DDD460EB55
                                                                                                                                                                                                                                                  SHA-512:7B98F0549487364DC8D354C035B5B52C63C207DE915A8F26EA8887DAFD612F16DC8496F066E368DB332FD32A984437DF85860C0431A0645C9727B7E5AE3221AC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSSToastVariants_ = {.. TOAST_VARIANT_QUESTION: "..............",.. TOAST_VARIANT_CHECKLIST: "...................",.. TOAST_VARIANT_BUTTON: "..",.. TOAST_VARIANT_BUTTON_FREE: ".... . ....",.. TOAST_VARIANT_BUTTON_UNPROTECTED: ".............",.. TOAST_VARIANT_BUTTON_NOT_WANT: "........",.. TOAST_VARIANT_TITLE_NOT_SETUP: "..... Web ...........",.. TOAST_VARIANT_TITLE_FINISH_SETUP: "..... McAfee Web .....",.. // Toast variant 1 specific.. TOAST_VARIANT_1_TITLE: "........",.. TOAST_VARIANT_1_INFO: "................................................",.. // Toast variant 2 specific.. TOAST_VARIANT_2_TITLE: ".......",.. TOAST_VARIANT_2_INFO: "..........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2317
                                                                                                                                                                                                                                                  Entropy (8bit):5.724232664480202
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvSUqYRSK+R28Y2zgJsQqpq/83qkj6B9nw4RJtlzJMO90:C6UnSKOY2zegB6Dn3Me0
                                                                                                                                                                                                                                                  MD5:8FBFC0B500D0BC4EFE3EC1A966E1085C
                                                                                                                                                                                                                                                  SHA1:8BD7E8CB64DF6CA9FA4136177617BE7F0BEFEE70
                                                                                                                                                                                                                                                  SHA-256:563443189E2D314696BA333452D09EBA24AF779A3B54CC59B2051EE1E7AA5D3F
                                                                                                                                                                                                                                                  SHA-512:8E690D9BD250E2BDD6BEF345A60547EA1A7BBC90FA667F6865B5C6F3CCED50AE4E9B74EBF5F68F242529203AB7655C58F7D003097705597A20556307F184ED71
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "M.te k dispozici dal.. mo.nosti ochrany",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Vy... ochrana je p.ipravena",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Vy... ochrana je vypnuta",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Tyto funkce vy... ochrany v.m zajist. v.t.. bezpe.. online. Zapn.te je.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "V.e je nastaveno! Kdy. p...t. znovu spust.te prohl..e., budete moci s jistotou vyhled.vat pomoc. funkce Bezpe.n. hled.n. McAfee, kter. v.m uk..e, kter. str.nky lze bezpe.n. nav.t.vit.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Je vypnut., proto.e bylo zak.z.no nebo odebr.no roz...en. pro hled.n., kter. je sou..st. vy... ochrany. Z.skejte tyto funkce zp.t.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Funkce Bezpe.n. hled.n. McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2319
                                                                                                                                                                                                                                                  Entropy (8bit):5.421754373500763
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvJjkjVsFprf0Ksd4Ajfm0p4TS4Zudo0xTn:Ctk5Ux3Ajfme4TSjxTn
                                                                                                                                                                                                                                                  MD5:034A852A7AFFC3EF7DBDCED3254C3778
                                                                                                                                                                                                                                                  SHA1:870E0006CF102E9DDAF9042AE551346C5DD8CAF1
                                                                                                                                                                                                                                                  SHA-256:030D2160B2884238A9F1043DC7DBBD15D603F62E2F49C10A258F76B915FB64C4
                                                                                                                                                                                                                                                  SHA-512:5F4A8D4CFFE613CC64FE45A606AF50D09F36F14B9864923A24183070CC354C0E7AD803F19AF3B6AAF724CD0326C044D9792B71BD1FF3AAE7E4A0A486AEC81705
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Du har flere beskyttelsesmuligheder",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ekstra beskyttelse er aktiveret",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ekstra beskyttelse er deaktiveret",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Disse ekstra beskyttelsesfunktioner forbedrer din onlinesikkerhed. Sl. dem til.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alt er parat. N.ste gang, du starter browseren, kan du surfe p. internettet i sikkerhed, fordi McAfee sikker s.gning viser dig, hvilke websteder det er sikkert at bes.ge.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Funktionen er deaktiveret, fordi s.geudvidelsen, der er en del af den ekstra sikkerhedspakke, er sl.et fra eller er blevet fjernet. F. disse funktioner tilbage nu.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee sikker s.gning", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} viser dig, hvilke websteder d

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2382
                                                                                                                                                                                                                                                  Entropy (8bit):5.446769832572551
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvzhxfTyDKyA7h3CFycAOFsxEclSgHcFhXo09:C1xfeDS3CT2IrTXoi
                                                                                                                                                                                                                                                  MD5:F3F4A62E48EB00A428DCE99AAB56426E
                                                                                                                                                                                                                                                  SHA1:C5075EF807FB5F4C9B7D106DDBE13068074ABA3F
                                                                                                                                                                                                                                                  SHA-256:1C4A14BCFA12486607EC885B49C66B88180295A20F613F7F2F3715B0FB9F2E79
                                                                                                                                                                                                                                                  SHA-512:F84088D8F7DA40D4F41F5559FBB8111D1945AACC8A26B2E07F2302E51BB4CB375E394BEAB100FECA5229B01B3B1C94D063A23BCE5CB69E197F840E6F66C5C68D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Es sind weitere Schutzfunktionen verf.gbar",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Zus.tzlicher Schutz wartet auf Sie",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Zus.tzlicher Schutz ist deaktiviert",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Mit diesen Funktionen des zus.tzlichen Schutzes sind Sie online besser gesch.tzt. Aktivieren Sie sie.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alle eingerichtet! Wenn Sie das n.chste Mal Ihren Browser .ffnen, sollten Sie die sichere Suche von McAfee nutzen, um in Ihren Suchergebnissen zu sehen, welche Websites sicher sind.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Sie ist derzeit nicht verf.gbar, da die Sucherweiterung, die eine Komponente des zus.tzlichen Schutzes ist, deaktiviert oder entfernt wurde. Aktivieren Sie diese Funktionen jetzt wieder.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Sichere Suche", .. SEARC

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3630
                                                                                                                                                                                                                                                  Entropy (8bit):5.084257425787037
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CNwyIyaSMAwsC38BDAeuDFKed0uHpUjF0:CNuzDAAmtuJlDpUS
                                                                                                                                                                                                                                                  MD5:0D24410CF5B30B902325CC2FC0D81A35
                                                                                                                                                                                                                                                  SHA1:F2277D2512CD12B8AAB40A37D945B16E3029B4F7
                                                                                                                                                                                                                                                  SHA-256:2CA59554DC742F0AAA6D7DA6790D63963751D5177F32634D7B207D2CB507290C
                                                                                                                                                                                                                                                  SHA-512:E70CF3F294F1B459DDD6526F354E6884A19D6B019451A6DBE34FFD5CB31DACE9695C90E664AFE5B562ED1AF4359AFF6884744780D5B646CD96C15C9CB965456B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "..... ........... ......... .........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ". ........ ......... ..... ......",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ". ........ ......... ..... ................",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "..... .. ........... ......... .......... ... ....... ... ........ online. ............. ... ............",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "..... .......! ... ....... .... ... .. .............. .. ......... .......... ..., ......... ........... .. ..... .. ... ...... ......... McAfee ... ... ....... ..... .....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2039
                                                                                                                                                                                                                                                  Entropy (8bit):5.454774830011741
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Cv45dlzloc0Zvdr05DJMtWXS7bJ3sLEISktCRHJ:CKHzloLZ25DJMtiUW4NkML
                                                                                                                                                                                                                                                  MD5:15A864FD05C99B179425837A13C4CBE0
                                                                                                                                                                                                                                                  SHA1:EE95A3F34014E21B93BE7E6E3862EE99611D5B39
                                                                                                                                                                                                                                                  SHA-256:A0D9E7F74A3C0FFFCC2DAB33E2D65D634D5BEE10BB5C324E36C40475FBF8C9CA
                                                                                                                                                                                                                                                  SHA-512:68FC08552E65B82F877589CCB772EC86B0277081F4A21C9CE55DEABCC8D188DCCB2B4AF59E5DB5AC6053EA7D9DD408B5E4D6030A315585CF697C5013D7C92CC6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "You have more protection available",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Added Protection is ready",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Added Protection is off",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "These Added Protection features keep you safer online. Turn them on.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "All set! The next time you restart your browser, search confidently with McAfee Secure Search showing you which sites are safe to visit.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "It's off because the search extension that's part of Added Protection was disabled or removed. Get these features back now.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Secure Search", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} shows you which sites are safe before you visit them.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "Ad Blocker", .. SEARCH_TOAST_ADBLOCK_BULLE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2325
                                                                                                                                                                                                                                                  Entropy (8bit):5.427575417384713
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOvdgk9mBAPBQdBFXyUzwXFoI1mfCzZA8hmUA1ov8KJMfePnEW4dpaPVFk4/3PD:Cv7MkYFXTzGFoIEWPyovzQArVZGLIAgh
                                                                                                                                                                                                                                                  MD5:B519B450222241C6A0601353CC10AABA
                                                                                                                                                                                                                                                  SHA1:836433CE93A836B5DCA03BA58AF0B105D6FED78E
                                                                                                                                                                                                                                                  SHA-256:3D1D0075BFEE0F425D78329DD03C12DB39E4D9EEDD19415D255BBD656E7BC60B
                                                                                                                                                                                                                                                  SHA-512:C3E68EF44D59BB81951EB037B178FCA15A6301D324396CAFDBDB56B68A83E45314DC3C8318D5FC900892A79298FD01E485BF4412984542F3AA722E96660AD402
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Puede disfrutar de m.s protecci.n",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La Protecci.n a.adida est. activada",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La Protecci.n a.adida est. desactivada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas funciones de Protecci.n a.adida le mantienen a salvo en Internet. Act.velas.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Ya est. todo configurado. La pr.xima vez que reinicie su navegador, tendr. la tranquilidad de saber qu. sitios web son seguros gracias a la B.squeda segura de McAfee.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desactivado porque la extensi.n de b.squeda incluida en la Protecci.n activa est. desactivada o se ha eliminado. Vuelva a activar estas funciones ahora.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "B.squeda segura de McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} le muestra q

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2241
                                                                                                                                                                                                                                                  Entropy (8bit):5.4587498644754175
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOvdgWQIvN6tKQtqWmwUV5mOZzZCB4vhmUwRKJhZfeT5gAdFqdVtBcwKHvcJi94:CvlQIjWZKTZ8Kp6c0jqrtqvEIU3
                                                                                                                                                                                                                                                  MD5:5F2DD39BAE6409010449EBA3F028DA7C
                                                                                                                                                                                                                                                  SHA1:442432AD15E77776A44CF557C4C3B397141ABEB9
                                                                                                                                                                                                                                                  SHA-256:19873840D8D3FAC6D4CBC3624378C5850704A85FA0475883E1A50ECB131E6650
                                                                                                                                                                                                                                                  SHA-512:AB73D271CDA2CD94667CBD7B37A26303CB59EB9EEBFFCEE30C232F59434A75454F154AD273E2047CD05C99EC66E0DCB0338546C31BF357AE609DCF1592796B2C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Tiene m.s protecci.n disponible",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Protecci.n adicional est. listo",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Protecci.n adicional est. desactivado",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas caracter.sticas de Protecci.n adicional lo mantienen seguro en l.nea Act.velas",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".Todo listo! La pr.xima vez que reinicie su navegador busque con confianza ya que B.squeda segura de McAfee le mostrar. cu.les sitios son seguros para visitar.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desactivado porque la extensi.n de b.squeda que es parte de Protecci.n adicional fue inhabilitada o eliminada. Recupere esas funciones ya mismo",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "B.squeda segura de McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} muestra qu. sitios son seguros ant

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2246
                                                                                                                                                                                                                                                  Entropy (8bit):5.418192884712719
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOvdgGvLPUQPmMdzpP5x4bICHA4fEOGVGd1Pwsx7LmNhI+a6soNxawi9dySBx74:CvXlmMd9m6mdFwWrZ6kxuFrCQeNQ
                                                                                                                                                                                                                                                  MD5:7579677AE9F8F2336BAF326735569F81
                                                                                                                                                                                                                                                  SHA1:FF6B16BE83B94E74410FC80C63D0843383BFF6D0
                                                                                                                                                                                                                                                  SHA-256:AA0DC11B2EFEAE5A32399F52E5DB42B4B8A07D332C29F132C42E33CFDB6C93E5
                                                                                                                                                                                                                                                  SHA-512:86EDB2E70DB3245399AADF449CF79015D381CB22B57F267FCBB33CB8EFEAFF03033DC49071F34D828B54F55399509CF87788A25B052B53E277158C246E23B6EA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Lis.. suojausta saatavana",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Lis.suojaus on valmis",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Lis.suojaus on poissa k.yt.st.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "N.ill. lis.suojausominaisuuksilla pysyt paremmin turvassa verkossa. Ota ne k.ytt..n.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Kaikki on valmista. Kun ensi kerralla k.ynnist.t selaimen uudelleen, voit tehd. hakuja turvallisin mielin McAfeen suojatulla haulla, joka n.ytt.. vaarattomat sivustot.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Se on poissa k.yt.st. siksi, ett. lis.suojaukseen kuuluva hakulaajennus oli poissa k.yt.st. tai se poistettiin. Hanki ominaisuudet heti takaisin.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfeen suojattu haku", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} n.ytt.., mitk. sivustot ovat vaarattomia ennen

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2413
                                                                                                                                                                                                                                                  Entropy (8bit):5.4551318322529045
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvmQM4M92AhLMdlzu5ZHl0l1nD2qqhhUq:C+W42AhLmlzu5BkJyqCV
                                                                                                                                                                                                                                                  MD5:3273690404BBDBBF2689E7BAF956D827
                                                                                                                                                                                                                                                  SHA1:3A8C6C6D74B75F860CCADE4B19A53A7475B2DBC8
                                                                                                                                                                                                                                                  SHA-256:68FE7B0E79443C8D982B2DC52E9B9C25292CEA579E2EB3B407D9171CEC2EC46D
                                                                                                                                                                                                                                                  SHA-512:0E20B1324F39FAE3EBA994BEEF3C5FB30E80B1D19406C17FA0B9C556E7740D9AC36EAA4B8A2EA99507C836E9003BF79587672A587ED8DA3DCBFCF06F70C845FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Plus de protection disponible pour vous",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La protection accrue est pr.te",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La protection accrue est d.sactiv.e",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ces fonctions de protection accrue vous apportent plus de s.curit. en ligne. Les activer.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Pr.t! La prochaine fois que vous lancez votre navigateur, parcourez le Web en toute qui.tude pendant que la fonction de recherche s.curis.e McAfee vous indique les sites dignes de confiance.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Cette fonction n'est pas activ.e car l'extension de recherche qui fait partie de la protection accrue a .t. d.sactiv.e ou supprim.e. R.tablir ces fonctions maintenant.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_ADBLOC

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2494
                                                                                                                                                                                                                                                  Entropy (8bit):5.43753803112721
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvqwGuHF9o9/EuB8u5J5AxHaaydCPjPXnbch:CSwGeY/EuB8u5olydCPrbK
                                                                                                                                                                                                                                                  MD5:13CBA9B83E6EFA161D75727DF200180E
                                                                                                                                                                                                                                                  SHA1:B2811B7661A2340AAB559FA0E478C360AA499977
                                                                                                                                                                                                                                                  SHA-256:92A78F8512A48A9C48BBFC851101CAB367180892F0B98724463FBB98122BCCE4
                                                                                                                                                                                                                                                  SHA-512:84C2FB055BA88C6B0331A37DE8B8661CE7EBE04B1448E7AE2A0C8FD8BCC7E5EB92DF5EDD050E2FA9076DD507FD1BF52535CF008E2E0A5B02602A61942098D4CB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Vous avez d'autres protections disponibles",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La Protection renforc.e est pr.te",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La Protection renforc.e est d.sactiv.e",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ces fonctionnalit.s de Protection avanc.e assurent votre s.curit. en ligne. Activez-les.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Vous .tes pr.t.! La prochaine fois que vous red.marrez votre navigateur, vous pourrez effectuer des recherches en toute confiance . l'aide de la Recherche s.curis.e McAfee, qui indique les sites que vous pouvez consulter en toute s.curit..",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Elle est d.sactiv.e car l'extension de recherche qui fait partie de la Protection renforc.e a .t. d.sactiv.e ou supprim.e. R.cup.rez ces fonctionnalit.s maintenant.",.. SEARCH_TOAST_ADBLOCK_BULLE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2273
                                                                                                                                                                                                                                                  Entropy (8bit):5.530360206154129
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvIoaSjp60i4X476LRiouHFshwFZcBqeOzT:CAejbVA8RcHFsh0yqeA
                                                                                                                                                                                                                                                  MD5:1B410752E8CDEB1343ED2406A08B9D0E
                                                                                                                                                                                                                                                  SHA1:E7DFF0CE68B129DE2DE50DCE20F05450B1D5B6C0
                                                                                                                                                                                                                                                  SHA-256:69000E655ED5329D01F0F2C299EC51A0FC2DAAC5B9E3CE2EE9830185F9659769
                                                                                                                                                                                                                                                  SHA-512:49F704BD64D9990723D50F6C25245D1175FCB36C624F5492C97E1B0CE530C483C694A63F08846276CA2C54AA45A5D6D4DD33D431BE6F1253D06806CFAE3EDCBD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Dostupna vam je ve.a za.tita",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatna za.tita je spremna",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatna za.tita je isklju.ena",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ove funkcionalnosti dodatne za.tite .ine vas sigurnijim online. Uklju.ite ih.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Sve je spremno! Sljede.i put kada ponovo pokrenete svoj preglednik, samouvjereno pretra.ujte uz McAfee Secure Search koji .e vam pokazati koje je stranice sigurno posjetiti.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Isklju.eno je jer je pro.irenje pretra.ivanja koje je dio Dodane za.tite onemogu.eno ili uklonjeno. Vratite ove zna.ajke sada.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee sigurno pretra.ivanje", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} vam pokazuje koje stranice su sigurne prije nego ih posjetite.",.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2388
                                                                                                                                                                                                                                                  Entropy (8bit):5.626397646753971
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvtCmH9aqAIDT5WSSWp7IpKwYnZmT+FLepwiV3l+MW:CFCmHMVIqtYY+BWGMW
                                                                                                                                                                                                                                                  MD5:E30CC8500AD87568C691A364F78EECBA
                                                                                                                                                                                                                                                  SHA1:F136DD6557D69578C6120D6379239B283824B61A
                                                                                                                                                                                                                                                  SHA-256:DDB352B8333DE60947356150E70E45EC17064AA2A906183345FE2393AE39AFBF
                                                                                                                                                                                                                                                  SHA-512:EC5C92CD8BEB4F7FFFC690074E09C46EC85F51C8F607B2A203678F626E910F2F8C9F5B3A3123610E8E0430FE438AFE3DA0A8A765CEC293C81DF4A4E877A0DAB5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "M.g hat.konyabb v.delem .rhet. el",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "A tov.bbi v.delem k.szen .ll",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "A tov.bbi v.delem ki van kapcsolva",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "A tov.bbi v.delmi funkci.k m.g nagyobb biztons.got ny.jtanak online. Kapcsolja be .ket.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Minden k.szen .ll. A b.ng.sz. k.vetkez. elind.t.sakor magabiztosan kereshet a biztons.gos keres.s funkci. r.v.n, amely megmutatja, hogy mely webhelyeket keresheti fel biztons.gosan.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Ki van kapcsolva, mert a tov.bbi v.delem r.sz.t k.pez. keres.s b.v.tm.ny le lett tiltva vagy el lett t.vol.tva. Vegye ig.nybe .jb.l ezeket a funkci.kat.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee biztons.gos keres.s", .. SEARCH_TOAST_ADBLOCK_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2180
                                                                                                                                                                                                                                                  Entropy (8bit):5.430870827158706
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvlUzrFEVioJofWr5HsJcxnyhXpwfJwTRraIiLG/J:CpVioJoerVsJWylSm4Ig0
                                                                                                                                                                                                                                                  MD5:5D8598F2201E45B9968CE8A89748048A
                                                                                                                                                                                                                                                  SHA1:B250DF2841FF5539739BB8AA7ED2E3D0DD173652
                                                                                                                                                                                                                                                  SHA-256:646BCC9EA896F1839F2D2FF0CDDDC84E13CF386AEB4D8CBF7A55825D024153B4
                                                                                                                                                                                                                                                  SHA-512:258CE89EB60E5F8622ABD2EA6B3FB4F66148EA1CE0846725EECFA0B3DB8F239B5052F43C27AB04B9433104E074BEA59153C282C0EC9A73B12D6FDC862E4F76F3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Puoi aumentare la protezione",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "La protezione aggiuntiva . pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "La protezione aggiuntiva . disattivata",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Queste funzionalit. di protezione aggiuntiva aumentano la tua sicurezza online. Attivale.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Tutto pronto. La prossima volta che avvierai il browser, la ricerca sicura McAfee ti mostrer. i siti sicuri da visitare.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ". disattivata perch. l'estensione per la ricerca che fa parte della sicurezza aggiuntiva . disattivata o . stata rimossa. Riattiva subito queste funzionalit..",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Ricerca sicura McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} ti mostra i siti sicuri prima di visitarli.",.. SEARCH_TOAST_ADBLOCK_BULL

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2689
                                                                                                                                                                                                                                                  Entropy (8bit):5.783492922423992
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CDihdOhGELq02HhMyCYaYPuMLmeStoN5PcvhvD8vsOgah:CDihdsjz2BMRNkmTgg5wRgah
                                                                                                                                                                                                                                                  MD5:4BED5D33E177BDA09929FBDD72EA51DD
                                                                                                                                                                                                                                                  SHA1:2AF0721F2D2792C6C556313AF9D05B53F976560A
                                                                                                                                                                                                                                                  SHA-256:3D400ACB69A7B7ECA3EAD276C21EFE3F6F696C89895AEE57379823C7C332C87D
                                                                                                                                                                                                                                                  SHA-512:6263770A13E14F21021C918B9CD0BA27D72269FC9AB8E4CEF40D7D714EAD5C8FBE0175F5208E1A7B932831642F8F0608CFD96583E3BCE3997762610A6DA45065
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_ADBLOCK_HEADING: "..............",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "............",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "...............",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "............................... .............",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".......... ....................... .... ....................................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".............................................. ...........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2396
                                                                                                                                                                                                                                                  Entropy (8bit):5.90958145143297
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOVLgXlf/klv04CjUXktjHaQLKOudpQVg/xFSQXmYQgpyyqK4wQNqDhOnwIju2O:C8FJUXy6XlbSvYi3wiQ2O
                                                                                                                                                                                                                                                  MD5:C96049216F6CF6DD9C07B87211553581
                                                                                                                                                                                                                                                  SHA1:870E75BD0CAB8F15ACCB40CF2F53D6A28975BB6A
                                                                                                                                                                                                                                                  SHA-256:51E2F7E5A5FCFA12C0B536ED4B8F5382C13661992D2F6844E771BCDA4FC993FC
                                                                                                                                                                                                                                                  SHA-512:943095D8F02D7567B75D5B243D993B295FBCDE8AF6C1B233AA15CA08110FB7E6C5483149EBDF750FAFAC29E8A2A54142E77E12496FB0B297F05CF1B572C2EDA2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_ADBLOCK_HEADING: "... ... . ....",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".. ... ... . ....",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".. ... .. ....",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "... .. .. .... ... ... ... ..... ... ....",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: ".. ........ ... ..... .. .... McAfee .. ... .... ... .... ..... .... ... . .....",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".. ... ... .. ... .... .. .... .. ... ... . ..... ... ... .. ......",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee .. ..", .. SEARCH_TOAST

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2170
                                                                                                                                                                                                                                                  Entropy (8bit):5.4514491250427435
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvJIksPYZC/uu6YZJN5QsKYmOArOhR/QExYkR2S:ChI1Y0/u3YYsGKrYS7
                                                                                                                                                                                                                                                  MD5:BB18F9BC97B5745E3C01D856D596071A
                                                                                                                                                                                                                                                  SHA1:01FA3741217B0A9180EC9C18DB48FB44F705791A
                                                                                                                                                                                                                                                  SHA-256:1DE722273E719DA415E21D398F0C4720A2B0EE1CE7E08C0BC5328CBAE6C5C694
                                                                                                                                                                                                                                                  SHA-512:525305A69E08AF263330D8CDE5594C91B849D9A4884BE1A31A1FC82E1D0456F6B44CF1911EB93409ACEAB6AE1330322C88FDFF30F7C65BE2D5B641B6BF7B52A7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Flere beskyttelsesfunksjoner tilgjengelig",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ekstra beskyttelse er klart",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ekstra beskyttelse er av",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Disse funksjonene i Ekstra beskyttelse holder deg sikrere p. nettet. Sl. dem p..",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Alt klart! Neste gang du starter nettleseren, kan du trygt s.ke med McAfee Sikkert s.k. Funksjonen viser deg hvilke omr.der som er sikre.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Den er av fordi s.keutvidelsen som er en del av Ekstra beskyttelse, er deaktivert eller fjernet. F. tilbake disse funksjonene n..",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Sikkert s.k", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} viser deg hvilke omr.der som er sikre, f.r du bes.ker dem.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2216
                                                                                                                                                                                                                                                  Entropy (8bit):5.445156491013825
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvKJpceq6RTcyrCBuH1ibZ/Pp93MK64kFUq5EpvnSWA8i:CQSN6Roy8uHwZHpi34TqmpqW1i
                                                                                                                                                                                                                                                  MD5:FC49ED40CB38256B5A7CBE1F0C4B2202
                                                                                                                                                                                                                                                  SHA1:498A72B88F985C16F27F8F364133B095BE714D43
                                                                                                                                                                                                                                                  SHA-256:46FCA5BFF9AFC70ADD46917F5E2912D7788BF06231B80C7D8A0A756032520A4D
                                                                                                                                                                                                                                                  SHA-512:F6131A864EEE2F067F23960DD756E1BA1CFC63245C8BF50835E0994A389D1EA82EFA614EE69040C32D586CF3D0F7EC1E7BCB020F23472F7FB5E237A4BE1D9AB4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "U kunt over meer bescherming beschikken",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Extra bescherming is gereed",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Extra bescherming is uitgeschakeld",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "De functies voor Extra bescherming verbeteren uw online veiligheid. Schakel ze in.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Klaar! Wanneer u uw browser opnieuw start, kunt u zorgeloos zoeken met Beveiligd zoeken van McAfee dat u precies laat zien welke sites u veilig kunt openen.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Het is uitgeschakeld omdat de zoekextensie die deel uitmaakt van Extra bescherming, is uitgeschakeld of verwijderd. Schakel deze functies nu opnieuw in.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Beveiligd zoeken van McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} laat u zien welke sites veilig zijn voordat u ze bezo

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2289
                                                                                                                                                                                                                                                  Entropy (8bit):5.686524926637267
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Cv4058MjlxcXI9qWiXgwsIvE8QK0tKWhEZ0JILHVI16sSIIRXCVmO:CQ01jCI9qXXLsIvE8Q5K+EOgVIEsSFX2
                                                                                                                                                                                                                                                  MD5:4E9C8EBB617AEFA754BB752550446493
                                                                                                                                                                                                                                                  SHA1:2576650CD564A5B1B1FB07F878B67B265A21312E
                                                                                                                                                                                                                                                  SHA-256:7774036B9B221F424A7504AD1098A1B448CF4469CC295BAA5133EE511AC078A2
                                                                                                                                                                                                                                                  SHA-512:BE70D312829A074BB81D2D1289C8C87482D18FDD553948922998AAD412CF14974865552005483C4538DD172BB8D235BA44A4E9423C22F0230ED74361691012F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Dost.pne jest wi.cej ochrony",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatkowa ochrona jest gotowa",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatkowa ochrona jest wy..czona",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Funkcje Dodatkowej ochrony pomagaj. chroni. Ci. w Internecie. W..cz je.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Konfiguracja zako.czona! Po nast.pnym ponownym uruchomieniu przegl.darki, Bezpieczne wyszukiwanie McAfee pomo.e spokojnie wyszukiwa., informuj.c o bezpiecznych witrynach.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Jest wy..czone, poniewa. rozszerzenie wyszukiwania b.d.ce cz..ci. Dodatkowej ochrony zosta.o wy..czone lub usuni.te. Odzyskaj teraz te funkcje.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Bezpieczne wyszukiwanie McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} pokazuje, kt.re witryny s. bezpieczne,

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2225
                                                                                                                                                                                                                                                  Entropy (8bit):5.478804103947096
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvVVlKrZ/ez2L3dpZszSJEufUo7G+Dz0I:CNq62LizsUoCaD
                                                                                                                                                                                                                                                  MD5:BE1565B167CA665AF9DA89F2C99C6050
                                                                                                                                                                                                                                                  SHA1:91D77D275A806BD2CD948C6B7F946C970CAC6556
                                                                                                                                                                                                                                                  SHA-256:C3D3598C8B7A700D33665D64B15B01BDD44A1CD2AD6579861B67223021CF8571
                                                                                                                                                                                                                                                  SHA-512:AF92ABE944E3DB088F4BFCE3E8959F3A20A5061E13E0E8BE68AD3023369766145AA7F1C675A20BF82975C4DEE24EAD14F4683FFF67A0771B66B7C41F4BD303B3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Voc. tem mais prote..o dispon.vel",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Prote..o adicional est. pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Prote..o adicional est. desativada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Esses recursos de Prote..o adicional o mant.m em seguran.a online. Ative-os.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Tudo pronto! Na pr.xima vez que reiniciar seu navegador, pesquise com a Pesquisa segura da McAfee que exibe os sites seguros de visitar.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Desativado porque a extens.o de pesquisa que . parte da Prote..o adicional foi desativada ou removida. Traga esses recursos de volta imediatamente.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Pesquisa segura da McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} mostra quais sites s.o seguros antes de voc. visit.-los.",.. SEARC

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2324
                                                                                                                                                                                                                                                  Entropy (8bit):5.473262216183594
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvOb9fKjnZdVrzzHUUFZeEi351TgV4/QbG9Ddzw:CWJmZTLUUFZgLQiTzw
                                                                                                                                                                                                                                                  MD5:3AFD031732AA78F7BAB6E1214D420900
                                                                                                                                                                                                                                                  SHA1:9E1EB0CE1D9A8833FCE6869724EC356E53C16369
                                                                                                                                                                                                                                                  SHA-256:B7BBB3ECF66EF27C200D02057A369802E0AC2A149F791C783B32EBFF0B246861
                                                                                                                                                                                                                                                  SHA-512:ED8BE2C8DF3C6BD33EB1931FAA9F43C6866E1F707FC90BA44C3DC6C0B1E598FB52B8F899A02C5E2D7466E973586E6FA750F280D87C40BED406F9D4DCD7494EE7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Tem mais prote..o dispon.vel",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "A prote..o adicional est. pronta",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "A prote..o adicional est. desativada",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Estas funcionalidades de prote..o adicionais mant.m-no seguro online. Ative-as.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Est. pronto! A pr.xima vez que reiniciar o seu browser, pesquise com confian.a com a Pesquisa segura da McAfee a mostrar-lhe que sites pode visitar em seguran.a.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Est. desativada porque a extens.o de pesquisa que faz parte da prote..o adicional foi desativada ou removida. Obter estas funcionalidades novamente agora.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Pesquisa segura da McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} mostra-lhe os sites que s.o seguro

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3288
                                                                                                                                                                                                                                                  Entropy (8bit):5.143824214783734
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:COrsBqgVZBkBuYVCdpLVREi4c1rTZPNiNbdD1P:CCsBqgVZiuYV8pLV16hV
                                                                                                                                                                                                                                                  MD5:DDD046C06FEC8646E05300BDB004A799
                                                                                                                                                                                                                                                  SHA1:58F0669910C890ECE44C3B739939675E48DACD7E
                                                                                                                                                                                                                                                  SHA-256:F486043DC3C4CAE1C518FA434E0A89E4CF0E18FC73B7DC432DD61AC5BB92F629
                                                                                                                                                                                                                                                  SHA-512:39A11A7C19273CA753418240C0D1C73CBE8DFC808C96E0F4546066C33455D65D551136B4D0FBFC4C78A8B442FEF9BCBBDB312F16753E947B9EF68CB7930F099C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: ". ... .... ...... ............ ... ......",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".............. ...... ......",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".............. ...... .........",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "... .............. ....... ...... ............ ............ . .......... ........ ...",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "... ......! . ......... ... ..... ............ ........ ......... ..... . ....... ....... ........... ...... McAfee, ....... ........., ..... ...-..... ......... ... ..........",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADIN

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2276
                                                                                                                                                                                                                                                  Entropy (8bit):5.7622122869733
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOvdg0FQ8YIcT3JOzrgffdIxL8EHbgnDHKXldVV/aVcFUC7wQi0o0ekfSanwINx:CvW8zM6pE2VDVGc377SI/xzF1
                                                                                                                                                                                                                                                  MD5:E16F194FFDA6AB76D2D868046FB2F2B8
                                                                                                                                                                                                                                                  SHA1:E0E1B13814F8FB44B310B334F5572AC756DBB2BC
                                                                                                                                                                                                                                                  SHA-256:5E15279D70F7C588A90FAA6389BAAD0D34C1F8604C9CCAB074A6DF5E9D4B8156
                                                                                                                                                                                                                                                  SHA-512:34DF75A842BA4BDA5B2E89FD5B9B307E89661502CB7956E15FCBD395DC6EC6DA069D73151D19824202B221708F9C13FB4839384E6D399698F1952103D03C9267
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Pon.kame v.m viac funkci. na ochranu",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Zv..en. ochrana je k.dispoz.cii",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Zv..en. ochrana je vypnut.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Uveden. funkcie zv..enej ochrany v.s ochra.uj. online. Zapnite ich.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "V.etko je nastaven.. Po re.tartovan. prehliada.a v.s zabezpe.en. vyh.ad.vanie McAfee ochr.ni pri prehliadan. a.zobraz. str.nky, ktor. je bezpe.n. nav.t.vi..",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Funkcia je vypnut., lebo roz..renie vyh.ad.vania, ktor. je s..as.ou zv..enej ochrany, bolo vypnut. alebo odstr.nen.. Z.skajte tieto funkcie sp...",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "Zabezpe.en. vyh.ad.vanie McAfee", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} v.m porad., ktor

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2217
                                                                                                                                                                                                                                                  Entropy (8bit):5.532907790773258
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvzaSNcoHl5A0Pt0opbUbFpGbQg55EfVLssM:C5NH5AatiFpNMc4sM
                                                                                                                                                                                                                                                  MD5:B225B3E84906A0A5B8454B9CC16403E5
                                                                                                                                                                                                                                                  SHA1:F2FE84A206A0B63DF3C53EC5440CB9A51C532DB4
                                                                                                                                                                                                                                                  SHA-256:3E1B25C92A7094643954D22E7C7299B76A5D636BC4EFDC6AE16C0C852EC620ED
                                                                                                                                                                                                                                                  SHA-512:CFFF68546E00A7EBEC7B737CCB6091E2CCC1F0A1EBB03F1E2407E75AF90D8A396FB296F32F6FEC6959755F021ED2C8E5C6BCF12F7C5D116CF450988B0850660A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Imate na raspolaganju vi.e za.tite",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Dodatna za.tita je spremna",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Dodatna za.tita je isklju.ena",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ove funkcije Dodatne za.tite .ine vas bezbednijim na mre.i. Uklju.ite ih.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Sve je spremno! Slede.i put kad budete ponovo pokrenuli svoj pregleda., pretra.ujte sa samopouzdanjem uz McAfee Bezbednom pretragom koja vam pokazuje koje lokacije su bezbedne za pose.ivanje.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Isklju.ena je jer je ekstenzija pretrage koja je deo Dodatne za.tite onemogu.ena ili uklonjena. Vratite odmah ove funkcije.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Bezbedna pretraga", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} pokazuje vam koje lokacije su bezbedne pre nego .to i

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2111
                                                                                                                                                                                                                                                  Entropy (8bit):5.531940800460125
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOvdggWQRZC50gO/GNxNteo7XH8QU/OC8Q5zuVJAlbGF5ON1y8mJbc3NU7nfv1Q:Cvg5Lf7jC1iVJkbJ1YJbYChTR+N
                                                                                                                                                                                                                                                  MD5:3403610FDAC61B972ED43C219F22F672
                                                                                                                                                                                                                                                  SHA1:DEE8ECDAABE38D9C88714F3082E0C32307834863
                                                                                                                                                                                                                                                  SHA-256:55BC9A5B80F0D0608F5596A37FDA04F1C75AFCD7B92A3C05FFE73BDB55409BF0
                                                                                                                                                                                                                                                  SHA-512:7BD79D1ACA466FB3040B9EDB563B279CD48C1667C920B0324DDF86F2DDFD1374BA8071A5F537DF0133D14E6B59E258F5E4492B4066D6B4945DE536290E928EDC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Du har mer skydd tillg.ngligt",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ut.kat skydd .r redo",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ut.kat skydd .r av",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ut.kat skydd-funktionerna h.ller dig s.krare online. Aktivera dem.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Klart! N.sta g.ng du startar om webbl.saren kan du s.ka tryggt d. McAfee s.ker s.kning visar dig vilka webbsidor som .r s.kra att bes.ka.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Det .r av eftersom s.ktill.gget som .r del av Ut.kat skydd inaktiverades eller togs bort. F. tillbaka funktionerna nu.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee s.ker s.kning", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} visar dig vilka webbsidor som .r s.kra innan du bes.ker dem.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "Annonsblockering", .. SEARC

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2206
                                                                                                                                                                                                                                                  Entropy (8bit):5.572151998283136
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOvdg/UOH95vCfoXiRvLa/sGcdDSqi+2O1ebxZQ25BMblR/B2sK3SZ/Z9vKlmCO:CvSG/GoSqi+Z7bQspvKG68dd30nUv
                                                                                                                                                                                                                                                  MD5:A2BF5A99464327D8C6CB893F6C439EEB
                                                                                                                                                                                                                                                  SHA1:07B8E11224358434B69A9517C87AAB4560CDBF7D
                                                                                                                                                                                                                                                  SHA-256:1FC51E901832EE6C1570A9D9167FF7C14C016996BA019C100434F87A2BAC474C
                                                                                                                                                                                                                                                  SHA-512:ACACA98D1F2CD472822C9478AF83DDEFED8D49B16AC88EAF9ACE7D543354AEC45725B2926BAEE0EA4687A74107D27B12855E6A3574E6E3E5E4608EB42643E9A9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: "Daha fazla koruma se.ene.ine sahipsiniz",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "Ek Koruma haz.r",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: "Ek Koruma kapal.",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "Ek Koruma .zellikleri sizi .evrimi.i korur. Hepsini a..n.",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "Her .ey haz.r! Taray.c.n.z. bir sonraki ba.lat...n.zda, hangi sitelerin ziyaret edilebilece.ini g.steren McAfee Secure Search ile g.venle arama yap.n.",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "Ek Koruma'n.n bir par.as. olan arama uzant.s. devre d... b.rak.ld... veya kald.r.ld... i.in kapal.. Bu .zellikleri hemen geri al.n.",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee Secure Search", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0} ziyaret etmeden .nce hangi sitelerin g.venli oldu.unu g.sterir.",.. SEARCH_TOAST_ADBLOCK_BU

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2043
                                                                                                                                                                                                                                                  Entropy (8bit):6.252788266367725
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOZgVstn8dWjt8EWNjtM7LLyllJtjEcjt/dcz58qNAMdstxjl7BnwIj86+HXJJH:CjBt/wppKWMGzRl9d+3CjTQb
                                                                                                                                                                                                                                                  MD5:136E335FFFF5C09C8D45F3AC2DCCCCA2
                                                                                                                                                                                                                                                  SHA1:E678FDB546E8DEF80C4669A03359185766707BFA
                                                                                                                                                                                                                                                  SHA-256:57D566D0D6C5322BD4B3AE3E32E43A81048142D127FBF638A0668807EF211CFD
                                                                                                                                                                                                                                                  SHA-512:55EF7E5F7103D08F055163C4EC7462D025393D473F69A2171FC03979F474C0280CA28945FBB5582E5E48748F1529214380ADACF89C2861BBBFF095919A445145
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_ADBLOCK_HEADING: "..........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: "..........",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "...................... .....",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "..... .................................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: "........................ ...........",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: ".......", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: ".......{0} ..........",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2: "......", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_2

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2123
                                                                                                                                                                                                                                                  Entropy (8bit):6.278958296554494
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:CvaX+Mm6t8MZoD+KKtSr5FlITWiyViRXixEfUMu:CCX+Mm6WcCKWQi4SxEMMu
                                                                                                                                                                                                                                                  MD5:6086CC3903036253F01AF24FDEE7C53A
                                                                                                                                                                                                                                                  SHA1:CA0CA223E2C748EF97FC55CB0CC0C470CE068522
                                                                                                                                                                                                                                                  SHA-256:06869E709D71E852F90DB62AC5D72DEF614B6B7862ADCB5A80C4E61A351DA04B
                                                                                                                                                                                                                                                  SHA-512:03C892A4839C3B09F7A790FA889AA73938C4C52B95B500D43024C6818CBC81DE0B4A5EA840265D8445722CAE04FD89A0E2C0DA133D71DE2A730B5BE07E1106A5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_ADBLOCK_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_READY_HEADING: ".........",.. SEARCH_TOAST_ADBLOCK_REENABLE_HEADING: ".......",.. SEARCH_TOAST_ADBLOCK_SUB_HEADING: "............................",.. SEARCH_TOAST_ADBLOCK_READY_SUB_HEADING: "................McAfee ..............................",.. SEARCH_TOAST_ADBLOCK_REENABLE_SUB_HEADING: ".............................................",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_1: "McAfee ....", .. SEARCH_TOAST_ADBLOCK_BULLET_NORMAL_1: "{0}.......................",.. SEARCH_TOAST_ADBLOCK_BULLET_STRONG_2:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):908
                                                                                                                                                                                                                                                  Entropy (8bit):5.688820613029769
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HUDAS6FXOqZG1g4zBFU+K6IPHf7q4qtoxnuBaY2MUKmbt:7HbzFOKGy16IPTq47uqbt
                                                                                                                                                                                                                                                  MD5:25600BAE80F5CB75634E66D438A3ED87
                                                                                                                                                                                                                                                  SHA1:A6BD998A6F8BC4228AB739D30118E587FCEF229A
                                                                                                                                                                                                                                                  SHA-256:4D9275A965EA4DB4423AFD61F15BBCF892A16B841039C49CDBC4C2C2E7137992
                                                                                                                                                                                                                                                  SHA-512:52741F63385F776C8393DC7ABE4B931D48E95FB4882020A343D4FD68F363F7C71FE3CBBE22A4459E25F3A9A8923CE175A0FC86550CAF97E7160BC23208B9B4C0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nem.te slu.bu Bezpe.n. hled.n. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. prov.d.n.ho pomoc. vyhled.va.e Bing upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT: "Chcete vyhled.va. Bing doplnit o slu.bu Bezpe.n. hled.n. a b.t v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_SUB_FOOTER: "Po restartov.n. prohl..e.e zapneme slu.bu Bezpe.n. hled.n. a nastav.me vyhled.va. Bing jako v.choz..",.. SEARCH_TOAST_YES: "Ano",.. SEARCH_TOAST_NO: "Ne, d.kuji",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Zapneme slu.bu Bezpe.n. hled.n. a nastav.me vyhled.va. Bing jako v.choz.."..}..//FF98ACC354B545567CA5D01D513C6EB584299B4AB03A5FA783F85AE184C0527F66C6AD287475F6E30D2FBFC1C93534ABA862DEE5CB9259BD5D78343BDF2D9C64++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):807
                                                                                                                                                                                                                                                  Entropy (8bit):5.48546336024787
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HaufsEtijFTUd42Vd+PQhF2FAZePvosQ:++s9TUd42Vd+Y3VeXtQ
                                                                                                                                                                                                                                                  MD5:B703435844FC64ACB0E8B66023BBBF72
                                                                                                                                                                                                                                                  SHA1:2A30A8373B69E603EBEE037C9619A77BE41AB40D
                                                                                                                                                                                                                                                  SHA-256:9679209EA147A58E6208244A1FE1096F27F7E7562C7A9336CC97611354277D2E
                                                                                                                                                                                                                                                  SHA-512:689AB439FF9A18D7A3C1B62B2CC7098A924FDFB77CD046641C8D9BDC2FE4D15E0132F7AF030F392EC6ACF0E95B5C9A1A3FF9E45F896A15777C53E78CEB52F36A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har ikke sl.et Sikker s.gning til . s. v.r forsigtig!",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning leder dig v.k fra risikofyldte websteder i Bing-s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT: "Vil du f.je Sikker s.gning til Bing, s. du undg.r at komme ind p. grimme steder?",.. SEARCH_TOAST_SUB_FOOTER: "Vi sl.r Sikker s.gning til og .ndrer standards.gemaskinen til Bing, n.r du genstarter browseren.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nej tak",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi sl.r sikker s.gning til og .ndrer standards.gemaskinen til Bing."..}..//AC3E60B396EE5D724C7E17F84B4F779296FF62D757427CF7185926D7D8A2258157CF441CB9D0379D0B13CBD65B35520D68E4CF032ED0860B1F15198A523ADE01++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):863
                                                                                                                                                                                                                                                  Entropy (8bit):5.3420058632941165
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOaJltkh2FsMZCvXCQtROXJZMBTNJVrfIMX3K6DNJ4lIVFvF2wjpqtODNJ4lIgX:7HGgFJZ+X0qvX66Q+3F2wlPQ+gSZwj
                                                                                                                                                                                                                                                  MD5:0E75E9D6285D37C533F5F4CC930AFA12
                                                                                                                                                                                                                                                  SHA1:B82EEF55389EE9D554E98BAA6B9F54B7990BDBF6
                                                                                                                                                                                                                                                  SHA-256:271299AEEEAE9E51AABA8E770E280E4F621CB08FFC2762DCF7358A68E314ADB6
                                                                                                                                                                                                                                                  SHA-512:D45D245CC5678AE5EF00EB4C1DFE2F0AAF7C09C551A371CE00843975BEB5D1AAF640649D5C2846EFF9C6778B1CDFA4D559DB3C325D23973F21E101921EB285CC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Die sichere Suche ist nicht aktiviert . seien Sie vorsichtig",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Bing-Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT: "M.chten Sie die sichere Suche zu Bing hinzuf.gen, um Kriminellen immer einen Schritt voraus zu sein?",.. SEARCH_TOAST_SUB_FOOTER: "Wir aktivieren die sichere Suche und .ndern Ihre Standardsuchmaschine zu Bing, wenn Sie den Browser neu starten.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nein danke",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Wir aktivieren die sichere Suche und .ndern Ihre Standardsuchmaschine zu Bing."..}..//FFB880235CF4154BA0E03FB3C17C538DFF8032B766C32880B61AEB170C9CA4C6EBA5139B9C45716E3B219320D5395F3A0164CD3FA5C452EDF4C5DB1B7E5DE45A++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1522
                                                                                                                                                                                                                                                  Entropy (8bit):4.955552194749003
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HB3IsMXLr2bnATla3ybWG2hbiLy+wgjxUbiPRjGXnMxv:W2UTlaLvbiVGbidCnMv
                                                                                                                                                                                                                                                  MD5:39FB7B5125A164684B163EB346081AF1
                                                                                                                                                                                                                                                  SHA1:651B92A732751624F9A9C4B1A4416B8F52175175
                                                                                                                                                                                                                                                  SHA-256:B56D36EC8D9F9D4921D8391975A87A7FBECA1D0698E8FFA0F08C8963BF496C57
                                                                                                                                                                                                                                                  SHA-512:30275A695980EB10A662AFFF7985F25BA79C5313800C413C5111BA0BE07F4E10A87E3EB3DF7ACA438622412AEB966616D0CE21FF267B02C5ED570F2155FEABE8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "... ......... ... ...... ........., .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ .......... ... ... ........... ... ......... .. .. ......... Bing.",.. SEARCH_TOAST_BODY_TEXT: "...... .. .......... ... ...... ......... ... ......... Bing ........... .. ..... ..... ... .... ....... ... .... ............. ...........;",.. SEARCH_TOAST_SUB_FOOTER: ".. ............... ... ...... ......... ... .. ........ .. Bing .. ............. ......... .......... .... ... .....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):780
                                                                                                                                                                                                                                                  Entropy (8bit):5.341048253661898
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HdW9H3npSuVNTzLo4uiJH7IyOtS9eDqt1IyafdAYkuvNS:7H8XpSuVNTzxcCeD7FdAYBS
                                                                                                                                                                                                                                                  MD5:A2FFDC45B6EE34B91AF0946585771BDE
                                                                                                                                                                                                                                                  SHA1:94B05EDF970F53DC4BF9D12D3947A01A36BD719D
                                                                                                                                                                                                                                                  SHA-256:8C14DAD3A286BAF2CFD48299C29CA207D001034C015EF506E36F1976B6671D2E
                                                                                                                                                                                                                                                  SHA-512:CCBF2F98F761A8A7035248EB1FDEECC7AD1244495403E16179A61B2FF181BDF30396E8C5FB2A78B95B8EBE8EEE8669E0B00C54BE22DD5820FE9AF4EAFC74039B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "You don't have Secure Search . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your Bing search results.",.. SEARCH_TOAST_BODY_TEXT: "Would you like to add Secure Search to Bing and stay ahead of the bad guys?",.. SEARCH_TOAST_SUB_FOOTER: "We'll turn Secure Search on and change your default search engine to Bing after you restart your browser.",.. SEARCH_TOAST_YES: "Yes",.. SEARCH_TOAST_NO: "No thanks",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "We'll turn Secure Search on and change your default search engine to Bing."..}..//B8F1A499F644094CDFB0462EDE3201EAD0A2F156E7AEA19B74C6F29FAD300BB976E31754B7E95BE5507A45F642230E99F2F92D930C510EEB53BF5CADF9F91399++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):834
                                                                                                                                                                                                                                                  Entropy (8bit):5.3858921587981206
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HTOW06YIJHM8MEIoyLLQZSUJHHrSXXY0Vqt15ZSUJaN5HkgvpE3/0:7HqpQJHM8MnoyEpmHYGm5oN5HHes
                                                                                                                                                                                                                                                  MD5:47049A10A4264E4DAACEC2A36EC9786B
                                                                                                                                                                                                                                                  SHA1:F1B31EDC542651DB3E3088987B11FAC66B89B5CD
                                                                                                                                                                                                                                                  SHA-256:1E4C4CDAB0233C51D0E14F21912C65CDF558C58626D1EBDC7F047BCDE34AFB52
                                                                                                                                                                                                                                                  SHA-512:0F419C60637750154EB86B59E0173EB131E453438E0B9DFD915E82AA85A41AF53F3D3A7DD3B1786108D5999B035AAF649F792187D10217DAD0A9C4DBAF0B6A9E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "No dispone de B.squeda segura, tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura elimina los sitios web peligrosos de los resultados de sus b.squedas en Bing.",.. SEARCH_TOAST_BODY_TEXT: ".Le gustar.a a.adir B.squeda segura a Bing y olvidarse de los malos?",.. SEARCH_TOAST_SUB_FOOTER: "Activaremos B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing despu.s de que reinicie su navegador.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, gracias",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Activaremos B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing."..}..//C3EFC3A6C064EAF1EBDA56B5E11061565E56D90CAC0D79DF9E495DCEDE018698A616475E7FBC1EFEF976CFC742F14760AC12BEED830F408576446472611C8BEF++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):848
                                                                                                                                                                                                                                                  Entropy (8bit):5.377366640690806
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HT9+6YzsinKM8MEIe4LyO3KVoqZSUJHHrSXXY0Vqt1BbSUJKsQCIesw6hHZ:7HCsiKM8Mne4X3QpmHYGmboxCcb
                                                                                                                                                                                                                                                  MD5:E94546A330D9A84041AF8C18130A13FA
                                                                                                                                                                                                                                                  SHA1:8D14B572D01F1CA3189C7BF949B5A748CD3E53A4
                                                                                                                                                                                                                                                  SHA-256:FD572014052A9D4D7DBD1984BCB2E4970C938BD062D5BD6593542B9BBF058AF5
                                                                                                                                                                                                                                                  SHA-512:7A66F44908097BEEA94A6C4234A6F9FDDF56819AB0D5DB4894A92D8AD784B538FCF134CD873EDCC45D6F0A9FB557CC01D0D8909909432D863F1F5454649FAFC6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "No tiene b.squeda segura: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura lo aleja de los sitios peligrosos de los resultados de sus b.squedas en Bing.",.. SEARCH_TOAST_BODY_TEXT: ".Le gustar.a agregar B.squeda segura a Bing y mantenerse por delante de los malos?",.. SEARCH_TOAST_SUB_FOOTER: "Activaremos la B.squeda segura y cambiaremos su motor de b.squeda predeterminado a Bing despu.s de que reinicie su navegador.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, gracias",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Activaremos la B.squeda segura y cambiaremos tu motor de b.squeda predeterminado a Bing."..}..//774793A544BA2248B5833B0E776F4611EAA4EB7250A3A19C2D9E3F3EA4065586EF84326915E50F5B234F3B232B25C3570C991E0D4A36C9269E411010C66951FA++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):837
                                                                                                                                                                                                                                                  Entropy (8bit):5.4144506945268285
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HQ2htHsNn+dWfoRVfeEfoRilDiBOWKGk:5hFs1fgrfDcOWlk
                                                                                                                                                                                                                                                  MD5:FFF760F6D0DD396B14B0914DD168BA6C
                                                                                                                                                                                                                                                  SHA1:76F46B903184CCE7D107E00B96187EE777EB10B0
                                                                                                                                                                                                                                                  SHA-256:A2D57FF4F6D92FEC608A19E5046DCFF235C729B54A7D937B5018DCF6A8E7F1F3
                                                                                                                                                                                                                                                  SHA-512:900C7A228554B545DD5030B3107F2A7795CC22A5939FF0C5E470042127D2CDF45BE72A6F4D4B1799A413F6BC39FF2B0EB4D6108AA34F7735291F76846857EBC5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sinulla ei ole suojattua hakua . ole varovainen",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat Bing-hakuja.",.. SEARCH_TOAST_BODY_TEXT: "Haluatko lis.t. suojatun haun Bing-hakukoneeseen, jotta pysyt jatkuvasti muutaman askeleen rikollisten edell.?",.. SEARCH_TOAST_SUB_FOOTER: "Suojattu haku otetaan k.ytt..n ja oletushakukoneeksi muutetaan Bing, kun k.ynnist.t selaimen uudelleen.",.. SEARCH_TOAST_YES: "Kyll.",.. SEARCH_TOAST_NO: "Ei kiitos",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Suojattu haku otetaan k.ytt..n ja oletushakukoneeksi muutetaan Bing."..}..//F36551F9A9786F5A72ED5D54B9955A66A49D8540ED039E8A9D7D0A6C8DED74F04BF183CE0823D30E21406B3B639C92401CD72EF71B41725F72E5E4919B98B23C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):927
                                                                                                                                                                                                                                                  Entropy (8bit):5.353545614692768
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HW5WFTGeg5rqskm8wwbY6xQam8wwbY6NAQyBA:uWFTGeg5Wwv6Bwv6NncA
                                                                                                                                                                                                                                                  MD5:7C90FFF94970FD205D36B3D5C6421F87
                                                                                                                                                                                                                                                  SHA1:2BF3110C1DB900549DDD1D665FE854CBC0FDAD69
                                                                                                                                                                                                                                                  SHA-256:2C89C632F1521FD9018ADCBCFBF2A230FDB566A7E753DB08C00AB5DA6216A741
                                                                                                                                                                                                                                                  SHA-512:08A8C21DAE59127C95F3B3EBB510BD74522399803F97F04243029DB70931B1E78811E35738ECB9AFD88B0E89E7F0C6F02CE7E7C0AD18E028375D91D0D6F7E450
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attention! Recherche s.curis.e n'est pas install.e dans votre navigateur.",.. SEARCH_TOAST_SUB_HEADING: "Recherche s.curis.e vous met . l'abri des sites Web dangereux figurant dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Souhaitez-vous ajouter Recherche s.curis.e au moteur de recherche Bing et d.jouer les escrocs?",.. SEARCH_TOAST_SUB_FOOTER: "Nous activerons Recherche s.curis.e et configurerons Bing comme moteur de recherche par d.faut apr.s le red.marrage de votre navigateur.",.. SEARCH_TOAST_YES: "Oui",.. SEARCH_TOAST_NO: "Non merci",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Nous activerons Recherche s.curis.e et configurerons Bing comme moteur de recherche par d.faut."..}..//57C8DAE1DF8839ACB4D9C48570AFCE42B073F5A306ACEBF8254FB5A7ED724684540E07C7BAD7328F7F4C6B8B88AA7D84D43C6F9B6FC18BA6902C2B144F45FF82++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):940
                                                                                                                                                                                                                                                  Entropy (8bit):5.361699743281387
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HNL7EemtP5RTOpwemfw8uWY6xxAamfw8uWYSwwpd+g:R7EemtPaiwX6CwXAdh
                                                                                                                                                                                                                                                  MD5:2808E40E4DEFAE387C8213265FF1C6BD
                                                                                                                                                                                                                                                  SHA1:69F1AB49982FCA26E3C378F17D011F67DC104F6E
                                                                                                                                                                                                                                                  SHA-256:131381B90DC8FCD58B612C1E740E80F3E18C564AE37C0744C526849128022A3B
                                                                                                                                                                                                                                                  SHA-512:B9AA89A4F058A2D8045E160F32C7F821FB2632D4B3568F854AB5C8263B80466ED0B8BB7BABE30DF84B269532D9B78FF87D0C084CDABEBBADFE05E1A3DEEA410D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Soyez prudent, vous ne disposez pas de la recherche s.curis.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche Bing.",.. SEARCH_TOAST_BODY_TEXT: "Voulez-vous ajouter la recherche s.curis.e . Bing et garder une longueur d'avance sur les personnes mal intentionn.es.?",.. SEARCH_TOAST_SUB_FOOTER: "Nous activerons la recherche s.curis.e et d.finirons Bing comme votre moteur de recherche par d.faut apr.s le red.marrage de votre navigateur.",.. SEARCH_TOAST_YES: "Oui",.. SEARCH_TOAST_NO: "Non, merci",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Nous activerons la recherche s.curis.e et d.finirons Bing comme votre moteur de recherche par d.faut."..}..//EA11169CB4A238A8439DB55895CC03A02F88C6CFFE0A0BE6534AA158863B5454F409F9A1DE18BB8116832D1C71C0630A7A02E8E669F24D8C267131F8682DFA09++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):798
                                                                                                                                                                                                                                                  Entropy (8bit):5.4203719090467235
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HM+9DuIg9sCZwzJl//L9hd9MuGvPJHCqtL9MuGkSUFSMf+z0VEj:7HMogol25vxHCD5kS2T+z0VK
                                                                                                                                                                                                                                                  MD5:3DC9E0B9876B48A4B9AF1EEB885A8EEB
                                                                                                                                                                                                                                                  SHA1:F49F1963BE7796E356DDE80CBD707A29D0D3BA72
                                                                                                                                                                                                                                                  SHA-256:AABC136B40C5DC53335F87524A8A02F9A6BB21EA705A2DDDFFDFE1B12F4FC27D
                                                                                                                                                                                                                                                  SHA-512:C776E51C6E602FECF0B52741A86F550C3FADAF61F0C5755F037815133CF6A01E94B0E32B28BE5B2E00C7B206E0A8BECB92EC36399861F5BA822D80CD778D7AC4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nemate sigurno pretra.ivanje - budite oprezni",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata Bing pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT: ".elite li dodati sigurno pretra.ivanje na Bing i ostati ispred?",.. SEARCH_TOAST_SUB_FOOTER: "Okrenite sigurno pretra.ivanje i promijenite zadanu tra.ilicu za Bing nakon ponovnog pokretanja preglednika.",.. SEARCH_TOAST_YES: "Da",.. SEARCH_TOAST_NO: "Ne, hvala",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Okrenite sigurno pretra.ivanje i promijenite zadanu tra.ilicu za Bing."..}..//58564E968C6A1DD2A3B01E6CAA43C802D43886AA300213AB786B403029C4AFA1A15CFEA82F1E419D0F21A3BD40757F0000F2F410BEE9BCF0640F6E9AEAEEF483++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):922
                                                                                                                                                                                                                                                  Entropy (8bit):5.595558799392145
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HL8d6oBd5US6Xdd7qQpuYeBdyEpFnY45EgpuYeBddpFtvF:q6ojijX/+QpuJjTYH+uJjj9
                                                                                                                                                                                                                                                  MD5:B38B90C7D9DFD87A593F15953D541B8D
                                                                                                                                                                                                                                                  SHA1:58DFE87DA7B330E62DF1B80F3F61B66304EB49D0
                                                                                                                                                                                                                                                  SHA-256:FD5FB9E7E89817195524ADF8E387ADD1CA2D2EB6BE05F6BDB648ECF97618F1BE
                                                                                                                                                                                                                                                  SHA-512:D68F00E1E0E9990D8C12829691C95814832D87A015435627FBD21F1895FDE6C85E91ACB36D805C69F7CA46E3FE607DA1469565E31C834F6F95EFC9B9165B94DD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nincs biztons.gos keres.s funkci.ja . legyen .vatos",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a Bing keres.si eredm.nyei k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT: "Szeretn. hozz.adni a biztons.gos keres.st a Binghez, hogy n.h.ny l.p.ssel mindig megel.zze a rosszfi.kat?",.. SEARCH_TOAST_SUB_FOOTER: "Bekapcsoljuk a biztons.gos keres.st, .s a b.ng.sz. .jraind.t.sa ut.n az alap.rtelmezett keres.motor a Bing lesz.",.. SEARCH_TOAST_YES: "Igen",.. SEARCH_TOAST_NO: "K.sz.n.m, nem",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Bekapcsoljuk a biztons.gos keres.st, .s az alap.rtelmezett keres.motor a Bing lesz."..}..//ED836E20F822E064FC27F5397135316DE08C17C7B7CC8357DA7DC005E6CD3EE7CF05A51E030F4A904D09DABCBF494CBD1C7B366892AAF6A82D4948A06F82D824++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):819
                                                                                                                                                                                                                                                  Entropy (8bit):5.274707792713194
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7H1J1Z2psz/XEKapHoCv815HFl+pqtKHoCv8elQQEHn1X4O:7HB8OXEhpICvoFlIhICvtlyHOO
                                                                                                                                                                                                                                                  MD5:2700305936DBB03114A934D5E9757167
                                                                                                                                                                                                                                                  SHA1:A1AEDB794816FD8BA9B33455BFB848E68A659805
                                                                                                                                                                                                                                                  SHA-256:93C9C109C10004B94C7D96E01C2759988FE6250C1F1B73247443FC6E45E40ACE
                                                                                                                                                                                                                                                  SHA-512:47302DC536B6FE20680C89B55B77361FF70B2D35C1EF54B3FE58CEDBDA1BDE3CA577459804B8F5463B5261C52B884E0DF1036DCE96C82C1BEDCCD61CE7CD28FF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attento, non stai usando la ricerca sicura",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche con Bing.",.. SEARCH_TOAST_BODY_TEXT: "Vuoi aggiungere la ricerca sicura a Bing e tenere alla larga i malintenzionati?",.. SEARCH_TOAST_SUB_FOOTER: "Attiveremo la ricerca sicura e imposteremo Bing come motore di ricerca predefinito dopo il riavvio del browser.",.. SEARCH_TOAST_YES: "S.",.. SEARCH_TOAST_NO: "No, grazie",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Attiveremo la ricerca sicura e imposteremo Bing come motore di ricerca predefinito."..}..//8BD8DCF847C401B1CCB745554373A6FFAA03B6BF5C11295B0B4E8F8D4493B225C738440B991532D6E3771E7B734A3CB86C14DAB121AD5678086207E4C8FE22CC++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):943
                                                                                                                                                                                                                                                  Entropy (8bit):5.727860477750984
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7H8PQbHaQ4gy2XLCreYv6RlqkYvIsZc6FU:4PQzanP2XLInvKc1vIsZc6FU
                                                                                                                                                                                                                                                  MD5:B9EA0C2C353F18C73103DCDE34582F81
                                                                                                                                                                                                                                                  SHA1:2E1372FD055A0A653B74D1A59D93655D9325A232
                                                                                                                                                                                                                                                  SHA-256:813D941EB5BA6E03DB6F03559A58C695155965CE4477262EA2FC16DADEFCB47E
                                                                                                                                                                                                                                                  SHA-512:8B5F98EEA3F6ECD2E3DE81254FC74715DF3CCAB7388C82C0AAD8B885F156913EBF6FA687071159608D3C9BB51776A00ADED2FC6AEB48D98B2760048164777751
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".... ..........................",.. SEARCH_TOAST_SUB_HEADING: ".... .....Bing ....................",.. SEARCH_TOAST_BODY_TEXT: ".................. .... Bing ........",.. SEARCH_TOAST_SUB_FOOTER: "................ ...................... Bing .......",.. SEARCH_TOAST_YES: "..",.. SEARCH_TOAST_NO: "...",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".... ....................... Bing ......."..}..//DA01E07B3AED3210BAFE875F8D72CA79BF9454EEB7A2AF50A50C696C70F935F0F98C142936703D21CC5ADAA4AD572EB6A55E502717A8AED04C6E9520CFA33A06++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):823
                                                                                                                                                                                                                                                  Entropy (8bit):5.904020544863617
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HN1I68EVZFj2F/40kOv8k16xQl07Cqtk16xQlXViKLPG:7Hx9E7ka8kg7CtJi0PG
                                                                                                                                                                                                                                                  MD5:E4A9B3945989307F6F382464CD744E8B
                                                                                                                                                                                                                                                  SHA1:D5E1E18DDE7569A5DD8FE13D515205DDC383BDFD
                                                                                                                                                                                                                                                  SHA-256:C0E4EF29C1F6BE33016D640AA0C830FEF3A060BA54367279E3AF52FD10682994
                                                                                                                                                                                                                                                  SHA-512:3133314D072BA67286DE48E0180C3C63003D5B9D4F2779B7FD2A460D7B4B9A767E2BA1295E038A59EE16E0D23E432780A8D311469B8D35ACE3B850D56D2403C3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".. .. ... .. - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... Bing .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT: "Bing. .. ... .... ... .. ........?",.. SEARCH_TOAST_SUB_FOOTER: "..... .. ... . .. ... ..... .. .. ... Bing.. ......",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "...",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".. ... ..... .. .. ... Bing.. ......"..}..//6A7DEE9087F9EC7BBA4AD778A150895A4B364827E29FDC6AE28234A1050818FF253B9B7A0FE703E9ECEBA311685E68285E7A05CF4E169D72B64BC0ED47120049++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):759
                                                                                                                                                                                                                                                  Entropy (8bit):5.417701316840642
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7H4jM/QjBU4dkyU/6FkbS7CWJCYfUfGKF2cFqtEFJCWJCYfUyx/YgQUsfopm8:7H0MojXdUCFHtrfyGKF2yZtrfF/FQUsY
                                                                                                                                                                                                                                                  MD5:DCC0E4F0385CD17A2104343BA2911706
                                                                                                                                                                                                                                                  SHA1:150AC510338E47891E9E2248349E1665897F2A02
                                                                                                                                                                                                                                                  SHA-256:43429C208099375FA9FD521367429E21E24C46BFF9ACCE8185F16270CA23C0ED
                                                                                                                                                                                                                                                  SHA-512:114F84A9F11FDFD9A22BD24084893025374E96B921D8A72EA81A52D1D75742FF8436658DA55C11554EE6872624483906ED77787CA4B5ABCAFCF314346B544197
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har ikke Sikkert s.k - v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna skadelige omr.der i Bing-s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT: "Vil du legge til Sikkert s.k i Bing for . ha et forsprang p. skurkene?",.. SEARCH_TOAST_SUB_FOOTER: "Vi sl.r p. Sikkert s.k og endrer standard s.kemotor til Bing n.r du starter nettleseren p. nytt.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nei takk",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi sl.r p. Sikkert s.k og endrer standard s.kemotor til Bing."..}..//A72DA50EC9AC06D7482911C2F7459BA883D06416E8BC28EDE8D630AA5F1BC7517BFE51F448950ED756F6F8C9324714B9F09DA9ECD6CEBC538844F6B0E8AEEFC0++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):807
                                                                                                                                                                                                                                                  Entropy (8bit):5.38083502499888
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HrtakxOEfqPZq7oYde5XPCF2sbde5XXiWLF5XTK:vkk8jPtYwRoDwsWJ5XTK
                                                                                                                                                                                                                                                  MD5:5390F1358FB4E917C84EF5ABBC6C1658
                                                                                                                                                                                                                                                  SHA1:EAC25B929A6FF110A89E16193763263CE887AD0C
                                                                                                                                                                                                                                                  SHA-256:27A7D47438445F0BD5004A702E13BFD96B9914A073A023AAE7A4DE6023592C4F
                                                                                                                                                                                                                                                  SHA-512:3B6E11C7F093EB57E9DB04DAC7B778E52B1BFB0E543DED0B1B46586130E242D830FFA6853918CC31D349D616F75C6A5BBAA4C76287A9418A3C67F6C8FDF1D446
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "U hebt Beveiligd zoeken niet: wees voorzichtig",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten op Bing vermijden.",.. SEARCH_TOAST_BODY_TEXT: "Wilt u Beveiligd zoeken aan Bing toevoegen om criminelen een stap voor te blijven?",.. SEARCH_TOAST_SUB_FOOTER: "Wij schakelen Beveiligd zoeken in en maken Bing uw standaardzoekmachine nadat u uw browser opnieuw hebt gestart.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nee, bedankt",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Wij schakelen Beveiligd zoeken in en maken Bing uw standaardzoekmachine."..}..//2AEDE587301434BD6F7D34E67A62ADC3A28EBCA3976817D65847907881E114CAC2C833806E77EEF466AA4C9CFB3C9511A83E097B4222AF2E53E2ED02B3200A94++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):840
                                                                                                                                                                                                                                                  Entropy (8bit):5.562707190506282
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOnXZoB12oBsflpBcPMfaBpgXJveZsBpgXJZpucnp:qXZI12IAdcMGaX7aXztp
                                                                                                                                                                                                                                                  MD5:8CD94C0E84D172021E443288F177B6BE
                                                                                                                                                                                                                                                  SHA1:EB42776CCF5B8AF1C32DDD24B06F410B0613FE3A
                                                                                                                                                                                                                                                  SHA-256:FBB644E96F686AE1851427470EA8E2445D108A5BC3E20E45B5071D416E5C548A
                                                                                                                                                                                                                                                  SHA-512:9979911E8DD5B0D5B8F38EF614E3EEE6FBA3CAFE3F683C245B344902BBF4F11D80E04FC0BCC1D17F8220CB09D78AD1E8751321D0BDE4118EBFAB4481289D3FC4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Uwa.aj, nie masz wyszukiwarki Bezpieczne wyszukiwanie",.. SEARCH_TOAST_SUB_HEADING: "Bezpieczne wyszukiwanie eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT: "Chcesz doda. bezpieczne wyszukiwanie do przegl.darki Bing i uprzedzi. zagro.enia?",.. SEARCH_TOAST_SUB_FOOTER: "Po ponownym uruchomieniu przegl.darki w..czymy bezpieczne wyszukiwanie i zmienimy domy.ln. wyszukiwark. na Bing.",.. SEARCH_TOAST_YES: "Tak",.. SEARCH_TOAST_NO: "Nie, dzi.kuj.",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "W..czymy bezpieczne wyszukiwanie i zmienimy domy.ln. wyszukiwark. na Bing."..}..//16D96677B35676937A9D41C8627A98A69B3B83E9FA31CCF16B911ED626E8BF510AB621E7B6F782168A4AC9C6A67137828AC2014635F879EFCF5A8793EED15A2C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):836
                                                                                                                                                                                                                                                  Entropy (8bit):5.28267754410806
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HEJVEPlVLVGGWF/7Qy7XTLYG7MJgZ6GuISWM8jgqtNpG7MJgZ6GuzKh3/Eb+jXS:7HouiF/rDTLdtZy6MTZtZyziv5jC
                                                                                                                                                                                                                                                  MD5:FFBFB67FFF4A57CB2BF6B0976961FD32
                                                                                                                                                                                                                                                  SHA1:9DDD77AA9A47D86CFF915BAB18D68B38DFE62670
                                                                                                                                                                                                                                                  SHA-256:FBEB7FDA6D73218AD42017694C6BCA596FBD0373CAF7B48D7EE7BF85008F9EF5
                                                                                                                                                                                                                                                  SHA-512:A8769F0B93CC6FA3A5654ACCAE15A5EC5F3319D6795104C2382FEBB49DF4602448E34C536B42EFCC17809624D8EA4DCA5A98A84D097681A450FECC1C5A4A5383
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa segura n.o est. ativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura evita os sites perigosos nos resultados da pesquisa do Bing.",.. SEARCH_TOAST_BODY_TEXT: "Gostaria de adicionar a Pesquisa segura ao Bing e se antecipar aos criminosos?",.. SEARCH_TOAST_SUB_FOOTER: "Ativaremos a Pesquisa segura e alteraremos seu mecanismo de pesquisa padr.o para o Bing depois de o navegador ser reiniciado.",.. SEARCH_TOAST_YES: "Sim",.. SEARCH_TOAST_NO: "N.o, obrigado",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Ativaremos a Pesquisa segura e alteraremos seu mecanismo de pesquisa padr.o para o Bing."..}..//C25ECF30C4BD302A13219B5A268DD6617F0CFAAB4048B1A0E5C75C3AD1A63ABBD4C845D23019F3FECEA14F1F0157E753907514F9C05FA81CF5A471409291697F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):823
                                                                                                                                                                                                                                                  Entropy (8bit):5.329367395193231
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HR7EVLOEcQWFnQgj7366Jb7yg4HjSa8jgqtMJb7yg4HjmDdgAB82PhWgmU4:7HRrnFjjhJbOg4uaTRJbOg4qiAGMd4
                                                                                                                                                                                                                                                  MD5:EFD9A142051629949381A15651137D9A
                                                                                                                                                                                                                                                  SHA1:06CFE48E497E024F3BE5DB00A204618C5E8C67A8
                                                                                                                                                                                                                                                  SHA-256:A580628E3F4A89BAF57948A960029934F9A5E81AF9EF973525D5E4E787F0D49D
                                                                                                                                                                                                                                                  SHA-512:FBC96E939F5848DD13C89852CC086022074F0405FE9970CF1CFE686EF6B55F673E860D27C506D146B091D48532D8DF823FADC1E14C105DEC381AD9034DCDE71C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "N.o tem a Pesquisa Segura, tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa Segura ajuda-o a evitar os sites perigosos nos resultados de pesquisa do Bing.",.. SEARCH_TOAST_BODY_TEXT: "Pretende adicionar a Pesquisa Segura ao Bing e antecipar-se aos malfeitores?",.. SEARCH_TOAST_SUB_FOOTER: "Vamos ativar a Pesquisa Segura e definir o Bing como o seu motor de pesquisa predefinido ap.s reiniciar o browser.",.. SEARCH_TOAST_YES: "Sim",.. SEARCH_TOAST_NO: "N.o, obrigado",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vamos ativar a Pesquisa Segura e definir o Bing como o seu motor de pesquisa predefinido."..}..//E803ADAF0E5B8F915FF234994EC38446AD7ECB6139E7EC509291AA945F7F628F5BE421906DAB7B099AF0B8EFBB160A26E546B184E132EACAEFE47014D010CC3C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1189
                                                                                                                                                                                                                                                  Entropy (8bit):5.126253876575131
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7H0i5Cke6gyt20qJNs2OSVptfnZMtXye4qfjFsX58cMtXye4qfHC6stx9O:IMCke6gyJqjbOSfNnS9yHiT9yHK9stO
                                                                                                                                                                                                                                                  MD5:9843CA14E0D8184651EB3775C31B5128
                                                                                                                                                                                                                                                  SHA1:3048CBB11C88908F0FECBA09BED67CD0AF78141F
                                                                                                                                                                                                                                                  SHA-256:5E3E2F7B7221C2B348EB99FA98C8B897A0B944ED3D8CF9D712FC8626A276913E
                                                                                                                                                                                                                                                  SHA-512:393CC1AF009661741EA405BC18C10CC85E7918138D50C5CE9B8E690F3AFD8402FC7D5CA5186692707E4293CED3557306E3BEDBC835D6F55EF97E1CFB0BC12A5D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "...... ........., .. ... .. ........... .......... .....",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... ...... Bing.",.. SEARCH_TOAST_BODY_TEXT: "........ .......... ..... . Bing ... ...... .. ...............?",.. SEARCH_TOAST_SUB_FOOTER: ".. ....... .......... ..... . ....... .... ......... ....... .. ......... .. Bing ..... ........... ...... .........",.. SEARCH_TOAST_YES: "..",.. SEARCH_TOAST_NO: "..., .......",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: ".. ....... .......... ..... . ....... .... .........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):959
                                                                                                                                                                                                                                                  Entropy (8bit):5.700243558664091
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HUMukzWX/lJxvkgn45U1bORyg+yqto3bXsz7YWcm:7HmVXDxTbOsg+yuz7YFm
                                                                                                                                                                                                                                                  MD5:BE2D6A1389AE9FB88C9647F21A2D5CE8
                                                                                                                                                                                                                                                  SHA1:AED36EBFB36E6D75605B7ECAE45BA8046C6FA904
                                                                                                                                                                                                                                                  SHA-256:86680FBD329AE08D4AA65432C290A35D9ACBE04B54AB4087DD9CBADA8750F38B
                                                                                                                                                                                                                                                  SHA-512:8DFFEC80CA203AAF891ACBC47489D5834AAD4098B992F82D1E0A4D77C3FE13CD5AB46EAF490D2FF2B2E275213D6EF95880ED619F348AD6DA72661A004CFE333F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nem.te zabezpe.en. vyh.ad.vanie . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s vo vyh.ad.vacom n.stroji Bing chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT: "Chcete prida. zabezpe.en. vyh.ad.vanie do vyh.ad.vacieho n.stroja Bing a.zachova. si ochranu pred mo.n.mi .to.n.kmi?",.. SEARCH_TOAST_SUB_FOOTER: "Po re.tartovan. prehliada.a, povol.me zabezpe.en. vyh.ad.vanie a.zmen.me predvolen. vyh.ad.vac. n.stroj na Bing.",.. SEARCH_TOAST_YES: ".no",.. SEARCH_TOAST_NO: "Nie, .akujem",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Zapneme zabezpe.en. vyh.ad.vanie a.nastav.me vyh.ad.vac. n.stroj Bing ako predvolen.."..}..//4482827471F204E3CF5963D684DBF75B78AE5933F9404399755FD2B6A9A2E59F6D6248D3A145E8B79940C79A49BA15D222E30723290B39AB331AC24C4A199567++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):791
                                                                                                                                                                                                                                                  Entropy (8bit):5.497616174223849
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HM3Rzi2T//nHkpIUaSB1kd1BgqDHCqtMB1kd1BgqRlgo6GBdihe7:7HM3B0T3kd/DDHC53kd/Dzue7
                                                                                                                                                                                                                                                  MD5:B60F420D4E9C5CF72662E5D64B8CF1EC
                                                                                                                                                                                                                                                  SHA1:CDFA09E1DBB11A6A960EA144DCBE7F1C3B17CAA7
                                                                                                                                                                                                                                                  SHA-256:F7E5E8F5111BD5369979B92C1409B8F421CEA264884CE51858C82C965797BCE1
                                                                                                                                                                                                                                                  SHA-512:FD6F20FDFBD61C0B5F9AF20418DD7EF74AC07322337480444D26ADF9C56DD74CEEE4B45F8663AFE7369AFB81E43C4B4BADA46D133F9050BB20355F496D96A603
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Nemate bezbedna pretraga - budite oprezni",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u Bing rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT: ".elite li dodati bezbedna pretraga u Bing i ostanite napred?",.. SEARCH_TOAST_SUB_FOOTER: "Uklju.ic.emo bezbedna pretraga i promeniti podrazumevani pretra.iva. na Bing nakon ponovnog pokretanja pretra.iva.a.",.. SEARCH_TOAST_YES: "Da",.. SEARCH_TOAST_NO: "Ne, hvala",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Uklju.ic.emo bezbedna pretraga i promeniti podrazumevani pretra.iva. na Bing."..}..//0E4846AFB8160CCE421340A6DF95405F44E9D70A3FEB9306F787BFA142C7CBD10579A3E9F98362AA11DA6D935D1A133E38F29DE8F36814B26AD82A35E84D98E1++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):847
                                                                                                                                                                                                                                                  Entropy (8bit):5.475369864788056
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HBZa8gL2eN/Ttn2gW6DTXMoOF2FTnZ2gW6DTVi1EMeVljCCz:CuY/ZrT70GZrTkp6lmCz
                                                                                                                                                                                                                                                  MD5:CF757C7351AED3455E772A926496AEFA
                                                                                                                                                                                                                                                  SHA1:CB616A0D34E7FA86DF3BE171297507B01BC2E0D7
                                                                                                                                                                                                                                                  SHA-256:417EB3E457AF7A78D01731B0E758345D123D8FCD2F652F29748432704D271526
                                                                                                                                                                                                                                                  SHA-512:68680D92FD200A4631853FA0F56D7B3A67500E957A55E83B4D9078894C2D90888FCE68DDD0F10315D683F2DCD9FE7548D8FFF32C1A7FDE3D1AD5F4B09EAA4A3B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Du har inte s.ker s.kning . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i Bing-s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT: "Vill du l.gga till s.ker s.kning till Bing f.r att h.lla dig steget f.re skurkarna?",.. SEARCH_TOAST_SUB_FOOTER: "Vi s.tter p. s.ker s.kning och .ndrar standardalternativet f.r din s.kmotor till Bing efter att du startar om webbl.saren.",.. SEARCH_TOAST_YES: "Ja",.. SEARCH_TOAST_NO: "Nej tack",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "Vi s.tter p. s.ker s.kning och .ndrar standardalternativet f.r din s.kmotor till Bing."..}..//747BE5AB5DD6F5DE8CB96EBD639FDF42EEF0AFD684EF611640FC1C8BFD9C221E06546E8FB0733498BE5FB42380DF1BDD409527B4C6D4FEBC18C53388AF8767C3++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):857
                                                                                                                                                                                                                                                  Entropy (8bit):5.540532104557865
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HMhMT4PwAf00hBLUF8Tt7zYE3MKUR59HQmeonSqt9UxQme7osBUDdbdqJVZh:7H8O44Yh88x/YE8PJfTnStfSB6yVZh
                                                                                                                                                                                                                                                  MD5:96B8EED5F1398DDD82F4EB5DA1BF6F93
                                                                                                                                                                                                                                                  SHA1:A713EFDC1EF6F65E3DF1D2AC43534C5D79D9C1F8
                                                                                                                                                                                                                                                  SHA-256:5C449AA1E4D7CA792C0E82382B4EBB84EACC6B283BD4F6F5ECB67A539A61F4C2
                                                                                                                                                                                                                                                  SHA-512:742FF4869769691798A7B164E5E5E7942393BA9C2E8B08F6EC6CC7034F5636C55EA78931A999597CA2E2CEA180860B5111BCBE85DEE2B8A6061E76156C5EB163
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "G.venli Arama'ya sahip de.ilsiniz, dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi Bing arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT: "G.venli Arama'y. Bing'e eklemek ve k.t. ama.l. ki.ilerden uzak durmak ister misiniz?",.. SEARCH_TOAST_SUB_FOOTER: "G.venli Arama'y. a.ar ve taray.c.n.z. yeniden ba.latt.ktan sonra varsay.lan arama motorunuzu Bing olarak de.i.tiririz.",.. SEARCH_TOAST_YES: "Evet",.. SEARCH_TOAST_NO: "Hay.r, te.ekk.rler",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "G.venli Arama'y. a.ar ve varsay.lan arama motorunuzu Bing olarak de.i.tiririz."..}..//439ED26CBEA259FD87D7C2C49DB2EACDE1E8351C21F28AC028563BD0FAFC8B1E44FF77711F51DE465E0308229BD9E6EF010CA52775CEA9DAF0B1F6307B50FF24++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):777
                                                                                                                                                                                                                                                  Entropy (8bit):6.220881869000409
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HZeVjrLdwETCJeYNVLkfD9nktuLMSleNyunyHS8K+9qtBuKeNyunyHc28ymyYmm:7HujCHVLkr96S4fnyHd99zfnyHFjPm
                                                                                                                                                                                                                                                  MD5:7933D7D94B07C1C29DDEDE2C03A78A9F
                                                                                                                                                                                                                                                  SHA1:1F57F17F623EB4E954A134BA64C0BB8296CC2A39
                                                                                                                                                                                                                                                  SHA-256:8820E1EB2B0E28088EE152F8F086CE1F3EB2B09E8E2443CD68F86F79DA695304
                                                                                                                                                                                                                                                  SHA-512:D4B5FED4291CE52EC642ACF5AB4BC2D30EA0235F1AA32B0CB2620DDC2A5D24E072FFC516B8371273D11C94991C7A0B40C08415E06A47EDAB571F43D9F0AAFD17
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "......... . .....",.. SEARCH_TOAST_SUB_HEADING: "......... Bing ............",.. SEARCH_TOAST_BODY_TEXT: "......................... Bing?",.. SEARCH_TOAST_SUB_FOOTER: ".............................. Bing.",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "....",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "..................... Bing."..}..//890317085F8CEFABEC755868532EC221C9D818F415040A7AE5A387E513810A375EC8079997465CCB14FA1F0C6DDE69A1F1F4BC7589D708A11FD4D91B93B8D3FB++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):747
                                                                                                                                                                                                                                                  Entropy (8bit):6.176568616865499
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HdRjeD31S5BdlevclAZKdKX0S19HS8KFy9qtNSNv7l2Hch0lmjGGG+a:7H76D31Sy8AZKIz19Hd79qU7l2H2A/tV
                                                                                                                                                                                                                                                  MD5:3B85E7578BA0B96B73EF59556E82E947
                                                                                                                                                                                                                                                  SHA1:1CBDFF48CDFA06329E552F6A6044F39C1EDA2D1C
                                                                                                                                                                                                                                                  SHA-256:E5E3B40926F66684B70BEAEFDD3329EBD160E50DF3CE593217A883BD34769218
                                                                                                                                                                                                                                                  SHA-512:6DDE76E27BCCD6A68F0BC5A6F1EB71CDFCE2FF54C00BF413451E6B1CEDC6DDB2D8BF43C1BB77D2E375E994C1EA001F6916FBFD869D546D6AF18B4A811BE8D04A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "...........",.. SEARCH_TOAST_SUB_HEADING: "......... Bing ............",.. SEARCH_TOAST_BODY_TEXT: "......... Bing...........",.. SEARCH_TOAST_SUB_FOOTER: "............................. Bing.",.. SEARCH_TOAST_YES: ".",.. SEARCH_TOAST_NO: "....",.. SEARCH_TOAST_SUB_FOOTER_NO_RESTART: "...................... Bing."..}..//142BEDE18BA7AB5DDDECDB37BC8963E32AA4B73E08B695DF0CFC9C7ED8926518FC53AEB0D078295B055C4F3EB5790599CC4E8DCE078884BB5DF250DA74327391++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7420
                                                                                                                                                                                                                                                  Entropy (8bit):5.691914931807602
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CXLFSeinF0GY2zegRdgmgV+2bt9kuB9Ouy9kuv9FoEGopoMgLmVvuu38:CXLF5WF0SHMt9kg9O39kIOEGQZVds
                                                                                                                                                                                                                                                  MD5:0AF7B0D19B981DAC7835AFC59D0A895C
                                                                                                                                                                                                                                                  SHA1:F73D39431035097600FB458CD055F592D89204EE
                                                                                                                                                                                                                                                  SHA-256:F30A49A450B25B73172D9ADE7DE59BE0D445081AABB272441BEB689F43C9D1D2
                                                                                                                                                                                                                                                  SHA-512:7DD8DAE8C6C1000E5CD548649D08381521B19AD44A5466A5F81CC1EA3A49B037C0A8DDC8E77671A165D7BAD477976F9B035A4F60DACB3EAD2B6244A478FE7F40
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Slu.ba Bezpe.n. hled.n. je vypnut. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT: "Chcete zapnout roz...enou ochranu p.i hled.n., abyste byli v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_OPTION: "Ano, chci po restartov.n. prohl..e.e zapnout slu.bu Bezpe.n. hled.n..",.. SEARCH_TOAST_DONE: "Hotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nem.te slu.bu Bezpe.n. hled.n. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcete p.idat slu.bu Bezpe.n. hled.n. a b.t v.dy o krok nap.ed p.ed podvodn.ky?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ano, p.idejte slu.bu Bezpe.n. hled.n.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6899
                                                                                                                                                                                                                                                  Entropy (8bit):5.422872173360446
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CjNwgL2CS6ddGw2jKK3A/BZ6mQNeTNlspRmbM1BM0t+lWcoLa8XcZ+lWch9FF/3c:CWToK3A/Bj32ttCWy8XgCWSj/o03WwHS
                                                                                                                                                                                                                                                  MD5:B88C65F680FBB8D21DB06A956B6E4857
                                                                                                                                                                                                                                                  SHA1:A0A6BB3EAF5B7C94373BFAC4670B09394C936D2D
                                                                                                                                                                                                                                                  SHA-256:96146C96D178F61671C796307668D7CD08FF9CF8D14F619A264F414E5601B53D
                                                                                                                                                                                                                                                  SHA-512:D517F64A8514B945D5EDFEA7710E528B3186414CDF821DE96DCE9A6BD17EAE53440034AF4A9D23C8A173F6F800C28C8932E0029BAC8E486CC60C3684D180CA89
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sikker s.gning er sl.et fra . v.r forsigtig",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning leder dig v.k fra risikofyldte websteder i s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT: "Vil du v.re et skridt foran forbryderne og have ekstra sikkerhed, n.r du s.ger p. nettet?",.. SEARCH_TOAST_OPTION: "Ja, sl. Sikker s.gning til, n.r jeg genstarter browseren.",.. SEARCH_TOAST_DONE: "F.rdig",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har ikke sl.et Sikker s.gning til . s. v.r forsigtig!",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sikker s.gning leder dig v.k fra risikofyldte websteder i s.geresultaterne.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vil du tilf.je Sikker s.gning, s. du undg.r at komme ind p. grimme steder?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, tilf.j Sikker s.gning til min browser, og s.g som standard ved hj.lp af {0}.", // {0} SEARCH_TOAST_*.. SEAR

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7159
                                                                                                                                                                                                                                                  Entropy (8bit):5.352254521660053
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:C9EB5FeK92iZaU3vFJMGNMmXdtUGj/7vFyDGkHEXcFt98m:C+5/btltJ/7vFOEMpv
                                                                                                                                                                                                                                                  MD5:72A9D075BE6CA7F50BC8502FC097FED4
                                                                                                                                                                                                                                                  SHA1:49C7C3670E8A296E821D52F4BBCB5B81389A6AC0
                                                                                                                                                                                                                                                  SHA-256:9B51B9AFFE147ACAC7CB4AC39293ED89CADA6522CD9D40B7647B311321C059B2
                                                                                                                                                                                                                                                  SHA-512:E797E73D93D59E4657FD883087235641ECA8D5F018EB6BDA99D798CEEA3E4C13CB12998C6D195F35419E2F4E2BAA05F5DC747795997E7E181F1DFDEF83B9C1FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Achtung: Sichere Suche ist deaktiviert",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT: "Wollen Sie Internetkriminellen mit zus.tzlichem Suchschutz immer einen Schritt voraus sein?",.. SEARCH_TOAST_OPTION: "Ja, ich m.chte die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. SEARCH_TOAST_DONE: "Fertig",.. SEARCH_TOAST_HEADING_COMPLIANT: "Die sichere Suche ist nicht aktiviert . seien Sie vorsichtig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "M.chten Sie die sichere Suche hinzuf.gen, um Kriminellen immer einen Schritt voraus zu sein?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, die sichere Suche in meinem Browser hinzuf.gen und Suchen

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):991
                                                                                                                                                                                                                                                  Entropy (8bit):5.765372087226622
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOM3oeWURG11jdHDUUOSj6TrY3jdHjdVtiSTj6cUnjdMA8Y9pcO48jeEy5v4:7HOvMrWh1WTMBgF5Rjnl
                                                                                                                                                                                                                                                  MD5:AC1AB1A5C3522E1993EFA82AA6392230
                                                                                                                                                                                                                                                  SHA1:BC08AE91A1D65EA1B0395B5F080F1B64B9B77CBC
                                                                                                                                                                                                                                                  SHA-256:E30D87D35857D8007E8833A2951591585ADAB2D69614EC49584DCC468BAE9594
                                                                                                                                                                                                                                                  SHA-512:399B70FCE8C0AAE1B1E4938A03A09E863A12E73CC6F5935BF5CA30EF1E0A94E90D7EA4A5D45B3E032C7552177D58B15DCD8647664BFD002BDEEF387F8587E2AA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "D.l.te si starosti s t.m, .e budete sledov.ni online?",.. SEARCH_TOAST_SUB_HEADING: "Pou.ijte prohl..e. DuckDuckGo s ochranou McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Soukrom. hled.n. s prohl..e.em DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} zaji..uje, .e historie hled.n. z.stane v soukrom..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Funkce Bezpe.n. hled.n. McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokuje .kodliv. odkazy ve v.sledc.ch hled.n..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bude pou.it jako v.. v.choz. vyhled.va..",.. SEARCH_TOAST_YES: "Vyzkou.et soukrom. a bezpe.n. hled.n.",.. SEARCH_TOAST_NO:"Ne, d.kuji"..}..//78E4C8A9ECD3F14644932DEEE8E0AFB4C675FE05800A7A6CF3878450A30239CC217CED8EA015DF6315C7BB6CF8657C8A459CAED3F2215AF27BE20BBF4357E2FD++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):900
                                                                                                                                                                                                                                                  Entropy (8bit):5.583587789385049
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyODmFK9r7NWME1jdHvyjC8C9JYBjdHjda88SjNwojdbnEl48twdLORxG/kTAl:7HOvCQ9NWMEcCrYFnwinQ4KwdGkeLW
                                                                                                                                                                                                                                                  MD5:A795497E5B860214E7B321E7E62C3DA6
                                                                                                                                                                                                                                                  SHA1:DA11CF3323379526CC743F9034A66D00C258E91E
                                                                                                                                                                                                                                                  SHA-256:80C415DC74EF8B294C40BF7D517DAE61B2004F870CB61DF1162C0B30843653C0
                                                                                                                                                                                                                                                  SHA-512:A4FDA7FCDFA5A407E9CD28212029447A07194B6727BF8F4E018F82E0836E7CBA04CC67244ED583D42FE070E3A4890D98739643C073CCDC9F5D1392F476C93D8B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Er du bekymret for, at der bliver holdt .je med dig online?",.. SEARCH_TOAST_SUB_HEADING: "Brug DuckDuckGo sammen med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Anonym s.gning med DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} s.rger for, at din s.gehistorik forbliver anonym.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sikker s.gning", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokerer skadelige links i s.geresultater.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bliver din standards.gemaskine.",.. SEARCH_TOAST_YES: "Pr.v anonym og sikker s.gning",.. SEARCH_TOAST_NO:"Nej tak"..}..//453BECE13AB4A6814C489EDA7109940ED88D91DD5238443CE3E44645B4844D55BC9A6BA7AD9C665FF1AAF719920BDB55A0159D69B86766BDFEC186B1220F7CA7++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):936
                                                                                                                                                                                                                                                  Entropy (8bit):5.5537200344672035
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOIV8tfCIjdHkjPqqbjdHjdar9jICnqjkjdAhalRVnzQYjLzg0QjNNO+NOr:7HOvc8yqrLLBQJ7NO+Ur
                                                                                                                                                                                                                                                  MD5:62C9351571E9B70C529B0BBE1650E186
                                                                                                                                                                                                                                                  SHA1:6E685D1681C6F68969C89F31A774D496A3619D0C
                                                                                                                                                                                                                                                  SHA-256:FFB02A8085057968BE4193592191A4092C6D1889061AE0B0945A438DAFE3D474
                                                                                                                                                                                                                                                  SHA-512:D8A08A9E0E925E9163E1B96E009482839CC3478F69A90746B8F70558654B78331A708A385AB4FDFEA69200CBFBF1C835C60E987731AEFC27E1F619308FE6455E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sie wollen keine Online-Tracker?",.. SEARCH_TOAST_SUB_HEADING: "Verwenden Sie die McAfee-Erweiterung in DuckDuckGo.",.. SEARCH_TOAST_BULLET_STRONG_1: "Privater Suchmodus in DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} . damit ist Ihr Suchverlauf f.r andere nicht sichtbar.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sichere Suche", .. SEARCH_TOAST_BULLET_NORMAL_2: "Die Erweiterung \"{0}\" blockiert b.sartige Links in Suchergebnissen.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo wird als Ihre Standardsuchmaschine festgelegt.",.. SEARCH_TOAST_YES: "Private und sichere Suche testen",.. SEARCH_TOAST_NO:"Nein danke"..}..//20B5260045C69615632672AC3CD0104B1E57CB0B1EDAB5EAA6C5CD79FBDB87FE48A21A362CA91007DFAD49E2D30322E897327AB0344F24F7D6005A19030E1CCA++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1278
                                                                                                                                                                                                                                                  Entropy (8bit):5.518147815258277
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOvdVOfNkrI8gvMi3QonM4diUPg4Z3TarwS3:CvdAVktgfQoMmiUDZ3TCn3
                                                                                                                                                                                                                                                  MD5:9E2749A40AC2137D7873258524ACE18F
                                                                                                                                                                                                                                                  SHA1:C945B26AC96CEC907F21529DCE13F5028DF9D53A
                                                                                                                                                                                                                                                  SHA-256:4A5E4A85DA24C9485263FE4397727798F0A6B295CFF63AAF2A838FA6AD919DB4
                                                                                                                                                                                                                                                  SHA-512:6ED7AB68286094A463F5A0C84D124409DCFF7BC65DE5AC57B3FE02DB8CDCFF2637D95B968DAB4906D7FA0CB0D8254B5BABD5D1C5243624663254C067F6DA1C93
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "... ........ .. ........... . ............. ... online;",.. SEARCH_TOAST_SUB_HEADING: ".............. .. DuckDuckGo .. .. McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "........ ......... DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: ".. {0} ..... .. ........ ... ........... ... .........", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "....... ......... McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: ".. {0} ......... .... ........... .......... ...... ... ............. ...........", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: ".. DuckDuckGo .. ..... .. ............. ......... .......... ....",.. SEARCH_TO

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):851
                                                                                                                                                                                                                                                  Entropy (8bit):5.539248357264239
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyO8zqqNPR4t1jdHMLBjaPCuYh8jdHjdatBjPvkTzgjdA8xvsHqZOdszXpO9bF:7HOv8moyALKFYhl5kTzqsHqlzXKqc
                                                                                                                                                                                                                                                  MD5:F9E842F3615AB3A48C6F73DCD7AB9F5B
                                                                                                                                                                                                                                                  SHA1:14B77175DA047BBB62A0F2BA1897B9C87F1F975C
                                                                                                                                                                                                                                                  SHA-256:2A8349A0FB11C957DCA4BBC666D08B171C3D5C18E984F9DD113B65DC6F08E675
                                                                                                                                                                                                                                                  SHA-512:A4E16CC39D674755C6E570F7429E99F9D5DEA0337ED2DA5722CFB05A1C36FAAB40A3965A10E5CD86F66E0C86AF0B0B6DC917EE4D881E2DA51D228FA83DD508D5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Worried about being tracked online?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo with McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} keeps your search history private.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Secure Search", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blocks malicious links within search results.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo will become your default search engine.",.. SEARCH_TOAST_YES: "Try Private & Secure Search",.. SEARCH_TOAST_NO:"No thanks"..}..//1F6BBD78FF71A6E86A22F74CF8885B3CB12921D09A7B00C7F6D9E6C2E66154E368C4F2328CB80CAEB93836A62D76DD4EF6D47EF8D0F5C2884016C84145F40947++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):945
                                                                                                                                                                                                                                                  Entropy (8bit):5.566317231814581
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyO9ocZRs11jdHCajW7SuTQQQjdHjd0Fmzjq0KdQjdEiSZSUjETASKse+krTq6:7HOvy71A7JPmS0gR54TYzmH8v
                                                                                                                                                                                                                                                  MD5:EFA7F2BE0D78290500250354A70DF1A5
                                                                                                                                                                                                                                                  SHA1:9B120B02B9956EAF2F453F0C7E4C3693D26080AA
                                                                                                                                                                                                                                                  SHA-256:9F39A16F86B26E6A6D92816FD89AE93477BE0853CE3D4472A9E86811F6AE9F0B
                                                                                                                                                                                                                                                  SHA-512:999846F8DC5C42BFC08826BE6BACCA591A0A3B7FA59013F11B523118E5DC8851162C02D9BD926FC5342A975E44CB62A12D2FCCFF8BE8F23EE416411AF23BA043
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".Le preocupa que rastreen sus actividades en Internet?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "B.squeda privada de DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} garantiza la privacidad de su historial de b.squedas.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "B.squeda segura de McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloquea los v.nculos maliciosos en los resultados de sus b.squedas.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ser. su motor de b.squeda predeterminado.",.. SEARCH_TOAST_YES: "Pruebe las b.squedas seguras y privadas",.. SEARCH_TOAST_NO:"No, gracias"..}..//2CC7F7DE8FB2FB8F2D23DA93931DC7E74286D496627D3890C9B4F68A2E560E1C0D5F5C56A66878CF66A2D2B212647AE9774E5E623F37A5EE66A7CCEB1AE4153C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):925
                                                                                                                                                                                                                                                  Entropy (8bit):5.5849308487806795
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyO9ZHhHmdks11jdHCajZyFK2jdHjd0Fmzjqrpo3FK2jdEDE/ZSUwIesOFsJzR:7HOvdHmdN1nnzmSiA74HcHy
                                                                                                                                                                                                                                                  MD5:FC39A3F152024DBB756DB5AC6BDD5B62
                                                                                                                                                                                                                                                  SHA1:72E644ADF19CF079367754BCFF0A82BA86549BC4
                                                                                                                                                                                                                                                  SHA-256:A3DBC64103C0AC500B6B62EEAF56C5894E58A9FA4E27AD83AA8C6EA1F8E81FBA
                                                                                                                                                                                                                                                  SHA-512:C0881795BD47A28E05D92E18DE50B627E1C1B3B5A78A892171E16894BCEB26EAAB0A31307E658DE0D08098E4791220283EFF18234671B7E0AD02CB2028B9F977
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".Le preocupa que lo rastreen en l.nea?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "B.squeda privada de DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mantiene confidencial su historial de b.squeda", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "B.squeda segura de McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloquea v.nculos maliciosos dentro de los resultados de b.squeda", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo se convertir. en su motor de b.squeda predeterminado.",.. SEARCH_TOAST_YES: "Pruebe B.squeda segura y privada",.. SEARCH_TOAST_NO:"No, gracias"..}..//3D2C0AE6485024CF92B23EB01DD8179A977718DA7F854638666EF61B95C62C645B7527A63372E0E6A3D037D38D349760A50A939A7549BB1C97F6A87F75B473A0++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):870
                                                                                                                                                                                                                                                  Entropy (8bit):5.535887266500711
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOmciWozjdHJmavj+rUEpjdHjdXpvjm0QCojd6U9hZ/kTIzRiFbSYE+s8:7HOv7iWoCUEBJOhuTI9GM+B
                                                                                                                                                                                                                                                  MD5:21F24F0372570F17FE9AB75F1331F96E
                                                                                                                                                                                                                                                  SHA1:4E9F36786F379DA7580D7A515F14F8E2C00DA32E
                                                                                                                                                                                                                                                  SHA-256:462D9A1E2301118CA7C6797F8F35BA39A28D0B3F3CE823A1DF80966F7DC4AAD2
                                                                                                                                                                                                                                                  SHA-512:E92E938F6D54A2FEAC2DF49D6BBE5F8DE7B965F971D939F619BEC49E75C64D654405C792CDFE874E61A50AED0717D12A05DCCD0383ACADDA00A71E7D91D01B6F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Huolestuttaako seuranta verkossa?",.. SEARCH_TOAST_SUB_HEADING: "K.yt. DuckDuckGota yhdess. McAfeen kanssa.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGon yksityinen haku", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} takaa hakuhistoriasi yksityisyyden.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfeen suojattu haku", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} est.. haitalliset linkit hakutuloksista.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo valitaan oletushakukoneeksesi.",.. SEARCH_TOAST_YES: "Kokeile yksityist. ja suojattua hakua",.. SEARCH_TOAST_NO:"Ei kiitos"..}..//1EDE6C7C81D1A8A01496AC68C635E667AD8A61F644BC3A913F15C4BFB8E84A26ECC168874847DBE2868D8C7D920A9F3D80963B1D37C3A13EF9244022711295A0++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):954
                                                                                                                                                                                                                                                  Entropy (8bit):5.52620674882107
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOZKM/Jvf1jdH+9kRjBjdHjd55wjq39M5vjdShWvw/jFeOBjgVfx:7HOvBRMkbb7Wvw/jFeqjWx
                                                                                                                                                                                                                                                  MD5:A2425A5D97FB524D51ED0098C4944361
                                                                                                                                                                                                                                                  SHA1:A603A364A603F22E0F36FB45483E1915C53599E9
                                                                                                                                                                                                                                                  SHA-256:961FC9B98AD67E001A3D1B7020E18BA9A1D75BA3980C8209319740A98ABA338D
                                                                                                                                                                                                                                                  SHA-512:C473FBC791B9CF58290AE27C9F0676B28EFB3D9FB9647B8C7A449238F0F3B1A1D10C9BFBDA2F38D2A5D0F5B4F712269366743B1D4F7A6D7686B3CE8FFBE8D6D7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Inquiet d'.tre surveill. en ligne?",.. SEARCH_TOAST_SUB_HEADING: "Utiliser DuckDuckGo avec McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Recherche confidentielle DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} pr.serve la confidentialit. de votre historique de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloque les liens malveillants parmi les r.sultats de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo deviendra votre moteur de recherche . d.faut.",.. SEARCH_TOAST_YES: "Essayer la recherche s.curis.e et confidentielle",.. SEARCH_TOAST_NO:"Non merci"..}..//3A18BBCCF24ADEA3BBEE07D7440F6C54FA3FCFD2263540CBBA07D56F6DC1F1FCA55B6A4F607DFBC09F28DF7DAA3BC3355085EA12D1FF32DEE2094E82EE204E0D++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):949
                                                                                                                                                                                                                                                  Entropy (8bit):5.553229361376515
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOR04/yohvf1jdHUzhCSjm+MjdHjd55wjDDJ3tp5vjdG4kWYXF9owhBbhvUY5:7HOvVyoRAzhNwKTkWYcwh5Bd9js+MS
                                                                                                                                                                                                                                                  MD5:EC0E360434D61628F708F117FCFA8AAE
                                                                                                                                                                                                                                                  SHA1:4C30BE0D7C68CD08276012BBBBBB339A69E825A0
                                                                                                                                                                                                                                                  SHA-256:1BDB727046B0D9DAFD819E9CCEB9480C496867B7ECC05D69B615B877F5E1B932
                                                                                                                                                                                                                                                  SHA-512:4AB8B304EA0C638EBCCA9B09ABF82E6272DBC34F3D6BD6028063A9F74E4B5671C838B1EDBC12200A34D3FB633ACDE354732A0D0655E24DE9116C4BA0AB87EB12
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Vous avez peur d'.tre suivi en ligne.?",.. SEARCH_TOAST_SUB_HEADING: "Utilisez DuckDuckGo avec McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Recherche priv.e DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "La {0} assure la confidentialit. de votre historique de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Recherche s.curis.e McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "La {0} bloque les liens malveillants dans les r.sultats de recherche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo va devenir votre moteur de recherche par d.faut.",.. SEARCH_TOAST_YES: "Essayer la recherche s.curis.e et priv.e",.. SEARCH_TOAST_NO:"Non, merci"..}..//08CFD540ABCCBB01C658146D9633E0AC86CBDF8D9850D902A10E7760ADB2A346DCA0DFE3EC0AF5D44DF80A9063794BF3986286A3AED347F647F4B89F26A2979E++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):931
                                                                                                                                                                                                                                                  Entropy (8bit):5.602724631555376
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOXmRUFqyW+1jdHOhjsgv2jdHjd6D39hjpfzJujdXoBcBw1S9Ieziy95v:7HOv2iYT+0vBZflUZVzz9J
                                                                                                                                                                                                                                                  MD5:30626AA664B4C8817732C3C47E91372B
                                                                                                                                                                                                                                                  SHA1:52EC037B682AFD550BF832136B546931C40303C5
                                                                                                                                                                                                                                                  SHA-256:833908A51251BFEA658A1EC3F4B6EF75AA72FCC7CE3832F7AEF6015C99394547
                                                                                                                                                                                                                                                  SHA-512:F9A80716758B9BD8A2821110A653A9F3BCF765F9F703AFFBA234C14CC2A68260A5190AAD03F1E44734208F08CB180174E6DD909B30F1B56A591C73A0D709D864
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Zabrinuti ste oko pra.enja na internetu",.. SEARCH_TOAST_SUB_HEADING: "Koristite DuckDuckGo s McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo privatno pretra.ivanje", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} dr.i va.u povijest pretra.ivanja privatnom.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee sigurno pretra.ivanje", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokira zlonamjerne poveznice unutar rezultata pretra.ivanja.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo .e postati va. zadani alat za pretra.ivanje.",.. SEARCH_TOAST_YES: "Isprobajte privatno i sigurno pretra.ivanje",.. SEARCH_TOAST_NO:"Ne, hvala"..}..//7FCF789AE4D975F2BC9B78540C9A897CFDA71BE95818CF6FE1A9D223BED7B6058A8F29A238F0E08946805E22692736613AFF078418554484EBA70DEEA0B498FE++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):989
                                                                                                                                                                                                                                                  Entropy (8bit):5.713237710998534
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOaC24TjrjdHGSHBjXllzFrYjdHjd8dHBjzEfCsbV0kjdUcjaSC65dGE76U87:7HOvaH6ESZzFddFE8dTadv6U8bZdyYn
                                                                                                                                                                                                                                                  MD5:CCA7BB471FD815B5B22F69B9BECD669D
                                                                                                                                                                                                                                                  SHA1:EB434E3936FE8479B15E2300BBDFB118812D181A
                                                                                                                                                                                                                                                  SHA-256:70B3B929106A75E25C7E4212E5919DC9C099FC5C19BC8D025758B02E0F595CB6
                                                                                                                                                                                                                                                  SHA-512:E332C5FB88FBAA4556FA658BBFBA5C21F6A1E427F624A7BDE74D5593D076B44B94343592C4EEE8C95C6063DC376F38F928EFD753A5597479E7AF093B3FED4274
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Agg.dik, hogy k.vetik online?",.. SEARCH_TOAST_SUB_HEADING: "Haszn.lja a DuckDuckGo szolg.ltat.st a McAfee-vel.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo priv.t keres.s", .. SEARCH_TOAST_BULLET_NORMAL_1: "A {0} gondoskodik arr.l, hogy keres.si el.zm.nyei szem.lyesek maradjanak.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee biztons.gos keres.s", .. SEARCH_TOAST_BULLET_NORMAL_2: "A {0} blokkolja a keres.si tal.latok k.zt a rosszindulat. hivatkoz.sokat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "A DuckDuckGo lesz az .n alap.rtelmezett keres.motorja.",.. SEARCH_TOAST_YES: "A priv.t .s biztons.gos keres.s kipr.b.l.sa",.. SEARCH_TOAST_NO:"K.sz.n.m, nem"..}..//866BCE4F4124715994B9EFD585EB316B45D54DE9ABE229CF779B3D8C8D58073BF160A55F6082E6B912480BFCB46C93EB4C0E8391923A0149A3994CD4964DE267++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):886
                                                                                                                                                                                                                                                  Entropy (8bit):5.455323924505363
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOfOMUUAR11jdHbFLjichFDojdHjd1TzjX+BbtAfpPjdEira8KF6wGysnnL/e:7HOvfa1fhFwTv+MfQiraewT6yt
                                                                                                                                                                                                                                                  MD5:93C2A38A943F3FAC0C44C9809F113BD8
                                                                                                                                                                                                                                                  SHA1:FB8254401C4155B7F4D535E0EB576C85B842334E
                                                                                                                                                                                                                                                  SHA-256:BF0F6785F4FDDC680DDA874F9E1D4CFAB21ACBF8C301951266A2261B73CE7577
                                                                                                                                                                                                                                                  SHA-512:A3AD58A7B5D4A8B404AAF85DA9FA9BB2012F196BF0E02564614F523380B2641D518F9FFF97029A2E882249FA8AA5D1897AAC157DEA37329C64FF74D5222B419F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Temi che le tue ricerche online vengano tracciate?",.. SEARCH_TOAST_SUB_HEADING: "Usa DuckDuckGo con McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Ricerca privata DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mantiene private le tue ricerche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Ricerca sicura McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blocca i link pericolosi nei risultati delle ricerche.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo sar. il tuo motore di ricerca predefinito.",.. SEARCH_TOAST_YES: "Prova la ricerca privata e sicura",.. SEARCH_TOAST_NO:"No, grazie"..}..//A7499B4C185993FBBD5EAB660B5FF8BDBD534CD3A3DF5CD855718A0CECBBD8BCF201CC03CB79D9CF5BE90100A515A299A20FD9DB258E3B507C970D75321A7E65++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1089
                                                                                                                                                                                                                                                  Entropy (8bit):5.8955240087132745
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HO+ok2PLDnWzuynP6aG3/jD9vEU0nWzAAH9rEmlFIGx+:CZPQiaG3/v9v39EGs
                                                                                                                                                                                                                                                  MD5:DEFA627147C91E3C12C6004FC297D12E
                                                                                                                                                                                                                                                  SHA1:851AACD95AB4DA0CCD004E3A4691BA32FFD13279
                                                                                                                                                                                                                                                  SHA-256:18BF713D55F8C89E1107BFFB23E2F00020476A7E9C0CD70F2E2C8790D596D36E
                                                                                                                                                                                                                                                  SHA-512:5349D2D7118A2DDC86B074667003FA05FBEF398CF1E5744DF424762886BAFD938A470705C964F05D19D9D4980F0488BC733E22E58FF23ABEC8ECD47792032D86
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_HEADING: ".......................",.. SEARCH_TOAST_SUB_HEADING: "......... DuckDuckGo .........",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo ...............", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0}...............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "..... .... ...", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}............................", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ...................",.. SEARCH_TOAST_YES: "....................",.. SEARCH_TOAST_NO:"..."..}..//7EEFF685C98A6C86E3375E6A00FE427BFA3FDA64E

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):961
                                                                                                                                                                                                                                                  Entropy (8bit):5.986397871278456
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOVlzFX8YwOhLRjdH2Zvj0qSwjzjdHjdipvjZF3jlESzjdQecDhLpjCn+OHeOdo:7HOVsYwO9mpSP3REz59pe+hO1YhD
                                                                                                                                                                                                                                                  MD5:14F347718FAD5752880CEC5B08DD3BED
                                                                                                                                                                                                                                                  SHA1:35484FE06D5FB4444356C36B1480BA0B99F64809
                                                                                                                                                                                                                                                  SHA-256:9129C0820EF0C58CEB174F14200B0AF9198596EF052FB4C07F5B135B7A5097D5
                                                                                                                                                                                                                                                  SHA-512:CC866DFD0EC93DA0D84274FF403F888992496D99B9DCFE58EAB4F5CAEC223809F058E5CE5987FE7B1C5E9E9E189A9888ACB4DE815C373C50B6647BCE1C8A32F1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_HEADING: "... ... ......?",.. SEARCH_TOAST_SUB_HEADING: "McAfee. .. DuckDuckGo. ... ....",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo .. .. .. ..", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0}.(.) .. ... .... ......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee .. ..", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}.(.) .. .... .. ... ......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo. .. .. .... ......",.. SEARCH_TOAST_YES: ".... .... ... ...",.. SEARCH_TOAST_NO:"..."..}..//34D180B77E21B01CE282AC79BC2E23DB886233349B8F2600E275E3B920BE926B8D8EB6ABACB4199B931D4BA30EE47710C848A099860A916973F861A4576E134A++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):845
                                                                                                                                                                                                                                                  Entropy (8bit):5.5416390947886915
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyORW/G1jdHMLBj+WjdHjda+jns4jdHnfUMX4MFPYTDv86I:7HOvmGAL4mnfoMFwU6I
                                                                                                                                                                                                                                                  MD5:015DD8385BAA2A703041AC3DB5E90989
                                                                                                                                                                                                                                                  SHA1:78D5BE1D58951E70A8F97F347A4658FD929E76EA
                                                                                                                                                                                                                                                  SHA-256:8D193A110819F6C2F759694AF67346E981884F32A332CE310422AD6056D518F5
                                                                                                                                                                                                                                                  SHA-512:98405C01D5D3C6AFD07F821145BB7B4EBF1D14F7984CBB8AD83FCFAE39BA3FA23C263BE38A9D4951127FDBBF49461BDD16E4C8F5EDD55CC0E536E5B600D1F8D5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Er du redd for at du blir sporet p. nettet?",.. SEARCH_TOAST_SUB_HEADING: "Bruk DuckDuckGo med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} holder s.keloggen din privat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Sikkert s.k", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokkerer skadelige koblinger i s.keresultatene.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo blir standard s.kemotor.",.. SEARCH_TOAST_YES: "Pr.v Privat og sikkert s.k",.. SEARCH_TOAST_NO:"Nei takk"..}..//A3C20748E79E79060337391538E8AFB06542F14EA9687EFA410B6672B2C5A44CD6EFA8086A3E3A887A23EA0208E6CC59DCECE178755F9EAC4498A6BD3B4C3A15++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):872
                                                                                                                                                                                                                                                  Entropy (8bit):5.575280179937842
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOEKAQ1jdHcxRVjWw5KAjdHjdJMyVXjjvc6jdAYy0IYywQsHLFLdGvWsn:7HOvEPQCRsFCZ6dwQgnCWsn
                                                                                                                                                                                                                                                  MD5:4AE3B6469961C258E33B47F2CB59106C
                                                                                                                                                                                                                                                  SHA1:8F06FD4DF1F7C972F9DC239768CA24378EB2BD1A
                                                                                                                                                                                                                                                  SHA-256:46BEB4D3A922BA7A94846607208F461EAD79C91DB1005D98E2AF117A7F360B56
                                                                                                                                                                                                                                                  SHA-512:7C3366AB4220E3DFFDC13BC68F5CDCD91F39E28E44978827A584E63C6C8311918140276B01A5F237CDE18A8BDCCE89D05250224C8B1C928302C4A8673AE38FD2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Wilt u niet online worden gevolgd?",.. SEARCH_TOAST_SUB_HEADING: "Gebruik DuckDuckGo met McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Priv. zoeken met DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} houdt uw zoekgeschiedenis priv..", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Beveiligd zoeken van McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokkeert schadelijke links in zoekresultaten.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo wordt uw standaard zoekmachine.",.. SEARCH_TOAST_YES: "Probeer Priv. zoeken en Beveiligd zoeken",.. SEARCH_TOAST_NO:"Nee, bedankt"..}..//10DDB4C652C040546E705001ED34439514CEA3E569EEB41B46DD67684BF4DC190BE125EE61087D8A8454C84109337C1D65B1F74668B7248BB6BA7CA344475A89++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):954
                                                                                                                                                                                                                                                  Entropy (8bit):5.751602836444056
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyO7RR9AOx1jdHZ3LPjgnH8co3L/ujdHjdJ+ot3LwjNIg/Q3L/ujdEv3X2WJty:7HOv7riOxBHc8doB0k/fX2eB1W1oIr
                                                                                                                                                                                                                                                  MD5:8E26BF7C12E07F410042FD9407770BF2
                                                                                                                                                                                                                                                  SHA1:BEFAE78976B7F10569F41D2ECE33FD0447241BD4
                                                                                                                                                                                                                                                  SHA-256:014C2194DA2357B03ADD7A350D38F8E9F72D0AC570349D05A0EBF201A64F5CC4
                                                                                                                                                                                                                                                  SHA-512:5E185E487D4B3C11900E8B9D9536C9AD688C8ED27FA1A1DF7F86FED258972EF999E5EEA74154A53D7CFE0225EB58CF7CCF47ECDCC164392C1B609B791CDEDBC6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Obawiasz si. .ledzenia online?",.. SEARCH_TOAST_SUB_HEADING: "U.yj przegl.darki DuckDuckGo z produktem McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Prywatne wyszukiwanie DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "Przegl.darka {0} zachowuje prywatno.. historii wyszukiwania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Bezpieczne wyszukiwanie McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "Przegl.darka {0} blokuje z.o.liwe ..cza w wynikach wyszukiwania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo stanie si. domy.ln. wyszukiwark..",.. SEARCH_TOAST_YES: "Wypr.buj prywatne i bezpieczne wyszukiwanie",.. SEARCH_TOAST_NO:"Nie, dzi.kuj."..}..//E03606EF8215952BB9F638478B67D9C6747E55499DE3441D7704CA699722694ED368ABD0AC39472B680766D43E11B63B1436A4CC0A2B6C64E30D91657E383E0F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):905
                                                                                                                                                                                                                                                  Entropy (8bit):5.557943167508346
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOamduRsK1jdHMLBjSHajdHjd2OtFcjq/C9yd+WFujdEiXGunNwDFPGtjSXXO:7HOvam9KALhB60FDYnNsPGWi
                                                                                                                                                                                                                                                  MD5:C0E235A82F47A50A456ECF4725749CA1
                                                                                                                                                                                                                                                  SHA1:110FD8EE366CD684E250BE399D2213BAB532BE2C
                                                                                                                                                                                                                                                  SHA-256:BE0282812978AB1FBEE24080F9F342FF97772C41C4F130C5B9B03F8D9AF5ADD3
                                                                                                                                                                                                                                                  SHA-512:EA732ED8345245923AD0C0CA79EEF6E6E198F3F82EC490751E8D4D8720A2AACFCD4C2F1349CAD51E749322CA57AA3DAE9BFDCA72170AC343386BC7994581DEFF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Preocupado com ser rastreado online?",.. SEARCH_TOAST_SUB_HEADING: "Use DuckDuckGo com McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mant.m seu hist.rico de pesquisa em privacidade.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Pesquisa segura da McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloqueia links maliciosos nos resultados de pesquisa.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo se tornar. seu mecanismo de pesquisa padr.o.",.. SEARCH_TOAST_YES: "Experimente pesquisas privadas e seguras",.. SEARCH_TOAST_NO:"N.o, obrigado"..}..//6B7AE701F838F08D676057D561B3DE5CA4B48101AEAD7466F557A1B351ED31F5644BD5068060D6B20238464CDB3CAD1DECA2902CBD400B27BE980F2BFB00C5DD++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):949
                                                                                                                                                                                                                                                  Entropy (8bit):5.57686809243626
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOwON2GFfK1jdHcwOFoSjPH5jdHjd2OtFcjq/CGMoujdvIjmg57IIePGtjMRQ:7HOvwONFFfKEG+B6Ur5wPGSRvT5T3e
                                                                                                                                                                                                                                                  MD5:E7C848CC8BEC0EC6FC7D81A2B790B7BC
                                                                                                                                                                                                                                                  SHA1:DE0AD53FD818B388BA8656D4CDEC72B5489568BA
                                                                                                                                                                                                                                                  SHA-256:A75ABDD5C74CA29B64E087B5FEEE9EA67DD7BA0A9F88609D225EE95B0E8AD8BC
                                                                                                                                                                                                                                                  SHA-512:FC3AB831CE6375B778E83860B3D96F3CA11262B883DEEEFC66B55CB13FDD92272011CC378C7EEC01DEB1BE32B0A4E31F96DFC0FF833B808B1643C79AB993520C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Est. preocupado com a possibilidade de ser monitorizado online?",.. SEARCH_TOAST_SUB_HEADING: "Utilize o DuckDuckGo com McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Pesquisa privada do DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} mant.m o seu hist.rico de pesquisa privado.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Pesquisa segura da McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} bloqueia liga..es maliciosas nos resultados de pesquisa.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "O DuckDuckGo vai tornar-se o seu motor de pesquisa predefinido.",.. SEARCH_TOAST_YES: "Experimente a Pesquisa segura e privada",.. SEARCH_TOAST_NO:"N.o, obrigado"..}..//DB4E124205BE5E52D854D8513D6A5C19DC939BA164EF1B591E98E6EC6A2B74BBE48397D7F59069967AF6C8D8CA06312BA5AA04CF76FAA944A677AF782641D530++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1248
                                                                                                                                                                                                                                                  Entropy (8bit):5.455304470642038
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HOvEzOMHAIonuRIovfPFt5rNlvytaiSAF+RQX/XJfzi+HtrXW:CvEK6AuLfPFPfvyciSAFffJ2+Htrm
                                                                                                                                                                                                                                                  MD5:E285DD50E8492E68D9879BEFF16C24C3
                                                                                                                                                                                                                                                  SHA1:573D97F2752D3B185D88BA1B22F01A838406D03E
                                                                                                                                                                                                                                                  SHA-256:B8CFF6506B014BF2F33CEBD2213B6F187DC984D888C93A2632588729E795651B
                                                                                                                                                                                                                                                  SHA-512:CE0947867FF21B9AE3D89CF05F3BD5373EDDF4D909410A54C5D186B3E54F1AF5BDE8C929B277AE9CC86A4663276390740E79A7487C52D6A5190000770B767988
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "............ .. ...... ............ ...... . .........?",.. SEARCH_TOAST_SUB_HEADING: "........... DuckDuckGo ... ......... McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "................ ..... DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} ......... .................. ...... ..... ....... .......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: ".......... ..... McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} ......... ........... ...... . ........... .......", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ...... ..... ......... ........ .. ..........",.. SEARCH_TOAST_YES: ".......... .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):959
                                                                                                                                                                                                                                                  Entropy (8bit):5.802499279139034
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOuKOG811jdHvXjy9RDujdHjdVlj6cKj/ujdDEmy9g72ckfDKeN3QV+D6O:7HOvuKp81rOOI7jRN9Y2ckfDV3Qcp
                                                                                                                                                                                                                                                  MD5:74BD8CFC00F8CDF39E5C2372676467BA
                                                                                                                                                                                                                                                  SHA1:2D9685E03CF4FC928B52B7215108213B8EB1E930
                                                                                                                                                                                                                                                  SHA-256:5BBE2B57EA87C658089B32230959554EF02AB6E3C56C90215D52D208877A1EE1
                                                                                                                                                                                                                                                  SHA-512:81E59973DCA8419D7CF03383B066068311DE19A15B6AE88AF9266236D2171F0F7D9120488DCF077061A7389255EBF7E318B6EBD21D248BA7585519D1E59F3F69
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Ob.vate sa, .e v.s niekto sleduje?",.. SEARCH_TOAST_SUB_HEADING: "Prehliadajte pomocou DuckDuckGo s.ochranou McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "Anonymn. prehliadanie DuckDuckGo", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} zabezpe.uje va.u hist.riu vyh.ad.vania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "Zabezpe.en. vyh.ad.vanie McAfee", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokuje .kodliv. odkazy vo v.sledkoch vyh.ad.vania.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo bude predvolen.m vyh.ad.vac.m n.strojom.",.. SEARCH_TOAST_YES: "Vysk..ajte s.kromn. a.zabezpe.en. vyh.ad.vanie",.. SEARCH_TOAST_NO:"Nie, .akujem"..}..//796B067838DC6674E8B3E2A13540570175B9C6A0A28D9AF3D02A2B321560852FA40D85B15B0F1B1C06E3278ED1E1694C75E1001DA6CC7D19FEDA5131127BE339++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):899
                                                                                                                                                                                                                                                  Entropy (8bit):5.611279847020601
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyO5bp57xqyeE1jdHqj81jXjdHjdSjqQf7jdXoBSLgOYk/fhpNBmjcu4GTy:7HOv5rcsh1jlQfddLj//ij+
                                                                                                                                                                                                                                                  MD5:553C67EE6AA012C0070A022A9789BAB4
                                                                                                                                                                                                                                                  SHA1:E93AA806D9B73A6A08429D78590ABF2C334C33F0
                                                                                                                                                                                                                                                  SHA-256:14DE1BB65D9A9DE1273C6D1AD14B686EAA2496A89D9B443062BEFCD6DB733BAB
                                                                                                                                                                                                                                                  SHA-512:12E05FEBF3FD17C80379D39E5C4C6C741D07A7C519C44656E6E04DB45104C82CFE7C18FEF39C8B1C7BE5D3CA5B2152DFDBCD41732C150AB624A13950EBF21574
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Brinete da ste pra.eni na mre.i?",.. SEARCH_TOAST_SUB_HEADING: "Koristite DuckDuckGo uz McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo pretraga uz privatnost", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} .uva privatnost va.e istorije pretrage", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Bezbedna pretraga", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blokira zlonamerne veze u rezultatima pretrage.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo .e postati va. podrazumevani pretra.iva..",.. SEARCH_TOAST_YES: "Isprobajte pretragu uz privatnost i bezbednost",.. SEARCH_TOAST_NO:"Ne, hvala"..}..//E5BA3232DFEA9DC34195A10163F9DE28B68C3F0434B326B3CF281367E6B6375E8759F2E92C156014B4CD72A9F1FD87632CA601E766A0DB6BC9A719453C64F4FA++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):855
                                                                                                                                                                                                                                                  Entropy (8bit):5.62439385080059
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOP10P/1jdHgjNejdHjd6HjSEqNjdc+yJLzwd3IBzgCXa333yd:7HOvt0XKYEV+yJ/wFIl5
                                                                                                                                                                                                                                                  MD5:7B3E55118C8CC897C81C1490E1592E78
                                                                                                                                                                                                                                                  SHA1:C4EBC15A02738B4656D212288BF4038716540325
                                                                                                                                                                                                                                                  SHA-256:4B1F5D7EF73AE33F1ADD3A93A7854812CDA70AC4A54D0FB37C4563ACB6E2E97F
                                                                                                                                                                                                                                                  SHA-512:B634317227FDE4B5888D6AFFF4A5D2172CA4080FF69E7ECFA176D3525F213A8DC1654EFA2920D9775BDE223AE72C9C525128427648F1841E834CAEF6783B262B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".r du orolig .ver att bli sp.rad online?",.. SEARCH_TOAST_SUB_HEADING: "Anv.nd DuckDuckGo med McAfee.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Privat s.kning", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} h.ller s.khistoriken privat.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee s.ker s.kning", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} blockerar skadliga l.nkar i s.kresultaten.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo kommer bli standards.kmotorn.",.. SEARCH_TOAST_YES: "Testa privat och s.ker s.kning",.. SEARCH_TOAST_NO:"Nej tack"..}..//40420EE3C4957B88336546C5E19F3833F71175BE18E14ADD7D684C61E27AD71E5D19939A6054238013FC1D23DC2B419904C4E6F572CE6E7AB1C591750FEA0055++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):907
                                                                                                                                                                                                                                                  Entropy (8bit):5.66545534231225
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOb0kPX0jdHCZjHvLWjdHjdatBjQ8JI3chAjdKlaUAcYQHcnT5O9a1J6:7HOvb023vLrubY/YQyTD6
                                                                                                                                                                                                                                                  MD5:824195E8529D49CE8DBB45AF8A4526B7
                                                                                                                                                                                                                                                  SHA1:21652581D0B81873FCCF951656526E34373879FD
                                                                                                                                                                                                                                                  SHA-256:5CA38765F950A69CFFF388F8151FC642D492AE6105B208C5D8712F00DA38A62E
                                                                                                                                                                                                                                                  SHA-512:6C54DB399DCD21B2C88E0A5D1A0AD8A8DA46CFCC2648A736D8F9DB67AE28C252872DDFD4AAE06E571804B936050478189DA7E0D434EB450D7D07B5BBD3FBC1CA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".evrimi.iyken izlendi.inizi mi d...n.yorsunuz?",.. SEARCH_TOAST_SUB_HEADING: "McAfee ile DuckDuckGo kullan.n.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Gizli Arama", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} arama ge.mi.inizi gizli tutar.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee Secure Search", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} arama sonu.lar.ndaki k.t. niyetli ba.lant.lar. engeller.", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo varsay.lan arama motorunuz olacakt.r.",.. SEARCH_TOAST_YES: "Gizli ve G.venli Arama'y. Deneyin",.. SEARCH_TOAST_NO:"Hay.r, te.ekk.rler"..}..//ED3B53EA73DDCCBB6789F16FCD0D2DFFFD3FE2E4A30029C5B00A24CD64D5C574BB6EE5D9FED833AAD6C56E2D369EF0111C878F8C4CCF2C21975FBD6D5CDEBD46++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):848
                                                                                                                                                                                                                                                  Entropy (8bit):6.110407142276801
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HO+9p0jdH4Ly0jJwCjdHjdOZLy0j2u1AjdKeNygHChN3LUic3iIg4AVGTjaWC:7HO2Lyyw5LyHf8gHyLlc3lg4Asal
                                                                                                                                                                                                                                                  MD5:A39B6756E0010C6EBCD6EACA04DA6CC0
                                                                                                                                                                                                                                                  SHA1:9F1127CF76AD978B9B0DB35B1D79B08C7C683796
                                                                                                                                                                                                                                                  SHA-256:548868E3D9A6594B8D09D343283F72BDB362B051BE1D5EB8265C2DA8F75735EB
                                                                                                                                                                                                                                                  SHA-512:F9EAE08DD1815EE5296A63C4CD83B664B2936EF710E167278F37A32F2FA50F4A528462721A657FD240832348E1A238762B7E7C633E6CF05899771157AFABB038
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_HEADING: "........",.. SEARCH_TOAST_SUB_HEADING: "....... DuckDuckGo.",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo ....", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} .............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: ".......", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0} .............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ............",.. SEARCH_TOAST_YES: ".........",.. SEARCH_TOAST_NO:"...."..}..//B768A285DE0438C37B1EDEB07896374615C31BDD662914F3488856A3C0221F560B0F98EFC76CD03E2BCB009F39008F80EA0D7BD238DF5599E042099BAA882550++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):863
                                                                                                                                                                                                                                                  Entropy (8bit):6.095775654474349
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HOyOOcMZGjdHMLBj8SC5jdHjdtjkYjd/eBAM+bCvieD6ijM:7HOvupLyFeF0mjM
                                                                                                                                                                                                                                                  MD5:FD8E7E8D75FF63AD21740C9FCAC51E2A
                                                                                                                                                                                                                                                  SHA1:2C05818D69258F6F1A88355453BBC774E93F8A2D
                                                                                                                                                                                                                                                  SHA-256:191F5B43BDE8AC16BC8EB9F1066AEDDB946842515B0B6B3092DCE99D6E11FE32
                                                                                                                                                                                                                                                  SHA-512:AF17FBD26DD80973BE49E85F823C2ACB147869CADFDFA218DF9EAAC37F14412B2FB18697088EF84C8C172B0CDD43CB358A4DC658F83BE97EE3616F015159CB3B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".........",.. SEARCH_TOAST_SUB_HEADING: ".... DuckDuckGo . McAfee ..",.. SEARCH_TOAST_BULLET_STRONG_1: "DuckDuckGo Private Search", .. SEARCH_TOAST_BULLET_NORMAL_1: "{0} ...............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_BULLET_STRONG_2: "McAfee ....", .. SEARCH_TOAST_BULLET_NORMAL_2: "{0}..............", //{0} SEARCH_TOAST_BULLET_STRONG_1.. SEARCH_TOAST_SUB_FOOTER: "DuckDuckGo ............",.. SEARCH_TOAST_YES: ".........",.. SEARCH_TOAST_NO:"...."..}..//ED64C1C9AA14D2D938E79D24EEE6EFAA66AE3FD8D9E81D3E15A8C48791F0A4E78C142F1A77FA1F73D70C1F9354DED851C63C6901DB50FE640DAFD1479CD16818++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (307), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):11879
                                                                                                                                                                                                                                                  Entropy (8bit):5.001882854112839
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CBketuJEUrvtH9Ai5trhElBXXrhEN1QtfT6GQ:CBksuJEUrvNyi5tKBnkQVOGQ
                                                                                                                                                                                                                                                  MD5:AA5032FE9B433362F30769BD096D16C7
                                                                                                                                                                                                                                                  SHA1:B6359895A8A5914CC05F9F7B7B1E510C429F1661
                                                                                                                                                                                                                                                  SHA-256:2A7ED01FF290E87AFB4675ACC8FF32280778C81AD25C179F64A43FD38E6839BA
                                                                                                                                                                                                                                                  SHA-512:0A144DD1BCD81704CDCC86609A0DED08A1424BA46BBF7172A36BAECBA9737E03BFB8E71F61CC1F2F9772354579FFBAA80BDE22AC6707A3E8FDF215CF193BF2CE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ". ....... ......... ..... ................, .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ ...........",.. SEARCH_TOAST_BODY_TEXT: "...... .. ......... ..... ... .... ....... ... .... ............. ........... .. ........ ......... ..........;",.. SEARCH_TOAST_OPTION: "..., .. ............. . ....... ......... .... ... ............ ... ............ ...........",.. SEARCH_TOAST_DONE: ".....",.. SEARCH_TOAST_HEADING_COMPLIANT: "... ......... ... ...... .........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6853
                                                                                                                                                                                                                                                  Entropy (8bit):5.365114021792175
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:Ckl7LklkKuaz45DJMtR4fAgK0vQ8jwsClwJcv+ztBDABrBN9FC1WgjsRBva54Apw:CkWF+Uturjjj42tBABrFoUgOBixBC
                                                                                                                                                                                                                                                  MD5:A9AE28A871D67DC424035B1B5480C270
                                                                                                                                                                                                                                                  SHA1:AF7A82B156EB8A3B6E2BC9635DB280F50E3C5082
                                                                                                                                                                                                                                                  SHA-256:746942A655E5D62BD2E029D11B258B3E96B7D1680ABEAE6A8F1A59468C2B580C
                                                                                                                                                                                                                                                  SHA-512:548337D20CC57583532F8B8EABE28099BE823A96025E941B631E83CA4D3B73BD72F04918329F1623E056003DC589894BE693E5E7DF213130735358BA26C51F57
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Secure Search is off . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your search results.",.. SEARCH_TOAST_BODY_TEXT: "Want to stay ahead of the bad guys with extra search protection?",.. SEARCH_TOAST_OPTION: "Yes, turn Secure Search on after I restart my browser.",.. SEARCH_TOAST_DONE: "Done",.. SEARCH_TOAST_HEADING_COMPLIANT: "You don't have Secure Search . be careful",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Secure Search steers you away from risky sites in your search results.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Would you like to add Secure Search and stay ahead of the bad guys?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Yes, add Secure Search to my browser and change my default search to {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex",.. SEARCH_ENGINE_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7166
                                                                                                                                                                                                                                                  Entropy (8bit):5.357603886398829
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CikaW+DI24sA0etjy/gsjyw9FsBR52/MGSrZcUyxITK3mVa:CNL+DI23ktjy4sjyGeR5jKnOKWVa
                                                                                                                                                                                                                                                  MD5:4397A9B4B554BAB39BBE68ED3BA2BD2B
                                                                                                                                                                                                                                                  SHA1:03192E9FABA0C58FCC59713824E46B15D7908E24
                                                                                                                                                                                                                                                  SHA-256:5D4F78273B484015A5DFED48702BA7A76E72FA8578F92B3054327C94A05FD0F6
                                                                                                                                                                                                                                                  SHA-512:8269DCF69D7D80A02696EBFCA3A39DD81329A123DA89B8EC4050C8717A948DBF8A843DCFD584230D817D70D43247FE8271BFDD9B41742DADFB595FD542A970EC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "La b.squeda segura est. desactivada: ten cuidado",.. SEARCH_TOAST_SUB_HEADING: "La b.squeda segura elimina los sitios web peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT: ".Quieres ir un paso por delante de las amenazas con una protecci.n extra en tus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar la b.squeda segura despu.s de reiniciar mi navegador.",.. SEARCH_TOAST_DONE: "Listo",.. SEARCH_TOAST_HEADING_COMPLIANT: "No dispones de la b.squeda segura, ten cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La b.squeda segura elimina los sitios web peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".Quieres a.adir la b.squeda segura e ir un paso por delante de las amenazas?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., a.adir la b.squeda segura a mi navegador y cambiar mi b.squeda predeterminada a {0}.", // {

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6972
                                                                                                                                                                                                                                                  Entropy (8bit):5.376904672149746
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:C7nHt6A2Av8eK1mD8OOtjvQxj4jJ5QXGfTB9j:C7nN6dABK4wOOtjvQxj4lomTB9j
                                                                                                                                                                                                                                                  MD5:D54C78C828AC7E907D0DE01D76278840
                                                                                                                                                                                                                                                  SHA1:7DF62B8D99ADDF743C952403523195016BFFD835
                                                                                                                                                                                                                                                  SHA-256:3C19F889D8EBFA80240761F56A5B0EB3B1FDD3346F7BB006A930E5DFC3A426D8
                                                                                                                                                                                                                                                  SHA-512:52FE5711DE39C279E0B8354BFA63427342592C5C814D92962FFF17E660104113831177A4CCB229CBA04C3D25946971C93A2D4502867E67B579746E62176E43D2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "B.squeda segura desactivada: ten cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura elimina los sitios peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT: ".Quieres ir un paso por delante de las amenazas con una protecci.n extra en tus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de reiniciar mi navegador.",.. SEARCH_TOAST_DONE: "Listo",.. SEARCH_TOAST_HEADING_COMPLIANT: "No tienes B.squeda segura: ten cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "B.squeda segura elimina los sitios peligrosos de los resultados de tus b.squedas.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".Te gustar.a agregar B.squeda segura y adelantarte a los malos?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., agregar B.squeda segura a mi navegador y cambiar mi b.squeda predeterminada a {0}", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6713
                                                                                                                                                                                                                                                  Entropy (8bit):5.4030553361914935
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Cf5VcSzQubYOrlY0XRMYSJd1VtHyYZN66mHyY4Xub3:CfWJXecJtlf6vl8ub3
                                                                                                                                                                                                                                                  MD5:567891348CD10BB69D73E248E2D12237
                                                                                                                                                                                                                                                  SHA1:1DE368EECC996DBF74FACD6588FA50FACEF04E6C
                                                                                                                                                                                                                                                  SHA-256:D89F8683685322D343FA32AFD4613F39B8735AD2CDE701CC0C80ADDB775080B4
                                                                                                                                                                                                                                                  SHA-512:0447A7258E4770AD6E6F340F6D2849F641FA781A15FFB8C94104FA8AA400FC136A971ACDD939E820E9A0CB1AD241BE0CF8FD00AA01E8C0F7AB6A8A6ADA2BF573
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Varoitus: suojattu haku ei ole k.yt.ss.",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja.",.. SEARCH_TOAST_BODY_TEXT: "Haluatko lis.suojaa hakuihisi?",.. SEARCH_TOAST_OPTION: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. SEARCH_TOAST_DONE: "Valmis",.. SEARCH_TOAST_HEADING_COMPLIANT: "Sinulla ei ole suojattua hakua . ole varovainen",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Haluatko lis.t. suojatun haun, jotta pysyt jatkuvasti muutaman askeleen rikollisten edell.?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Kyll., haluan lis.t. suojatun haun selaimeeni ja muuttaa oletushakukoneeksi {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (322), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7707
                                                                                                                                                                                                                                                  Entropy (8bit):5.338885548324864
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CNztZLR3dPCgbg0LUaJbQA1A/6yb2qz2KAnt/rF43U/HqBosOCA2FSUb:CB/CqQaKA1i64z27t/rF43U/KBosOCAW
                                                                                                                                                                                                                                                  MD5:C91FA97BC47CA94BD6C68875C8A8B0A1
                                                                                                                                                                                                                                                  SHA1:737F08638C981693587A61F3A218805241E82451
                                                                                                                                                                                                                                                  SHA-256:D73FF4CE5A21E3E29EA0B01D1C459425F8ED0CB4F6CCCF8CAB62A85C38C3385A
                                                                                                                                                                                                                                                  SHA-512:63C3579415079BB00FABC2C5C28A5CFFEF8E68D3CD15504B1773A99BD0ECB074DE3FF94A6F103590109644942D3B3158BAA3616C232722A3E0DE3AB3774B46C6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Attention! La recherche s.curis.e est d.sactiv.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e vous met . l'abri des sites Web dangereux figurant dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Voulez-vous d.jouer les escrocs en vous dotant d'un moyen de protection suppl.mentaire?",.. SEARCH_TOAST_OPTION: "Oui, activer la Recherche s.curis.e une fois que j'aurai red.marr. mon navigateur.",.. SEARCH_TOAST_DONE: "Termin.",.. SEARCH_TOAST_HEADING_COMPLIANT: "Attention! La recherche s.curis.e n'est pas install.e.",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La recherche s.curis.e .carte de votre recherche les sites internet risqu.s.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Souhaitez-vous installer la recherche s.curis.e afin de garder une longueur d'avance sur les escrocs du Web?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Oui, ajouter la recherche s.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7690
                                                                                                                                                                                                                                                  Entropy (8bit):5.336020745326812
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CsERzSimDtBPs31a2/DMEopt+3eOpPZA2XYGAq6:CXFABPq1x8t+3HZA2IGAq6
                                                                                                                                                                                                                                                  MD5:2066D7546C542C117ABAF0C8A41DF5F4
                                                                                                                                                                                                                                                  SHA1:088CD3253EDC709DEBEEA36E3C8AA5608E6D6303
                                                                                                                                                                                                                                                  SHA-256:329307B9AD2302509FC80955696657398B1302DEFBD76BB60252A67640121C86
                                                                                                                                                                                                                                                  SHA-512:996FDEE8E54D8E4556013EEBB2CA35BC6D3D6065BE497426188576C38A199E5D3B66FFF7C67937AE7D5DAF6EEAEC41E9F04AC69D778E31E470524BF584AA6399
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "La recherche s.curis.e est d.sactiv.e. Soyez prudent.",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT: "Vous souhaitez une protection de recherche .volu.e qui vous mette . l'abri des utilisateurs malveillants.?",.. SEARCH_TOAST_OPTION: "Oui, activer la recherche s.curis.e apr.s le red.marrage du navigateur.",.. SEARCH_TOAST_DONE: "Termin.",.. SEARCH_TOAST_HEADING_COMPLIANT: "Soyez prudent, vous ne disposez pas de la recherche s.curis.e",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Voulez-vous ajouter la recherche s.curis.e et garder une longueur d'avance sur les personnes mal intentionn.es.?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Oui, ajouter la rech

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7046
                                                                                                                                                                                                                                                  Entropy (8bit):5.489775216215936
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:C1/oREn0Rscvuy66DERG9MCt9qU8FCjN9JPh9qU8F/9FYeP5en2uRpPpQAK:CxnifBE6t9z8FAN9H9z8FFeQm5DPyAK
                                                                                                                                                                                                                                                  MD5:1565A7A1978A975F26098FB81B07F1C1
                                                                                                                                                                                                                                                  SHA1:A13E0B13C03D23351ED175B6FBC6A5448CC929E7
                                                                                                                                                                                                                                                  SHA-256:E895451E303339D1A40FAFFA01C19C4764628EFB445A8708DF88E7FB7223BC95
                                                                                                                                                                                                                                                  SHA-512:600ABED4BB9F8A769D02D452CF663D73A7EC1CB28809512FDCC49D566E2F37299ADEF6B8C724B4C4BF688A3C636B694834EB261AB6A3930214D33511A2EE09F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Isklju.eno je Sigurno pretra.ivanje - budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT: ".elite ostati nekoliko koraka ispred negativaca s dodatnom za.titom pri pretra.ivanju?",.. SEARCH_TOAST_OPTION: "Da, uklju.i Sigurno pretra.ivanje nakon .to ponovno pokrenem preglednik.",.. SEARCH_TOAST_DONE: "Gotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nemate sigurno pretra.ivanje - budite oprezni",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".elite li dodati sigurno pretra.ivanje i ostati ispred?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Da, dodaj sigurno pretra.ivanje mojem pregledniku i promijeniti svoju zadanu pretragu na {0}.", // {0} SE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7496
                                                                                                                                                                                                                                                  Entropy (8bit):5.5550712038218695
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CyQ0mXVpV8YYxZXThD71WnkWYtezBPwe49Fnmsv31B94+CgbH:CxFXV8YabLtaB4jXH4g7
                                                                                                                                                                                                                                                  MD5:2541A18DFA2FFB6F7A3BFFEA83D43E4E
                                                                                                                                                                                                                                                  SHA1:F8D1E10B525C5C5E031D2115752D34F8DBD0B695
                                                                                                                                                                                                                                                  SHA-256:3DE501821EF401E88582D773E23F6DFDF2AFBF7A37228E1933D39BBCD362F152
                                                                                                                                                                                                                                                  SHA-512:74F9002BC25097E5338650FDC26A6D83CF982A9CD44E21DDEBFD44B2083D4632D8E497B020101254C176223399D0B0A7AA704ADE05201A01688B9A4AB4E08078
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A biztons.gos keres.s ki van kapcsolva. Legyen .vatos!",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT: "Szeretne a rosszfi.k el.tt j.rni az extra keres.si v.delemnek k.sz.nhet.en?",.. SEARCH_TOAST_OPTION: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tottam a b.ng.sz.t.",.. SEARCH_TOAST_DONE: "K.sz",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nincs biztons.gos keres.s funkci.ja . legyen .vatos",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Szeretn. hozz.adni a biztons.gos keres.st, hogy n.h.ny l.p.ssel mindig megel.zze a rosszfi.kat?",.. SEARCH_TOAST_

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6908
                                                                                                                                                                                                                                                  Entropy (8bit):5.237071715961501
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CNcefx5VArSHAmTy+rr0l2BJ07tpelslpeWy++WVHJN:CL5OpmOU0lCJ07tpiWp4sj
                                                                                                                                                                                                                                                  MD5:B5D0988C65F589401FA7DBF19ED0280C
                                                                                                                                                                                                                                                  SHA1:A85E366C54C63DEAAC0C3B6ED3C03E524BE9EF07
                                                                                                                                                                                                                                                  SHA-256:764E8C4D86D570A15A34E2AAAABDCA5A1DF23C8DE98235A1A6657C1732B94443
                                                                                                                                                                                                                                                  SHA-512:3611562555D7AAE024F336210286F375639E05A0848ECD869150AF844266D5F8039BE60F085C58D73DD6CDFA2EC2CBE7F0145F88519D8E9E61396487A63A02F8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Attenzione: la funzionalit. di ricerca sicura non . attiva",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche.",.. SEARCH_TOAST_BODY_TEXT: "Vuoi essere sempre un passo avanti rispetto ai malintenzionati, grazie a una maggiore protezione delle ricerche?",.. SEARCH_TOAST_OPTION: "S., attiva la ricerca sicura al riavvio del browser.",.. SEARCH_TOAST_DONE: "Fine",.. SEARCH_TOAST_HEADING_COMPLIANT: "Attento, non stai usando la ricerca sicura",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "La ricerca sicura consente di escludere i siti rischiosi dai risultati delle ricerche.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vuoi aggiungere la ricerca sicura e tenere alla larga i malintenzionati?",.. SEARCH_TOAST_OPTION_COMPLIANT: "S., aggiungi la ricerca sicura al browser e imposta il motore di ricerca predefinito su {0}.", // {0} SEA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8147
                                                                                                                                                                                                                                                  Entropy (8bit):5.846824348861508
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CPLfnSHyVfZ2H6EisoqNkij09yT4eKVX0fe66UqPJGNBcpIEdt4/L22XPJn4/799:CumbTi9Itk2s1EuSU8sJ7ny
                                                                                                                                                                                                                                                  MD5:B1C564C9333C742497E5A9D3817CAC99
                                                                                                                                                                                                                                                  SHA1:0020924D194D635F4A9AE0F6F669B51DC780128F
                                                                                                                                                                                                                                                  SHA-256:3596EF93BF4488986B1A9B39F3C07523E72C40A85185600BE36A3054290E13BD
                                                                                                                                                                                                                                                  SHA-512:3BB3A5088351D5E4919B4B86917FDCB43883E77F770322840A75103A99BD3C255A0E9CAD4BABF80975420F3156627BD4A3A9912D7D9E3662B3635AF5D46D6A35
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: ".........",.. SEARCH_TOAST_HEADING: ".... .................",.. SEARCH_TOAST_SUB_HEADING: ".... ........................",.. SEARCH_TOAST_BODY_TEXT: ".........................",.. SEARCH_TOAST_OPTION: ".................. ...........",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: ".... ..........................",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".... ........................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".................. ...........",.. SEARCH_TOAST_OPTION_COMPLIANT: "........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7384
                                                                                                                                                                                                                                                  Entropy (8bit):5.93260103930681
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CIfSwAbRpdRzltRSN79FIt4khpJAk/NzfH/:CIawKtRSNp1k+YDf
                                                                                                                                                                                                                                                  MD5:A4007E048251B6D27DA1B76343BFF6E9
                                                                                                                                                                                                                                                  SHA1:BC4042BEBAE991640DF7A832F6F48558151E1B53
                                                                                                                                                                                                                                                  SHA-256:033188FBD5D83097F66C856F4DED8D9BE5B03439ACD072587BD21EF24206CF5A
                                                                                                                                                                                                                                                  SHA-512:EF99DF808B68F4298EEAA306B36763324A18612CCBDC9D05DB76945EDFEFD652DFBBEC6B88D542B3B3966591712E3036E8D93E2A93350AC37BB4ECFB7BCB3EE2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "......",.. SEARCH_TOAST_HEADING: ".. .. ..... - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT: ".. .. ... .. .... ... ........?",.. SEARCH_TOAST_OPTION: ".. . ..... .. ... . .. ... .......",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: ".. .. ... .. - ......",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".. ... .. .. . ... .... ......",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".. ... .... ... .. ........?",.. SEARCH_TOAST_OPTION_COMPLIANT: "., .. ... . ..... .... .. ... {0}(.). ......", // {0} SEARCH_TOAST_*.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6835
                                                                                                                                                                                                                                                  Entropy (8bit):5.392606150649136
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CKrYAXY8c4VteYFB8K3ueYFYRbyLXKFK4MwJ:CNGY8VVt7FB8K3u7F6yLXKFK7wJ
                                                                                                                                                                                                                                                  MD5:079E49705B1F2786068AEAF22E68DD3B
                                                                                                                                                                                                                                                  SHA1:BFFEBBB258DB9B0731CC72C494C93E8827ABC9C5
                                                                                                                                                                                                                                                  SHA-256:CF8757AD22A8E4BE81F939351FCAC8DCB331A56EFD733EBF6DBE5935CF1CDB63
                                                                                                                                                                                                                                                  SHA-512:276DF6AA234BF65FCC5809F1AD31BBFAA41C9F107CC13EEC659979EF76AC8E1BBDE43B63202B656FBB7FEDDFCBF8DD2EB154903CFBD1DF080BF6E56A8730A54B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Sikkert s.k er sl.tt av . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna skadelige omr.der i s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT: "Vil du ha et forsprang p. skurkene med ekstra s.kebeskyttelse?",.. SEARCH_TOAST_OPTION: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt.",.. SEARCH_TOAST_DONE: "Fullf.rt",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har ikke Sikkert s.k . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Sikkert s.k holder deg unna skadelige omr.der i s.keresultatene.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vil du legge til Sikkert s.k for . ha et forsprang p. skurkene?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, legg til Sikkert s.k i nettleseren min og endre standard s.kemotor til {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Y

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6746
                                                                                                                                                                                                                                                  Entropy (8bit):5.350952933198646
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CHSyoqPxfaPVFJ1bshox+a3uz27w8iLt9ls3cLt3CPiMWbW3pDLrFvn:C2J4jtjbSLBh
                                                                                                                                                                                                                                                  MD5:887A6B30FCDB774C89BB8A96CC48C50F
                                                                                                                                                                                                                                                  SHA1:730511C363199AA4926106B8A7E184B7F0B7674C
                                                                                                                                                                                                                                                  SHA-256:0C05174E2379824B0E43722D5018D5FF8A2F3317C8D4CBD13AA794BE096635E1
                                                                                                                                                                                                                                                  SHA-512:0EF5FE0389BF621D262CBB12A4BF70EBCDE8F0441748FF325AAFEF3FB03224AAE0FC14629B5374803C2F7E479133AEA39E7E280BB20CFB835E7CADF88A00323F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Beveiligd zoeken is uitgeschakeld. Wees voorzichtig.",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden.",.. SEARCH_TOAST_BODY_TEXT: "Wilt u de criminelen een stap voor blijven met extra zoekbeveiliging?",.. SEARCH_TOAST_OPTION: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. SEARCH_TOAST_DONE: "Gereed",.. SEARCH_TOAST_HEADING_COMPLIANT: "U hebt Beveiligd zoeken niet: wees voorzichtig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Wilt u Beveiligd zoeken toevoegen om criminelen een stap voor te blijven?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, voeg Beveiligd zoeken toe aan mijn browser en verander mijn standaardzoekmachine in {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7048
                                                                                                                                                                                                                                                  Entropy (8bit):5.61243549683091
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Cp4EhuYbEvbH2jQWjlykLbLJLA1keuRgR1kv6z+tU9k8ir+IQB1y0g8CmYrvBjy/:Cp4EhuYbEvbH4QWjlykbpA1keuRk1kvI
                                                                                                                                                                                                                                                  MD5:3B5FD528D7C629BE69E4801E505F90B4
                                                                                                                                                                                                                                                  SHA1:9D14001C9EE9AC45BEB54FC9F931E0784141F4A5
                                                                                                                                                                                                                                                  SHA-256:95D02F5D8184C9B68EBD5FB47CD14FC96D7A984955D0B222807476D0F3A1BDD9
                                                                                                                                                                                                                                                  SHA-512:5423AC1449EBFFDC64189F7A98D32E0507FE8C9B96C7B047572B689D1D68FCDF00FC47611709E3F83A8DE1B1AF399015A271EC4406AE90415A4885F40869702C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Uwaga! Funkcja bezpiecznego wyszukiwania jest wy..czona.",.. SEARCH_TOAST_SUB_HEADING: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT: "Czy chcesz uprzedzi. zagro.enia dzi.ki dodatkowej ochronie wyszukiwania?",.. SEARCH_TOAST_OPTION: "Tak, w..cz funkcj. bezpiecznego wyszukiwania po ponownym uruchomieniu przegl.darki.",.. SEARCH_TOAST_DONE: "Gotowe",.. SEARCH_TOAST_HEADING_COMPLIANT: "Uwaga, nie masz funkcji Bezpieczne wyszukiwanie",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcesz doda. funkcj. bezpieczne wyszukiwanie do przegl.darki i uprzedzi. zagro.enia?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Tak, dodaj funkcj. bezpieczne wyszukiwanie do przegl.dark

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):662
                                                                                                                                                                                                                                                  Entropy (8bit):5.7597397179634
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7Ha6F06FXOAdhcUbz4wpHyHK6IPHCTFad+d/LVqk8FCVkC:7HrLFOAdiIppSq6IPVsdiFCVkC
                                                                                                                                                                                                                                                  MD5:9333738A73E36A2E269613A1D018210A
                                                                                                                                                                                                                                                  SHA1:E0A71E913C575269C4BF44DFF74C817988EC2948
                                                                                                                                                                                                                                                  SHA-256:A0581EFA5908137F14713CCE144FFD986A31FBD8C32AF3E5F6D34401175C9EDC
                                                                                                                                                                                                                                                  SHA-512:6F032E00C9F0EDAC5148B31732A6B172A121BD9B5F33EA8C8A5BF2D16B0BE49932C613AFFD6B749B2EA57166395D78BADD4842CD99EEEFBFACD0E8F8D4BDF05F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Slu.ba Bezpe.n. hled.n. je vypnut. . bu.te opatrn.",.. SEARCH_TOAST_SUB_HEADING: "Slu.ba Bezpe.n. hled.n. v.s ve v.sledc.ch hled.n. upozorn. na rizikov. str.nky. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Chcete zapnout roz...enou ochranu p.i hled.n., abyste byli v.dy o krok nap.ed p.ed hrozbami?",.. SEARCH_TOAST_OPTION: "Ano, chci po restartov.n. prohl..e.e zapnout slu.bu Bezpe.n. hled.n.",.. SEARCH_TOAST_DONE: "Hotovo"..}..//E48885A4089C191F17100BFDF7E33E8198F4142B426AAC5DF923BCCF6590D0F6279F27D9A11B08236B5118D8F28E829298EA8155238D1AC065DDC6B95F2F396A++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):591
                                                                                                                                                                                                                                                  Entropy (8bit):5.556587769890555
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7H0Qs8HQMHQs8f2aw5VL0bdhPLjWR8exSYjnYBN:7Hfs49wsC2aw5t0bdhWR5xS8nGN
                                                                                                                                                                                                                                                  MD5:5167EC440E9B60D834B74C163B466859
                                                                                                                                                                                                                                                  SHA1:0315D48D553C4A01BBE37647C28359ADB1B96646
                                                                                                                                                                                                                                                  SHA-256:53C7540204C5DBF54AF6590798A1CCCA6654E57669CD5B4DE19680C0615D3355
                                                                                                                                                                                                                                                  SHA-512:CBA121F03DFC55DA30FE13CE5069C6540F77AAAF6141C57E554A765CDD73F8DE7E0A17AF2C71825F57E1A63F3C8A1E23667416A1AE6B7BFE05438AEDCE21940D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sikker s.gning er sl.et fra . v.r forsigtig",.. SEARCH_TOAST_SUB_HEADING: "Sikker s.gning markerer de potentielt farlige websteder i s.geresultaterne. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vil du have ekstra beskyttelse ved at g.re dine s.gninger mere sikre?",.. SEARCH_TOAST_OPTION: "Ja, aktiv.r sikker s.gning, n.r jeg har genstartet browseren",.. SEARCH_TOAST_DONE: "F.rdig"..}..//DDDC93AEB7D34452F7BFAF7B5E3231C2B201649F331175338D56FDD10D545BEAAA636B8EC78589BCC470F535CB4606852AECABE9B7FFCE3B3713D68C8B9E4C69++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):626
                                                                                                                                                                                                                                                  Entropy (8bit):5.46994588054159
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HV5hKfCvXCQtROXlU1dhIQvQA3yDYBGNJXJWWqEOVhsNR1f/0e:7HfhKf+X08dbCYgOPsh/9
                                                                                                                                                                                                                                                  MD5:DE979FA93BF682A07CFEB46648C9AF02
                                                                                                                                                                                                                                                  SHA1:D1A39737B02B215D09791B0D6DD4B72876F7B271
                                                                                                                                                                                                                                                  SHA-256:216AD61CD811B087D5F040D8F0F4942488720CD73B9BF2E99B19DEAD84272B99
                                                                                                                                                                                                                                                  SHA-512:DB5F1E657B6DC238FB3E10157F04BFE6D4B13AD88B16E0764BA9E7400F95DFAD6E72DB2F5A9102F7B4F60924342678620ED9A5EF1C2D88199D749D0D0C7D6E46
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Achtung: Sichere Suche ist deaktiviert",.. SEARCH_TOAST_SUB_HEADING: "Mit der sicheren Suche werden Sie vor risikoreichen Websites in Ihren Suchergebnissen bewahrt. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Wollen Sie mit zus.tzlichem Suchschutz Bedrohungen immer einen Schritt voraus sein?",.. SEARCH_TOAST_OPTION: "Ja, ich m.chte die sichere Suche nach dem Neustart meines Browsers aktivieren.",.. SEARCH_TOAST_DONE: "Fertig"..}..//781BDE4AF95A67F6BF08097C19686398C7BA776D0B20431C0E4C6F45D4D53F251BF9EFBDFDD2D3EA8503B1454611F007F0DB96A6F43145B24D1298F03A4C6042++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):966
                                                                                                                                                                                                                                                  Entropy (8bit):5.129622769173818
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HzMnpI0MXLr28dNWGmr3/TaMTyN/lPmv:SS268drb0le
                                                                                                                                                                                                                                                  MD5:5289448506816447D15EB62E8D3A8EAC
                                                                                                                                                                                                                                                  SHA1:C8E57B7F43E7E5C08CF284AF19BE25EBE9B75291
                                                                                                                                                                                                                                                  SHA-256:BB50893CE6A58CE3C156E6D8D487A6BC33C42436A56B91D7161B1F4A15DAEF85
                                                                                                                                                                                                                                                  SHA-512:CEE8BFEBC544BF151FC31DC0E4C4F2336BC316768E650A3BFAC748CBB08D3E8E65F4CB45D924385A980D569957FF6F772AC700DA559A794969C6D449491B7D61
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ". ....... ......... ..... ................, .. ..... ...........",.. SEARCH_TOAST_SUB_HEADING: ". ....... ......... ... ........... ... ........... .......... ... ............ ........... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "...... .. ......... ..... ... .... ....... ... ... ....... .. ........ ......... ..........;",.. SEARCH_TOAST_OPTION: "..., .. ............. . ....... ......... .... ... ............ ... ............ ..........",.. SEARCH_TOAST_DONE: "....."..}..//8ABC4EE494806AF244C67B673221383B313197DEC7804C5994E3EE2559C39528AA1CF76351E2690EF191B60E3D0229D70191E3D8DEB7AE8D58EFF26C225FA970++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):546
                                                                                                                                                                                                                                                  Entropy (8bit):5.438478026475485
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7H4HIWFH3npSuVJTsdhIEfRXK9m/NaU/KPEOHVagBjFDh7h:7H4NXpSuVJTsdjfRXKIVaYmrvDj
                                                                                                                                                                                                                                                  MD5:50B27F1859C737418F3B8FAD6C60CCFA
                                                                                                                                                                                                                                                  SHA1:6D9C0A1CF778F05725D8A0BA475CB76B13A05F28
                                                                                                                                                                                                                                                  SHA-256:08F32499383319ABD3D2E60BFAAF9D633485F6DBE7FE922BD25A68AFBD148970
                                                                                                                                                                                                                                                  SHA-512:0C3695585CEF7784CEA76E4BFB52B45FF37B5CC545A43A0C93B8836C2108CD94679E75A9DC8E2459FFFEDBC45BA014D99FB3EB01D349411BBE66A2ECD6D2381E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Secure Search is off . be careful",.. SEARCH_TOAST_SUB_HEADING: "Secure Search steers you away from risky sites in your search results. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Want to stay ahead of threats with extra search protection?",.. SEARCH_TOAST_OPTION: "Yes, turn on Secure Search after I restart my browser",.. SEARCH_TOAST_DONE: "Done"..}..//96EA14B58D06EA6D292E6EA56AC3DF0134F3F980FB5B5BC318F194D697843105615D3F4A1F7CD553206D0EE9E4F050AAF106A37E03FADE5B02133515F63052E6++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):621
                                                                                                                                                                                                                                                  Entropy (8bit):5.538926666499625
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7H1b6YjvHDkYdhDOnKjHZ/QC5MHYRczhbuUKsyD9:7HRHDkYdQneZ/7kYR+hbuUKbp
                                                                                                                                                                                                                                                  MD5:ADCAADDD4131E780BFB6216607B155D1
                                                                                                                                                                                                                                                  SHA1:2608554A423B6296461791A3ABC99B2DB6913AB7
                                                                                                                                                                                                                                                  SHA-256:4D844C78842DE6FDC2C6BBA282041EE5EF0F18B20858012932AE20DDF3A64F28
                                                                                                                                                                                                                                                  SHA-512:A09968BBBA5D66D9609E459D59851FFD15FA03E88D8797C7C1075DADE03B1C4F524001FC96511F9B6744A2277277D5D96A082BEE47AE9DBDB31A1ADF0C16776F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "B.squeda segura est. desactivada: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura filtra los sitios web peligrosos en los resultados de sus b.squedas. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".Quiere ir un paso por delante de las amenazas con una protecci.n extra en sus b.squedas?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de reiniciar mi navegador",.. SEARCH_TOAST_DONE: "Listo"..}..//F46FDE9F2473302E649EF27D6C28A0E0041CE6A60D7CCB2D2771B200C5968A158335280F63E8BC7DB3CE8576CE3F91251CE28338FA32F9A1DD7EB0CF8E9FF50F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):590
                                                                                                                                                                                                                                                  Entropy (8bit):5.555932938953374
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7Heaf6Yrsi5KD/DdhDybH62P5MHrS2Rboo2SWQYJ:7HdLsiUDLd0rXPkm2RkZQYJ
                                                                                                                                                                                                                                                  MD5:4D299AD9C33AE5F7221ACDFC6D8CB419
                                                                                                                                                                                                                                                  SHA1:B5B1F34175D9C2882D809550255E3E9258D71E85
                                                                                                                                                                                                                                                  SHA-256:06E8763D1A79C0B2F31C3A2D4CDE04A7264B96D497B1C8CFE652171B79832FA3
                                                                                                                                                                                                                                                  SHA-512:C8A02922341E3C8ED158B8AE8944518F6C0C7625C50A166E15BF756ECD45D0387AD068DFED5F39750B2E22959CA3966B32577F3F7E47544D7F059E3E2B896DC6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "B.squeda segura desactivada: tenga cuidado",.. SEARCH_TOAST_SUB_HEADING: "B.squeda segura lo aleja de sitios peligrosos en los resultados de b.squeda. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".Quieres adelantarte a las amenazas con protecci.n de b.squeda extra?",.. SEARCH_TOAST_OPTION: "S., activar B.squeda segura despu.s de que reinicie mi navegador",.. SEARCH_TOAST_DONE: "Listo"..}..//F440553795D258CCD308C658E9E482E26720C16D38545458B05A2275CA943DCD179AFA03B7F44DC10B92C6B0CEB55D49F6771F151D4637EE37B731C4DAAF1626++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):594
                                                                                                                                                                                                                                                  Entropy (8bit):5.551685954662295
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HpBjkIHMjpJNnddhFyXLcE6P8ljSy3FJHzWLSl3iWSf/m:7HpBBHsNnddeXInP8lmSFcLSlZ
                                                                                                                                                                                                                                                  MD5:DC9F54AA3F300ECF790AA92628D3CF77
                                                                                                                                                                                                                                                  SHA1:78077A363E5A448FA3230165D854804FEBE4572F
                                                                                                                                                                                                                                                  SHA-256:8540FB93344738BBF71D19DF09AABF8E3B90D57D42C5AAF109DE94FA2134E718
                                                                                                                                                                                                                                                  SHA-512:3CB6041A0E30126260F33D15D76B1EF0C87F1EEDD6C1AD698303649EC8AB40E2BF06FAF152DA51779372BF29B9B2E5EE9A609D296E754403B58B10A20F62A2D1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Varoitus: suojattu haku ei ole k.yt.ss.",.. SEARCH_TOAST_SUB_HEADING: "Suojattu haku suojaa sinua vaarallisilta verkkosivustoilta, kun suoritat hakuja. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Haluatko pysy. askeleen edell. ja hankkia lis.suojaa hakuihisi?",.. SEARCH_TOAST_OPTION: "Kyll.. Ota suojattu haku k.ytt..n, kun k.ynnist.n selaimen uudelleen.",.. SEARCH_TOAST_DONE: "Valmis"..}..//E0D86E5CD809B5C76CAF04F121AC8F615738D596AA4B00EB31DF24B6F439A32589C889436CC92F341F0D734F1A6B9F599E51EE29340A78CF96A14EAA1BCEB47C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):619
                                                                                                                                                                                                                                                  Entropy (8bit):5.449837640437659
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7He5LuGrtBdhLjwQ8SlK3woEEn9CPOPuUiF9WJ/:7He5LustBd5wwlK3/Ea9yNcx
                                                                                                                                                                                                                                                  MD5:8C2B50C751DEC6FE68104B2C3B785B7A
                                                                                                                                                                                                                                                  SHA1:50630ED37996EACA21174B22A6D2D59A74C8B7F6
                                                                                                                                                                                                                                                  SHA-256:3368ADDB6B95C9301EEE6497048A89A933483C1172E5A32B18638EE38B0520E9
                                                                                                                                                                                                                                                  SHA-512:53C318367BF41D965C06B96FDB68E7E2D5F525FB24F7181F90420A38591F78596A2915E30924D34D17A06103120623473CEA6F6DF04286FF292A6A6E4D78C99D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attention! Recherche s.curis.e est d.sactiv.e",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte de votre recherche les sites internet risqu.s. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vous aimeriez garder les menaces . distance avec une s.curit. de recherche accrue?",.. SEARCH_TOAST_OPTION: "Oui, activer la recherche s.curis.e quand je relancerai mon navigateur",.. SEARCH_TOAST_DONE: "Termin."..}..//B009D31CB7307E982854F17EE84129B416280262293434696F0EC516C681FEFBAED83BBF71D228F4BBB9D3D0DA0906E77C9126C5469A71278BBC65225974E220++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):654
                                                                                                                                                                                                                                                  Entropy (8bit):5.46466082595575
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HQ7vJmt/5Tdh0tTdQzFOQ8S4NKXzH6jctqVdD/9VXIHc3Z:7HQ7vJmtJdWtTOpKNKXb6BdTnXCk
                                                                                                                                                                                                                                                  MD5:C4CEA16F909889D02A6D6FFD1B8C6991
                                                                                                                                                                                                                                                  SHA1:3A8E59632230494C41B6B0117F29DDE010E2FE0D
                                                                                                                                                                                                                                                  SHA-256:1CC748BF272A659EBDEECB25EC29667AEF5B25B2330CA8007FF78846CBD2E8F1
                                                                                                                                                                                                                                                  SHA-512:FC231DD995A2B87B962CF2DE13993539773B19F02CCC7767830A4925026C5249CEC29962B1F6F9B1B16596CB11BE32C2ECB2863E1BC9096FBF20387EDD87E376
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "La recherche s.curis.e est d.sactiv.e. Soyez prudent.",.. SEARCH_TOAST_SUB_HEADING: "La recherche s.curis.e .carte les sites dangereux dans vos r.sultats de recherche. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vous souhaitez garder une longueur d'avance sur les menaces avec une protection de recherche .volu.e.?",.. SEARCH_TOAST_OPTION: "Oui, activer la Recherche s.curis.e apr.s le red.marage du navigateur",.. SEARCH_TOAST_DONE: "Termin."..}..//EF49244BF3C7DDE9ACDF9BC3020BB15BE3BC2CD05AC5A92A4FEC7644E9C0DFBCD62E527E93FDCE507CB127EBAA8AE493F6BBC9D252A52B0509918367E2722E80++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):642
                                                                                                                                                                                                                                                  Entropy (8bit):5.585450765906051
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HA+vZMuIg9s7sdhXNrY+Au1HQu8TPAu0TYa5MsLOETS+nh:7Hb2g2sdrkiQuI4uY5TLfXh
                                                                                                                                                                                                                                                  MD5:96F9B117332775DC777AEA1F28DF2AC9
                                                                                                                                                                                                                                                  SHA1:10459147C871654E4D02A70FA9403CFDA581CDAE
                                                                                                                                                                                                                                                  SHA-256:89D45977D1D9E202C71A463E25F2F9B666EC2A27865FC90EDD5333BC89933AA4
                                                                                                                                                                                                                                                  SHA-512:52863029F6B3CD736815B11CD2084204B3DD0EBA7E47E4D9F8A6871E4DB9060A29297723AC2CF83AAAC27442739F36678EF4C3A383F7CC733CA41508FF6470EF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Isklju.eno je Sigurno pretra.ivanje - budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Sigurno pretra.ivanje dr.at .e opasne stranice podalje od va.ih rezultata pretra.ivanja. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".elite ostati nekoliko koraka ispred prijetnji s dodatnom za.titom pri pretra.ivanju?",.. SEARCH_TOAST_OPTION: "Da, uklju.i Sigurno pretra.ivanje nakon .to ponovno pokrenem preglednik",.. SEARCH_TOAST_DONE: "Gotovo"..}..//9C25629FF501E6CC7B94A4DDE5E531A78015E9F3D4FE722BFDD1853C7D3DD896EC96C5B6FDB517894D93D277C1C3B5030B4FE425AEE3D13D846011D32B2B8BEB++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):703
                                                                                                                                                                                                                                                  Entropy (8bit):5.676694350972559
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HeBdauIvxgWeBdiituB7XcdhM2Frd0XR0WMruMYNSIt5d9XUL12k9GvZidIdhO:7HeBdauK0Bd5olXcdyiry1MSFNSEd6Lt
                                                                                                                                                                                                                                                  MD5:69192E9A051F26059299D7C2C6976D27
                                                                                                                                                                                                                                                  SHA1:6D671C3ABAEACA784FBBC1AFF1D3F1577A33B4D2
                                                                                                                                                                                                                                                  SHA-256:24432A296BE079BD777340A34896779F48C551CA4F5B05DFBCB14D12023E94DA
                                                                                                                                                                                                                                                  SHA-512:17B3FAE18DE06042AC2059C053B1DE7349CA3AA2312CC0FF6417470B59EC2EBBC56958A8C8D245CE1248E526C79089FCE149DE5B8D2ADEFC05235AC815DF7C9B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A biztons.gos keres.s ki van kapcsolva. Legyen .vatos!",.. SEARCH_TOAST_SUB_HEADING: "A biztons.gos keres.s funkci.val elker.lheti a keres.si eredm.nyek k.z.tt tal.lhat. vesz.lyes webhelyeket. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Szeretne egy l.p.ssel a fenyeget.sek el.tt j.rni az extra keres.si v.delemnek k.sz.nhet.en?",.. SEARCH_TOAST_OPTION: "Igen, legyen bekapcsolva a biztons.gos keres.s funkci., miut.n .jraind.tottam a b.ng.sz.t",.. SEARCH_TOAST_DONE: "K.sz"..}..//497F932EB94DBD0E3CAC90E1F5C8555A33B05DBA1B94A36FEC6679A11A6D3B1F0C9315C4CD195A9AD4F2F030802034637ACAF46752401120D845EC07950C25E0++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):591
                                                                                                                                                                                                                                                  Entropy (8bit):5.416000828200279
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:qsXHYKsW+x+2uvch4pilrtAfaJMdFEhKDP+ku1xvVyvCxNA+EfHOXOR9WJ5CM+Kf:7HtDdilrtAfzdhDK1+aYfHTCc0p
                                                                                                                                                                                                                                                  MD5:21A957C0D15BB12B2805B1C4522C48AD
                                                                                                                                                                                                                                                  SHA1:E83CCE41EE4BB664C9D74CFCE64EF92D62D54D86
                                                                                                                                                                                                                                                  SHA-256:709269085CD0B11E61E31EC958B501B3FE3FAD4ED05F41B0C783B25D674FF2A2
                                                                                                                                                                                                                                                  SHA-512:0B30C962FCC110786E1D1D3D8D14E227EBC07AE8F47095670EFF3DC6289CD949927D7A296A871507608261D5805A907DEFDE2052488CB3B96368413C85B60A87
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Attenzione: la funzionalit. di ricerca sicura non . attiva",.. SEARCH_TOAST_SUB_HEADING: "La ricerca sicura ti indica i siti rischiosi nei risultati della ricerca. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vuoi tenere alla larga le minacce con una maggiore protezione delle ricerche?",.. SEARCH_TOAST_OPTION: "S., attiva la ricerca sicura al riavvio del browser",.. SEARCH_TOAST_DONE: "Fine"..}..//24CF2EE9582C3FC90BC13579DF4EE26C93E9AE00CA0DEB1681A4B680D060BEB0CD41AB07BC106FA3823793A1B6D12DE8114BD6A86CD84F6E19353D31C42E9621++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):640
                                                                                                                                                                                                                                                  Entropy (8bit):5.963930964464233
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HUWisRqhWYcXYDkNWdhx8HWER9QilSh5RWmxISFvBYmuVz:7HUTOqvngUdcHbLZIrcl
                                                                                                                                                                                                                                                  MD5:14DCA319A56B02209A671B6AB0756A36
                                                                                                                                                                                                                                                  SHA1:3F2C2F8D426A3F76AF23E08CD29FD9362008E930
                                                                                                                                                                                                                                                  SHA-256:8E86E62FEF7AB54030B887960B8EAFF54C5F313E9C0518E72658D08B34176F54
                                                                                                                                                                                                                                                  SHA-512:2B877649D532476671B6B5FBCFD2B6366D827127E8862F30C7D6562457390F5FDCB8233BF0CF9AD7B4EB00FE63B7AFDB2355759B04D7097B8DBADFCDADF18F5D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".... .................",.. SEARCH_TOAST_SUB_HEADING: ".... ........................ {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".........................",.. SEARCH_TOAST_OPTION: ".................. ..........",.. SEARCH_TOAST_DONE: ".."..}..//0F1BD1D63E85EBF9FE85D4C40D0969D6A18DB1251B7A3F683DC8CE4F0CE1B41F84434B1EBDB1122FE31B6772B4F2903B620D557AB5D75BAA1F99117FC667E153++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):610
                                                                                                                                                                                                                                                  Entropy (8bit):5.977686665492592
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HRgq8EDFj2FcdhkbQ2sIm8kATcVjPgU41Qco:7HvhEcd2BsIm8kgcVjPe6
                                                                                                                                                                                                                                                  MD5:9F2BEA03FA9EF87DB13569F069B01DB9
                                                                                                                                                                                                                                                  SHA1:C2831B7411DA27B00CEAA4CAED197FA419750B0D
                                                                                                                                                                                                                                                  SHA-256:48BF5E2CEC6C8A31CDC47A1EF9840DE5B22392ED27F8990C1B840E95680A1209
                                                                                                                                                                                                                                                  SHA-512:81E9B3B0EC9DFF52AA455BBF5C3C56BEC650EF0E46E4C41477C9267B669190A800DC73AE790605B2F0F6EAFFA5BC792F664FE043DC70CE5F1FC5C56296811905
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".. .. ... - ......",.. SEARCH_TOAST_SUB_HEADING: ".. ... .. .. . ... .... ...... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".. .. .. ... .... ... ........?",.. SEARCH_TOAST_OPTION: ".. . ..... .. ... . .. ... .......",.. SEARCH_TOAST_DONE: ".."..}..//9209A02F6F8B503B7333FB2E90DD205B41E361BC5B69FC290CF3DB3956D1CF0FDF1CD91860A15C2A7E4380D018ECF7571851C36F971F65F7F7E8793BFDA006BC++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):571
                                                                                                                                                                                                                                                  Entropy (8bit):5.585860981824038
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7H0QhMHQjBUW4J9wdhPtkwxWsNW2/5U+kx:7HfhMwjIwdhywQsIekx
                                                                                                                                                                                                                                                  MD5:B53A60627F2239B59F095A49D0A14730
                                                                                                                                                                                                                                                  SHA1:16170A9EBC21DDE604D2A74A7C0AD73C5BE61A2C
                                                                                                                                                                                                                                                  SHA-256:57758D0DFEF8D90CD7849AFA92436B365045EE9BC3C9FE6B97296D1FE6412DB9
                                                                                                                                                                                                                                                  SHA-512:8C357A468C9E2BB30357AFBF1D087CA350CC3AACF8FEC1AE4557383C95CA956C7D5A5184E51256AFB9F6ED00DB609304DE6CD47ABF1F9CBC4D8C41700FD55BA9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Sikkert s.k er sl.tt av . v.r forsiktig",.. SEARCH_TOAST_SUB_HEADING: "Sikkert s.k holder deg unna risikable omr.der i s.keresultatene. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vil du ha et forsprang p. trusler med ekstra s.kebeskyttelse?",.. SEARCH_TOAST_OPTION: "Ja, sl. p. Sikkert s.k n.r jeg starter nettleseren p. nytt",.. SEARCH_TOAST_DONE: "Fullf.rt"..}..//7F9E5EAF17E8F1227E38A25E7F41560CBDC6B83917451C99D91C302F756E574998F976B81D021A6C085BC16CFA7DE4402B3FF69F01E634FC5D624DFA1142ACEB++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):602
                                                                                                                                                                                                                                                  Entropy (8bit):5.5121966627531975
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7H7AySxXeOzOqodhIMLfcPkQkfM76FwUpWgnUAZ0n:7HzSxOBqodrLfccQkbFhpnU00
                                                                                                                                                                                                                                                  MD5:CB36008F48B9A179465A060EFCF06732
                                                                                                                                                                                                                                                  SHA1:8D19C2987F8D76C354EEF62B1DD82D2CD42C0554
                                                                                                                                                                                                                                                  SHA-256:8697DDD7FABFDF87DD090ECAA453576156D3D1608FB2F6324F0458E468959EE9
                                                                                                                                                                                                                                                  SHA-512:3B648C62108ACDE37B6530D3E6C3EABDCDFE61C7D9AE01EF7A2339DAC19091EDBAA34CC8F2D10D76A09A91F4A758946AE158E217E14BF3DB55B169F299E8D99B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Beveiligd zoeken is uitgeschakeld. Wees voorzichtig.",.. SEARCH_TOAST_SUB_HEADING: "Met Beveiligd zoeken kunt u de riskante sites in uw zoekresultaten vermijden. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Wilt u bedreigingen een stap voor blijven met extra zoekbeveiliging?",.. SEARCH_TOAST_OPTION: "Ja, schakel Beveiligd zoeken in nadat ik mijn browser opnieuw heb gestart.",.. SEARCH_TOAST_DONE: "Gereed"..}..//132213718FA4DF9769B65A174ABFF129686E878CCCD8731D3ABE1DFCDB37249461D3D4CC8CF53FB08FEB164B9BF36F11FD8A1DB41DA15A171B5C8FCA7DDC9A64++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):650
                                                                                                                                                                                                                                                  Entropy (8bit):5.690654762493119
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HRmi53Lw8i53LE6PU3LOdhc1FKb3LCoPY3LcBt5tgR72RydAh:7HRZFuFIfSdi+jeoPMirt4hdAh
                                                                                                                                                                                                                                                  MD5:A1299EC5C87CDA42A533F98B4709CEEC
                                                                                                                                                                                                                                                  SHA1:0F5A70BC37D5A18FC0BE67146480526442F46754
                                                                                                                                                                                                                                                  SHA-256:1CE435F5AC3E31BE513A8D5E477E29C565CFE517D39915BBABD16E174FACBC4E
                                                                                                                                                                                                                                                  SHA-512:F27E15C8A8D14B422B5BAE18190E7CA7D43A31E36902FA6A2BC0CFFE115DA00A18F2E24B69C9C9202553BA56062EF30DD8A589F0C83E2F2D74489F3ABA81217C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Uwaga! Funkcja bezpiecznego wyszukiwania jest wy..czona.",.. SEARCH_TOAST_SUB_HEADING: "Funkcja bezpiecznego wyszukiwania eliminuje niebezpieczne witryny sieci Web z wynik.w wyszukiwania. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Czy chcesz uprzedzi. zagro.enia dzi.ki dodatkowej ochronie wyszukiwania?",.. SEARCH_TOAST_OPTION: "Tak, w..cz funkcj. bezpiecznego wyszukiwania po ponownym uruchomieniu przegl.darki",.. SEARCH_TOAST_DONE: "Gotowe"..}..//E67C9266445775342EF456DE0EE29BC20391A6164632CE51169FC7BE3DBBFC90CC444FECD255F706B3D40040C67C9CFC3EB1921EBF77C48C144B0B210683843B++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):572
                                                                                                                                                                                                                                                  Entropy (8bit):5.490201533592935
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HcwalVTVGGWF/CdhEVMBoPcw7pVl9jy7/3tYJlXc5dJe:7Hu6F/CdGVMBoPcwXltSdJe
                                                                                                                                                                                                                                                  MD5:BC5691977B799FA51CF593996451AB69
                                                                                                                                                                                                                                                  SHA1:233C8407418012744DA1209EE67F8202C71C9461
                                                                                                                                                                                                                                                  SHA-256:696A98D82BF176344F8A5C51F7FAB7768577DBA3B0044BD0CE17B366D1D89239
                                                                                                                                                                                                                                                  SHA-512:F5E8F6A08F67725304A97B07C5B434A872CD2D3F6E97C8E05C17A35AE72E19CCBD4150EE1762FCB7C6D32A4ED74B37D25A3EF2BE2394D87AA364F6589FDB21CF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa segura est. desativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura evita os sites perigosos nos resultados da pesquisa. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Quer ficar longe das amea.as com prote..o extra?",.. SEARCH_TOAST_OPTION: "Sim, ative a Pesquisa segura depois que o navegador for reiniciado",.. SEARCH_TOAST_DONE: "Conclu.do"..}..//79810015A4CBBC4EDC91809446417CF31E2EEBFAABE5C1ABD28FC532801BEA817FE81C6A6FC0B7DC4D45BDBD002BFA5982061C0BCECA2D95769BD008875ABED1++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):597
                                                                                                                                                                                                                                                  Entropy (8bit):5.514344817447737
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HcQyVTuEcc3WhZ2dhvGUO9N7tOsKaLkdUHrqmJxgci+lQ:7HNlhZ2dRGUcNgsHLkWHrq6gciV
                                                                                                                                                                                                                                                  MD5:94C713C34215464B32CE0DE2440C9B93
                                                                                                                                                                                                                                                  SHA1:D2C87D10C4F0440EF1F1F5BFD56FE0424A5EF90D
                                                                                                                                                                                                                                                  SHA-256:CBB75E0276216001C7860194D08977DE494CF87BB097AB6A3F328F9F9DDC3805
                                                                                                                                                                                                                                                  SHA-512:543B990DFFA367EF7348990D65A22EAE1E0C194E313EBBB0B9D711F096712B73FB63843C9206F1E0C0AAA4379295F3DC8B52582791D050AFD66F0B58D2BFFA55
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "A Pesquisa Segura est. desativada . tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A Pesquisa segura ajuda-o a evitar sites perigosos nos seus resultados de pesquisa. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Pretende evitar as amea.as com a prote..o de pesquisa adicional?",.. SEARCH_TOAST_OPTION: "Sim, ativar a Pesquisa segura ap.s reiniciar o meu browser.",.. SEARCH_TOAST_DONE: "Conclu.do"..}..//47AF18EB50A5DA101FD7B34733F1DE8B29ED21DB70A1CD0B92FBD680CA348C221E681808F1125E9D689D7A8F51D09EBAE3E261D56B4227BC0FF82A2FC1478DF4++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):837
                                                                                                                                                                                                                                                  Entropy (8bit):5.267015231290291
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7HYytHN6yt20qJNs2OSo7dL2IlIX2tCFe8SlJvA+wcnPx:8yNN6yJqjbOS6LiX2AKno+FnJ
                                                                                                                                                                                                                                                  MD5:35A8D724FD8AF2C038A137DE5E6F19BA
                                                                                                                                                                                                                                                  SHA1:36C5167BA9FF3B27D11C85486B2D37D94B76D9F0
                                                                                                                                                                                                                                                  SHA-256:5A5CD1BA75B6732E814B548A74BA9FBE94D52E113EADF32B81E59C8BCA7AB55A
                                                                                                                                                                                                                                                  SHA-512:BAF5CF10CD3D45AD0E041364BA126746263E9B246AE17F18FF4AC83BEA238A298AAB087FAB2DAEAD989BBD751B88EA997FD18D2DC11635802A490A57B25FEBE6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: ".......... ..... ......... ...... .........!",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... ....... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "...... .......... .. ..... ... ...... .............. ...... ......?",.. SEARCH_TOAST_OPTION: ".., ........ .......... ..... ..... ........... .........",.. SEARCH_TOAST_DONE: "......"..}..//A1A09546187493B2E905A31D9318DA8444D0CDD309883B15265B059E3BFA1622A835F4488CC4271089169A5BB96C639C117AF548738DF2B3F4FBA1B4028CD908++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):649
                                                                                                                                                                                                                                                  Entropy (8bit):5.787021399501204
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HLxCHLIOdhcUdOVzpG4kl9Uyc5DTS3Jn:7H9C0OdiSOVzpG4kXUyctTcJn
                                                                                                                                                                                                                                                  MD5:C44D28237A6B757F95CE535CFEBFEDA7
                                                                                                                                                                                                                                                  SHA1:B9EB40EB6B4F2EE30C9B96D65BFE4AA947FA408E
                                                                                                                                                                                                                                                  SHA-256:1A83C1A9DC0ADBFE1E5DCCFD256F74436A7A62F083795083371A18C276B9442B
                                                                                                                                                                                                                                                  SHA-512:B634252B6C6DEBC993A85F3B78D63CC1F13130623BC9349E22509141CDB5668E3B3BF0FD3830AFB292137BE5A6157FA26F85F86ADEF4BB7AB7D8460ACDF4767D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Zabezpe.en. vyh.ad.vanie je vypnut. . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Chcete ma. n.skok pred .to.n.kmi v.aka zv..enej ochrane pri vyh.ad.van.?",.. SEARCH_TOAST_OPTION: ".no, zabezpe.en. vyh.ad.vanie zapn.. po re.tarte prehliada.a.",.. SEARCH_TOAST_DONE: "Hotovo"..}..//149E6709C5CFD657DFEEA89947F6DBF418CBA8A0F7DF56594C44D023AF4F45537FBDBF6D2F9799727EBA1199EF93D26C0BC0415165BED05061F3E254AE76118C++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):605
                                                                                                                                                                                                                                                  Entropy (8bit):5.6115676645450305
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7H3ORkfi2TAdhX3UbQytlQuhUHFsWk64AFUAzgMBO:7H38kfwdqvQuhUHF3kLjmgMBO
                                                                                                                                                                                                                                                  MD5:B7F48005676B897D23A2D77E1337EA82
                                                                                                                                                                                                                                                  SHA1:91097E850AA2E65FA2D12F8D1168BFC9EF22ED49
                                                                                                                                                                                                                                                  SHA-256:BF68150EF6A23C0E63D82E174FDB335C47B3496AE8B48EBA9BE35F6E7DD8523B
                                                                                                                                                                                                                                                  SHA-512:F938ABB835D86C04CD3F95309F59011E3930D98409812DD55365625CC7A99F9E7911531DD6A8C3D6486E4A55EF551EDBAFA2BC035ECEE0CFB2B4094B26263FE9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "Bezbedna pretraga je isklju.ena . budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".elite da budete u prednosti u odnosu na pretnje uz dodatnu za.titu pretrage?",.. SEARCH_TOAST_OPTION: "Da, uklju.i bezbednu pretragu nakon .to ponovo pokrenem pregleda.",.. SEARCH_TOAST_DONE: "Gotovo"..}..//2ACC2FEF55DE3B4194F8A6A236012B64A35645FB181AA1C5270D84E787D37FC441828776CAF3D5D67936CC200E30D250EAC3FEFD7A92DC70D1BDBAF394095E7F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):574
                                                                                                                                                                                                                                                  Entropy (8bit):5.631845839445742
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7Hmg2AbjgZyDzL0HD4WkdhPN4McUQ4N94ije+ci38Gl1N:7H7DbEgLLdVWMHN94i6+hR1N
                                                                                                                                                                                                                                                  MD5:39C2D771B371F6B034422856080ABACC
                                                                                                                                                                                                                                                  SHA1:C1665F86C2964C1BF8AF7F1DA9C6CC64D808C822
                                                                                                                                                                                                                                                  SHA-256:BEDF8B48BF6CBE896B2645E6638A80B38B5393516591C8069D99ADEDF48C6C07
                                                                                                                                                                                                                                                  SHA-512:6789B62F9F7CD27573C6413DE9F227A54BA786986BA6A4CA0ED063B298C8BAC21688B007CDB77491AE93CFE2E1811FD77FC4BB2CB6FB43BA5755237B54015547
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "S.ker s.kning .r avst.ngd . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Vill du vara steget f.re hoten med extra s.kskydd?",.. SEARCH_TOAST_OPTION: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. SEARCH_TOAST_DONE: "Klart"..}..//F8E30110A1145C29647E579C7CDA99C3E5BC3A3B7CD17FEC113DCED5091E74BB8E14B659410AC439D4718E71E1EA8D8354AC28BA5FD3A66B40BAA183F0663096++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):589
                                                                                                                                                                                                                                                  Entropy (8bit):5.622368928028239
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7H0i4Hb00hCdh29T1pGQMlwrX96UOO2deAa:7Hl4phCdA6VlwLb21a
                                                                                                                                                                                                                                                  MD5:102E68C70E4D934A49B1A17CD3FA6F85
                                                                                                                                                                                                                                                  SHA1:703B14279974DDA5270C734E6C885BDC876760F2
                                                                                                                                                                                                                                                  SHA-256:C01582746CEA33E5564376604B4E572C1B6C9EFCFA4A7DD6589F5740FF03F7D1
                                                                                                                                                                                                                                                  SHA-512:C8F5D1C81F513A8C2B33B0DDFD6EA25B107D61CAC31E145154A962599061C4845E7E5195AC405C4E66E2E15585FB163FF3027C7D9574AB9E48A65FB8473340BB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "G.venli Arama kapal., dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar. {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "Ek arama korumas. ile tehditlerin bir ad.m .n.nde olmak ister misiniz?",.. SEARCH_TOAST_OPTION: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. SEARCH_TOAST_DONE: "Bitti"..}..//2E34B3229D4286580CD0781F64724D2FAEE038754346DA01CBF15F69B2E29FA428F93267F5D3F58443E53DC75E9A580D6C1937434564E5DAE1EEE9ADF0E7CD93++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):547
                                                                                                                                                                                                                                                  Entropy (8bit):6.219020856626668
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HshRETCqdh2fDviKYE4aCeX7rBnP2dmegNREe:7HshVqd8rviKYEzPVP2dmeIREe
                                                                                                                                                                                                                                                  MD5:690B33832BABAA078B978FDD4F6AD743
                                                                                                                                                                                                                                                  SHA1:EB83BF314560B618CF7278609E9B5FC928B828D0
                                                                                                                                                                                                                                                  SHA-256:BAF88339E23F2C026C07487B80A656E739F334DF820588650780441E73AC6B82
                                                                                                                                                                                                                                                  SHA-512:9FB309D87AF322952AD2502099D288726D0D4A0050367A4C13661B08AAB35A5CE99C3F12B9E720AE9580D11125E9B52715D880F24A2063143249F3BF9BD0B3FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "....... . .....",.. SEARCH_TOAST_SUB_HEADING: "...................... {0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: ".....................?",.. SEARCH_TOAST_OPTION: "...............",.. SEARCH_TOAST_DONE: ".."..}..//E87A6E9913C186CEE95654D6350532EA189E1D3D4C96E806A594110DE22C00328326A21D190D7A2D454D9DBF9D1D60826D8D06AD42BD12EF4B8E34CC40E25CF1++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):555
                                                                                                                                                                                                                                                  Entropy (8bit):6.203971338258118
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:7HamgrADLhZINcBjdhVfDaCBasqeDIYezud1A6ULKg:7Ha/cDtZINSdfrtarphzWK6gKg
                                                                                                                                                                                                                                                  MD5:E221F413F3457CF7B8E6A2F19073F2AA
                                                                                                                                                                                                                                                  SHA1:4571F544C1CF5C43776368514B6AAB27607CD990
                                                                                                                                                                                                                                                  SHA-256:559860D0313C020894F71108E877BB95D5302632B5337002CE5FF9DAF7C5B76F
                                                                                                                                                                                                                                                  SHA-512:0D0F52419D4ED4D5770BF418897F8AB34BF8B99B3C5C9719BDF8CBF724DCB2E9A35267BAD1E42F596E9716E7FD0CF0405D12B512EAB6ABAF253D9DE91C8C1EFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_HEADING: "....... - ...",.. SEARCH_TOAST_SUB_HEADING: "........................{0}",.. SEARCH_TOAST_SUB_HEADING_STRONG: "......................",.. SEARCH_TOAST_OPTION: "..................",.. SEARCH_TOAST_DONE: ".."..}..//665E595423CA30C50F69453340F2E1F6F19A254BFF79E7F30BEDFF0FFE4F61055C51BFF0F883ED606A72C2DE49D5167A9B9ACE9DB77DADC2133D19C5230C7BD9++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6977
                                                                                                                                                                                                                                                  Entropy (8bit):5.354677906533344
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CGsKDNR4J7qXQBLHEtvJd89CuvJd29Fx7sXYld4+X1p:CoDNR4x+tvJd89CuvJdMDwXcd4+X1p
                                                                                                                                                                                                                                                  MD5:1EE03718AEDB679C9583C663F65D72B1
                                                                                                                                                                                                                                                  SHA1:29A42FD946F5149CF768C6B7668601A2A5511981
                                                                                                                                                                                                                                                  SHA-256:DE87F0DFC3E537C15B56509AE9D12B84F41059BCE8EE5F0C41D6D5B4CF686157
                                                                                                                                                                                                                                                  SHA-512:56AAA511DC5DDFFDF15EC73B6D16268C1488C257C1F1AA5AD98EEC297DDF71ADBDF2BE1AA0219A03B7C658B21C27FE4B31BE7812DB8B254DCB262E19D32D2EBE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A pesquisa segura est. desativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A pesquisa segura evita os sites perigosos nos resultados da pesquisa.",.. SEARCH_TOAST_BODY_TEXT: "Quer ficar longe de pessoas mal-intencionadas com prote..o de pesquisa extra?",.. SEARCH_TOAST_OPTION: "Sim, ative a pesquisa segura depois que o navegador for reiniciado.",.. SEARCH_TOAST_DONE: "Conclu.do",.. SEARCH_TOAST_HEADING_COMPLIANT: "A pesquisa segura n.o est. ativada - tenha cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A pesquisa segura evita os sites perigosos nos resultados da pesquisa.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Gostaria de adicionar a pesquisa segura e se antecipar aos criminosos?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Sim, adicionar a pesquisa segura ao meu navegador e alterar minha pesquisa padr.o para {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7070
                                                                                                                                                                                                                                                  Entropy (8bit):5.350688488062668
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:Chka9ILBeycgfmtmud0l9zEYmud0lkVHed0g574:ChknLBeycgmtm5PmqHyp4
                                                                                                                                                                                                                                                  MD5:EEC4B6D886DE48F8CEDBE2134608DED6
                                                                                                                                                                                                                                                  SHA1:B5FE71415CC592DDBC5677CE9ED5B46A05E51F10
                                                                                                                                                                                                                                                  SHA-256:A395B4E3C670AC26E9F30E9C7049B1F95CC7FD7F2B39107F12A25905F49C9156
                                                                                                                                                                                                                                                  SHA-512:0E83BEDCBF341E854E130738482E20E0F24FAE78FAF51572D7C1E3A65467C3ADB8957BB4048F83C5A397C2A4A1F25B461C6CCC0A7170076F7DE97D2986FDD185
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "A pesquisa segura est. desativada . tenha cuidado",.. SEARCH_TOAST_SUB_HEADING: "A pesquisa segura ajuda-o a evitar os sites perigosos nos seus resultados de pesquisa.",.. SEARCH_TOAST_BODY_TEXT: "Pretende evitar os utilizadores mal intencionados com a prote..o de pesquisa adicional?",.. SEARCH_TOAST_OPTION: "Sim, ativar a pesquisa segura ap.s reiniciar o meu browser.",.. SEARCH_TOAST_DONE: "Conclu.do",.. SEARCH_TOAST_HEADING_COMPLIANT: "N.o tem a pesquisa segura, tenha cuidado",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "A pesquisa segura ajuda-o a evitar os sites perigosos nos seus resultados de pesquisa.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Pretende adicionar a pesquisa segura e antecipar-se aos malfeitores?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Sim, adicionar a pesquisa segura ao meu browser e alterar a minha pesquisa predefinida para {0}.", // {0} SEARCH_TOAST_*.. SEARC

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (309), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):10279
                                                                                                                                                                                                                                                  Entropy (8bit):5.11634369696361
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CDxFR6OsBNVZPV/y/Vm1R1ut52Gu5U0DLTDGgr:CDxFR9I1yI1R1utQGuV5r
                                                                                                                                                                                                                                                  MD5:2FE2D77FB1486F5A98D1281E4C28EF3C
                                                                                                                                                                                                                                                  SHA1:DA6D04DB3CD1874A042ACFA757951E49ED59FBDC
                                                                                                                                                                                                                                                  SHA-256:CB10D707EEC7340AAB7BE8C01E6AD67C0E6695EBB896337C840D66CF8D969866
                                                                                                                                                                                                                                                  SHA-512:25F0984538E03F0A4B2270F868387F2DBDE7AABE83D775197A0C38B87CE3F6E103EC6F7D8F050EFB716812AB3414FE7E56B768E12F4FA43EB2F96CEFC12F4B44
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: ".......... ..... ......... ...... .........!",.. SEARCH_TOAST_SUB_HEADING: ".......... ..... .. ........ ... ........ .............. ....., .............. . ........... .......",.. SEARCH_TOAST_BODY_TEXT: "...... .......... .. ............... ... ...... .............. ...... ......?",.. SEARCH_TOAST_OPTION: ".., ........ .......... ..... ..... ........... .........",.. SEARCH_TOAST_DONE: "......",.. SEARCH_TOAST_HEADING_COMPLIANT: "...... ........., .. ... .. ........... .......... .....",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".......... ..... .. ........ ... ..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7406
                                                                                                                                                                                                                                                  Entropy (8bit):5.691254735980649
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:CgGE6x3pVIczmqoU5t9gga9BC9ge4rShIA:CgGE6vH6XU5t9gga9BC9grSOA
                                                                                                                                                                                                                                                  MD5:6F7188EA8CE4375C51E7251A12201A47
                                                                                                                                                                                                                                                  SHA1:0FDFFCD3489694047A46AD3A467E70E53B1CB397
                                                                                                                                                                                                                                                  SHA-256:9786BCA0EEADC7F3D70CA76AB4DB2AB1F6B7C2FDAB60BAE612F8CBBC47C84E19
                                                                                                                                                                                                                                                  SHA-512:E395C147BED5B33CC4350800072263B2836D36C6D63E319DCC708BE3FE706E5FC447F8FD8D5E7199DB5C37336E933A258F0B6ECBEA917F1EF5330C8E036360C7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Zabezpe.en. vyh.ad.vanie je vypnut. . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT: "Chcete ma. n.skok pred .to.n.kmi v.aka dodato.nej ochrane pri vyh.ad.van.?",.. SEARCH_TOAST_OPTION: ".no, po re.tartovan. prehliada.a zapn.. slu.bu Zabezpe.en. vyh.ad.vanie.",.. SEARCH_TOAST_DONE: "Hotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nem.te zabezpe.en. vyh.ad.vanie . d.vajte si pozor",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Zabezpe.en. vyh.ad.vanie v.s chr.ni pred nebezpe.n.mi lokalitami vo v.sledkoch vyh.ad.vania.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Chcete prida. zabezpe.en. vyh.ad.vanie a.zachova. si ochranu pred mo.n.mi .to.n.kmi?",.. SEARCH_TOAST_OPTION_COMPLIANT: ".no, prida. zabezpe.en.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6881
                                                                                                                                                                                                                                                  Entropy (8bit):5.510612055221693
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CDvPQbt+oOuDdY9XXHci4ERt9UFE+fa9f+i9UFED9FV77GewuWZv9YT:Cj8at9UF89/9UF+TWZv9YT
                                                                                                                                                                                                                                                  MD5:6459534816ED650A420B9254E5649E36
                                                                                                                                                                                                                                                  SHA1:4BBFFC0B8AF32BEF18B5DCB96FD82B20188F1BCB
                                                                                                                                                                                                                                                  SHA-256:20EB698CD0196E3D7E30C3AD414229493D37DD56789106325624FBF04D809593
                                                                                                                                                                                                                                                  SHA-512:81828BF50F54DA2F064973C2C7EB1606B8F8016943B0DFE563266F4BBC8456C343DB5E3E281D87AD55F195CA94B0D052C91ABAF3DEC7A68977BA1C7528B84462
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "Bezbedna pretraga je isklju.ena . budite pa.ljivi",.. SEARCH_TOAST_SUB_HEADING: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT: ".elite da budete u prednosti u odnosu na .lo.e momke. uz dodatnu za.titu za pretragu?",.. SEARCH_TOAST_OPTION: "Da, uklju.i bezbednu pretragu nakon .to ponovo pokrenem pregleda..",.. SEARCH_TOAST_DONE: "Gotovo",.. SEARCH_TOAST_HEADING_COMPLIANT: "Nemate bezbedna pretraga - budite oprezni",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "Bezbedna pretraga vas .titi od rizi.nih lokacija u rezultatima pretrage.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".elite li dodati bezbedna pretraga i ostanite napred?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Da, dodajte bezbedna pretraga u moj pregleda. i promenite podrazumevanu pretragu na {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENG

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6625
                                                                                                                                                                                                                                                  Entropy (8bit):5.4895771448474635
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CPWmMbkZdHSzoz9jp2rqntY25Sfs99FGlTuBLz704oH30wB9:CwbkOEtJ5SfsTzpEkwv
                                                                                                                                                                                                                                                  MD5:9B3885CC66E9F52395E7D752E5CDF4F8
                                                                                                                                                                                                                                                  SHA1:56A2B17274B399BD7F65DDF62931C50A70486612
                                                                                                                                                                                                                                                  SHA-256:670DBF1CA1F3688472131452AB02A61AE9AFD1107042A8986EE95B96F4405F6E
                                                                                                                                                                                                                                                  SHA-512:81FEBEFC5781869B3A4280D0A9BF823585FE06E7197868690E25F82EA36C9462E8B8DA153B0BDF89B0C16199634CFD7C4E7F44F3EB9193DA9E09701C614EBD85
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "S.ker s.kning .r avst.ngd . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT: "Vill du vara steget f.re skurkarna med extra s.kskydd?",.. SEARCH_TOAST_OPTION: "Ja, aktivera s.ker s.kning n.r jag har startat om webbl.saren.",.. SEARCH_TOAST_DONE: "Klart",.. SEARCH_TOAST_HEADING_COMPLIANT: "Du har inte s.ker s.kning . var f.rsiktig",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "S.ker s.kning h.ller dig borta fr.n riskabla webbplatser i s.kresultaten.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "Vill du l.gga till s.ker s.kning f.r att h.lla dig steget f.re skurkarna?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Ja, l.gg till s.ker s.kning till webbl.saren och .ndra standards.kningen till {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHO

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6975
                                                                                                                                                                                                                                                  Entropy (8bit):5.5449330549000395
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CcHgbQsEEkAWex0JFMRhtSgyLyowlSgB9FerI7ur22yp98j8:Ci6hMJF6t1yLyt13wrnr9yp9m8
                                                                                                                                                                                                                                                  MD5:4A289029B90E0136FB8D25F9F1DC06CC
                                                                                                                                                                                                                                                  SHA1:5CE0FD01CAB5768B3D7BF3EE4E7D626DAE875920
                                                                                                                                                                                                                                                  SHA-256:BB990556BF0E9F031E5F9F7B9B9D8D43AC6CAEE35E469743F6523D624BD28D3B
                                                                                                                                                                                                                                                  SHA-512:D40CB7BCAEBCEDDD966C01CBDF72E17726F4A3B75097FB5244E8CB0BE30F83ABCEA716E0F85105731EF11BCCCDFADB6122E9E276CE64FA41DDA91ED5F40B21E0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "G.venli Arama kapal., dikkatli olun",.. SEARCH_TOAST_SUB_HEADING: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT: "Ek arama korumas. ile k.t. adamlar.n bir ad.m .n.nde olmak ister misiniz?",.. SEARCH_TOAST_OPTION: "Evet, taray.c.m. yeniden ba.latt.ktan sonra G.venli Arama'y. a..",.. SEARCH_TOAST_DONE: "Bitti",.. SEARCH_TOAST_HEADING_COMPLIANT: "G.venli Arama'ya sahip de.ilsiniz, dikkatli olun",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "G.venli Arama, sizi arama sonu.lar.n.zdaki riskli sitelerden uzak tutar.",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: "G.venli Arama'y. ekleyerek k.t. niyetli ki.ilerden uzak durmak ister misiniz?",.. SEARCH_TOAST_OPTION_COMPLIANT: "Evet, G.venli Arama'y. taray.c.ma ekle ve varsay.lan aramam. {0} olarak de.i.tir.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing"

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6330
                                                                                                                                                                                                                                                  Entropy (8bit):6.348346363907773
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CUk5RhhRDj8mxeX+lE8D9VkbXtK6XKS9FgXap7B0CCm:Ch/LxeXqEsGtBX/Dp9LCm
                                                                                                                                                                                                                                                  MD5:AE61DE2CF0CAF5BEB18022515E8868E9
                                                                                                                                                                                                                                                  SHA1:66DF21F7EEF504F4E2AA75AC466A1A41286A88B3
                                                                                                                                                                                                                                                  SHA-256:D299B49CE26A7A26C20F42B7C4F7383B5B43AD840134C72A84AB88DB5010D341
                                                                                                                                                                                                                                                  SHA-512:396DB989C5461F910C4F6E6AD82FB72C78648B124D3E3E3765DF5CBD8B8CED2129C56301AD6818660B3A140787E2A71C2671D5775657BFE1DDE4BC8EE1EEF4A6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "....",.. SEARCH_TOAST_HEADING: "....... . .....",.. SEARCH_TOAST_SUB_HEADING: ".....................",.. SEARCH_TOAST_BODY_TEXT: ".......................?",.. SEARCH_TOAST_OPTION: "................",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: "......... . .....",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: "......................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".......................?",.. SEARCH_TOAST_OPTION_COMPLIANT: ".......................... {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex",

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6347
                                                                                                                                                                                                                                                  Entropy (8bit):6.335104550023616
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:CGhla0tPlgm6w6KdmnPZ1cSDGFtMDjNOWMDjB9FEKrYimnP:Ci7dgtOfSStMPNOWMP3wimnP
                                                                                                                                                                                                                                                  MD5:EA17AFF0064CF31DE59D47A1F24A37A7
                                                                                                                                                                                                                                                  SHA1:5B2A410C65B26F2181F37F01DC2337355765FF6C
                                                                                                                                                                                                                                                  SHA-256:C8CA9C6C95C85ADA603FDBC487080097DBFBC7523E8A0B1953281068CE8B33C9
                                                                                                                                                                                                                                                  SHA-512:5A95F4C078B4903E57A7D52EAEBA581450F2162BC36C0289A3BB022702147818FABA9AB59AC0008588428ED8929CD6D2E529FF23E54787ADEFDFAAB18F2F6BA0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. SEARCH_TOAST_PRODUCT_NAME: "WebAdvisor",.. SEARCH_TOAST_HEADING: "....... . ...",.. SEARCH_TOAST_SUB_HEADING: ".......................",.. SEARCH_TOAST_BODY_TEXT: "........................",.. SEARCH_TOAST_OPTION: "...................",.. SEARCH_TOAST_DONE: "..",.. SEARCH_TOAST_HEADING_COMPLIANT: "....... . ...",.. SEARCH_TOAST_SUB_HEADING_COMPLIANT: ".......................",.. SEARCH_TOAST_BODY_TEXT_COMPLIANT: ".......................",.. SEARCH_TOAST_OPTION_COMPLIANT: "........................... {0}.", // {0} SEARCH_TOAST_*.. SEARCH_ENGINE_BING: "Bing",.. SEARCH_ENGINE_YAHOO: "Yahoo",.. SEARCH_ENGINE_YANDEX: "Yandex

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2562
                                                                                                                                                                                                                                                  Entropy (8bit):5.6867899274612075
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UjbcgNu0dSJUGlJ6qfveziXpAlJ2bRQmC3ptQfMmIm42wudadOlOfm92Nokzzj:UjbcgNurGGlJRemXalKRQmgpt4MmImi/
                                                                                                                                                                                                                                                  MD5:B5C9547A3C4AE6189F5DD6D5B9C75131
                                                                                                                                                                                                                                                  SHA1:C0BC16C9930BFD2E7CDCD821D45B903C385A1870
                                                                                                                                                                                                                                                  SHA-256:1ACF7F0D31819CEDA9A4042F645EA99E69983DE1F482ABF101BA296DF68C1FB2
                                                                                                                                                                                                                                                  SHA-512:6C12A308B2E7949F5CF67477B1C061223520CDDAA43C25FE78221786CAFB7AFB7A9F990B420BE6B4BF5D74C56CF37D592CE078B3C95623683628EE8E68CE021E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "V odinstalaci nelze pokra.ovat, dokud nebudou zav.ena v.echna okna prohl..e.e.<br/>Kliknut.m na tla..tko OK automaticky zav.ete v.echna okna prohl..e.e. Kliknut.m na tla..tko Zru.it tuto akci zru..te.",.. ADMIN_WARNING: "Aplikaci {0} nebylo mo.n. odinstalovat, proto.e jste k po..ta.i p.ihl..eni jako u.ivatel s omezen.mi opr.vn.n.mi. P.ihlaste se jako spr.vce syst.mu Windows a zkuste to znovu.",.. KEEP_FREE_PROTECTION: "Ponechat funkci Ochrana p.i proch.zen. internetu",.. NO_THANKS_UNINSTALL: "Ne, d.kuji. Chci ji odinstalovat",.. CANCEL: "Zru.it",.. NO_THANKS: "Ne, d.kuji",.. SURE: "Samoz.ejm.",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Odinstalace aplikace {0} prob.hla .sp..n..",.. SURVEY_OFFER: "R.di bychom znali v.. n.zor. Pora.te n.m, jak m..eme tento produkt je.t. vylep.it.",.. SORRY_TO_GO: "Je n.m l.to, .e jste si aplikaci nenechali.",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2321
                                                                                                                                                                                                                                                  Entropy (8bit):5.407870308134455
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:U9XpCmXa0Roqce7Coh4C3zOur+BYHexiAWFY502OUhMYI5Lp6+ZaKJq4U3rZ:U9XpbXaUz3x+BYWivW0uinhEaq4U3rZ
                                                                                                                                                                                                                                                  MD5:C371F5545BC075A3AEAC14CAB178118C
                                                                                                                                                                                                                                                  SHA1:57B39EAB60847B41A6910ADEC0F266EA0B611B7B
                                                                                                                                                                                                                                                  SHA-256:D609D64279C59F8976638FBA48586929220FBD7A40DBF6B7BC489CE3C224887E
                                                                                                                                                                                                                                                  SHA-512:3754B922D59C608A1430FA893825BCF52C25541306056134BD710C6703EA6B583D1B06D0F73493EEDF580A79F605E8B643E378E4E065E0D8C51D964512BF3345
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Lukke alle browservinduer for at forts.tte med at afinstallere softwaren.<br/>Tryk p. OK for at lukke alle browservinduer automatisk eller p. Annuller for at afbryde.",.. ADMIN_WARNING: "Du kan ikke afinstallere {0}, da du er logget p. computeren som begr.nset bruger. Log p. som Windows-administrator, og pr.v igen.",.. KEEP_FREE_PROTECTION: "Behold webbeskyttelsen",.. NO_THANKS_UNINSTALL: "Nej tak, afinstaller den bare",.. CANCEL: "Annuller",.. NO_THANKS: "Nej tak",.. SURE: "Selvf.lgelig",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Afinstallationen af {0} er f.rdig.",.. SURVEY_OFFER: "Vi vil gerne h.re din mening. Hvordan kan vi efter din mening g.re dette produkt endnu bedre?",.. SORRY_TO_GO: "Vi er kede af, at du forlader os.",.. UNINSTALLING: "Softwaren afinstalleres ...",.. START_HEADER: "Vent! Vil vil savne dig, hvis du afinstallerer",.. START_SUB_HEADER: "Og du vil ogs. savne all

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2527
                                                                                                                                                                                                                                                  Entropy (8bit):5.381960990709301
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UYDdXJ6UXJbcC87UQT9zw/eCJlgf0IyYuYL16OhrHAoKKmJvDkoxmTZ:UydXTXOs6fIYXLhgokkoxuZ
                                                                                                                                                                                                                                                  MD5:33CAFE027F0B8C32E685AD92EB28BDF2
                                                                                                                                                                                                                                                  SHA1:C60DDE3B88B174E76A4F4589C33EA7DF7072B8A9
                                                                                                                                                                                                                                                  SHA-256:F3E0D5494866421A6F2B6D5C0BC7AC6073DB7281EEFE3A5DD61F4698E881CA9E
                                                                                                                                                                                                                                                  SHA-512:93301A34B8F063B99EF5CD41562C7324A1DB5AFF75DE056E6589831B1AC5D80FCC6DDB117B218FC3B4695BB63FD986C1C9CE1FF8B974A5721AD21C35AC50874F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Die Deinstallation kann erst fortgesetzt werden, nachdem alle Browser-Fenster geschlossen wurden.<br/>Klicken Sie auf 'OK', um alle Browser-Fenster automatisch zu schlie.en, oder klicken Sie zum Beenden auf 'Abbrechen'.",.. ADMIN_WARNING: "Sie k.nnen {0} nicht deinstallieren, da Sie bei Ihrem Computer als Benutzer mit eingeschr.nkten Rechten angemeldet sind. Melden Sie sich als Windows-Administrator an, und versuchen Sie es erneut.",.. KEEP_FREE_PROTECTION: "Web-Schutz behalten",.. NO_THANKS_UNINSTALL: "Nein danke, bitte deinstallieren",.. CANCEL: "Abbrechen",.. NO_THANKS: "Nein danke",.. SURE: "Sicher",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Die Deinstallation von {0} wurde erfolgreich beendet.",.. SURVEY_OFFER: "Wir freuen uns, von Ihnen zu h.ren. K.nnen Sie uns mitteilen, wie wir dieses Produkt noch verbessern k.nnen?",.. SORRY_TO_GO: "Schade, dass Sie unser Produkt nicht mehr verwenden m.cht

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4045
                                                                                                                                                                                                                                                  Entropy (8bit):5.018197822286349
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:U4iYsFeBkg78VLgPHKM6V6WaLq/tit7lO7e5mS:U4iiam8hgPj6V6W0q/titcAmS
                                                                                                                                                                                                                                                  MD5:F970CF47D49A33B1084B4379460D1768
                                                                                                                                                                                                                                                  SHA1:072469DF0FA582F0ACF64D71D5E0F1FF56EC46A1
                                                                                                                                                                                                                                                  SHA-256:A4805243E0A4DEB70F7C97EAAF6BCD974539727EECDDD8BBE16E010FDC3C63B6
                                                                                                                                                                                                                                                  SHA-512:318B3C4EC8A21EBE396B49E6946F9A94D515186D928BF6F4319FEB6523E99881DC383D6C8A97C564117661EBB164C5B1B55BA708BE679BA9E5E75488B80DA867
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ". ......... ............ ... ...... .. .......... .. ... ........ ... .. ........ ... ............ ...........<br/>....... OK ... .. ........ ........ ... .. ........ ... ............ .......... . ....... ....... ... .........",.. ADMIN_WARNING: "... ........ .. ........... ... ........... ... {0} ..... ..... ........ .... .......... ... .. ....... .. ............ ........... .......... .. ............ ... Windows ... ......... .....",.. KEEP_FREE_PROTECTION: "......... ... .......... Web",.. NO_THANKS_UNINSTALL: "... ........., ..... ..........

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2170
                                                                                                                                                                                                                                                  Entropy (8bit):5.38971409651161
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UawX1F1LVSHccWK2aFe3ymc9oqTLvmLtwbvORLxeMZi:UxXfhQpe3ymco0uLtRLxeV
                                                                                                                                                                                                                                                  MD5:46F2DBFC9B7B6AB39B2A9E699C70C32B
                                                                                                                                                                                                                                                  SHA1:4EEF9802DF5A0D59062D469C1B384085406A264D
                                                                                                                                                                                                                                                  SHA-256:7165D76B5BC7B5F1CD09D9F9A7A636591F80278E583F856D1925DB98D926BE97
                                                                                                                                                                                                                                                  SHA-512:3AF47B81AF6C0A1F20D4EDE2CFCEF57AAAB81D6EA3CF5C92560E205831A3052121C8AEA7D7BB20CFAE471BF0B1DB8D53F8A3E7E42BDE2218EE38BF2A63CD445A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Uninstallation cannot continue unless all browser windows are closed.<br/>Press Ok to automatically close all browser windows, or Cancel to abort.",.. ADMIN_WARNING: "You can't uninstall {0} because you're logged in to your computer as a Limited User. Please log in as a Windows Administrator, and try again.",.. KEEP_FREE_PROTECTION: "Keep web protection",.. NO_THANKS_UNINSTALL: "No thanks, just uninstall it",.. CANCEL: "Cancel",.. NO_THANKS: "No thanks",.. SURE: "Sure",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "You've successfully uninstalled {0}.",.. SURVEY_OFFER: "We want to hear from you. Can you share your thoughts on how to make this product even better?",.. SORRY_TO_GO: "We're sorry to see you go.",.. UNINSTALLING: "Uninstalling your software now...",.. START_HEADER: "Wait! If you uninstall, we'll miss you",.. START_SUB_HEADER: "And you'll miss all the good we do, like:",.. WE_SCANNED: "

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2342
                                                                                                                                                                                                                                                  Entropy (8bit):5.374289352079449
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Uop2w+XfxK626IEkLmHVR9zgD/1jBv2a82Vj6Aux9M8KBkVSl9:UzwqfxnjVgjvv24KxS+S
                                                                                                                                                                                                                                                  MD5:A66DBF3C4949571B37A77F05F100C0F7
                                                                                                                                                                                                                                                  SHA1:43406EBCB86BC36C633724DC5DE5BBDC6918FDEF
                                                                                                                                                                                                                                                  SHA-256:EF4C6A1511D42DD9867E1CE601253DDBB1FCB1D04722280463C081469F870551
                                                                                                                                                                                                                                                  SHA-512:9679B864D11BA61B76811FEC59EAC20B54BD0B5D7432E1BD338EFE8A0E42CA1B6AD3D312930A92FA306CB6AF79E306EC8525FCE9C6A04FB1B54E9C593C94D3B2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La desinstalaci.n no puede continuar a menos que cierre todas las ventanas del navegador.<br/>Pulse Aceptar para cerrar autom.ticamente todas las ventanas del navegador o Cancelar para anular el proceso.",.. ADMIN_WARNING: "No puede desinstalar {0} porque ha iniciado sesi.n en su equipo como usuario limitado. Inicie sesi.n como administrador de Windows y vuelva a intentarlo.",.. KEEP_FREE_PROTECTION: "Mantener protecci.n web",.. NO_THANKS_UNINSTALL: "No, desinstalar",.. CANCEL: "Cancelar",.. NO_THANKS: "No, gracias",.. SURE: "Claro",.. OK: "Aceptar",.. SUCCESSFULLY_UNINSTALLED: "Ha desinstalado {0} correctamente.",.. SURVEY_OFFER: "Queremos saber su opini.n. .Puede compartir sus ideas sobre c.mo mejorar este producto?",.. SORRY_TO_GO: "Sentimos que deje de utilizar el producto.",.. UNINSTALLING: "Desinstalando el software...",.. START_HEADER: "Espere. Si desinstala, le echaremos de menos",.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2389
                                                                                                                                                                                                                                                  Entropy (8bit):5.387010405651874
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Uo72wwXfxjn6v6IEkLX/wrN9gZ0o/0BjBfjTz2VhSZ6c9VTC0CYFmz:U/wUfxnIwancfjTpVTC0nM
                                                                                                                                                                                                                                                  MD5:3DA3C95538F7A23292CF788F7465E614
                                                                                                                                                                                                                                                  SHA1:434A56E8BDFBD30163D145FA5FBF5F34EA22C20E
                                                                                                                                                                                                                                                  SHA-256:EBF68D216085C88D331811DB6E08F90E9FB06B0AFA55FFE3D29C800DDFDE0239
                                                                                                                                                                                                                                                  SHA-512:9217E2EADFC530E2FB87DE9854786CE02C287EE219B4AA55EF830C14EF9A18648230AFDC8031E60AC8D82BE92078921B54966D1830831132B3976C41989BC37D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La desinstalaci.n no puede continuar a menos que cierre todas las ventanas del navegador.<br/>Presione Aceptar para cerrar autom.ticamente todas las ventanas del navegador o Cancelar para interrumpir el proceso.",.. ADMIN_WARNING: "No puede desinstalar {0} porque ha iniciado sesi.n en su equipo como usuario limitado. Inicie sesi.n como administrador de Windows y vuelva a intentarlo.",.. KEEP_FREE_PROTECTION: "Conservar protecci.n web",.. NO_THANKS_UNINSTALL: "No, gracias, desinstalarlo",.. CANCEL: "Cancelar",.. NO_THANKS: "No, gracias",.. SURE: "Claro",.. OK: "Aceptar",.. SUCCESSFULLY_UNINSTALLED: "Ha desinstalado {0} correctamente.",.. SURVEY_OFFER: "Queremos saber su opini.n. .Puede compartir sus ideas sobre c.mo mejorar este producto?",.. SORRY_TO_GO: "Sentimos que deje de usar el producto.",.. UNINSTALLING: "Desinstalando el software.",.. START_HEADER: ".Espere! Si desinstala, lo ext

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2389
                                                                                                                                                                                                                                                  Entropy (8bit):5.3518634805529
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UrCot/9DbtMfbzwx1kF08hjltMEwTZVyY+vRVZY2f3gvai1Ov9:UrHmMx2BJt8TDmRVzIk
                                                                                                                                                                                                                                                  MD5:F9554E08115C89B08EC634A0F4EB6E0D
                                                                                                                                                                                                                                                  SHA1:33B111AC223505DC75E580E82CBF006C78E0244D
                                                                                                                                                                                                                                                  SHA-256:1ED3D4E0D8FBC95F48C02FF389584ACEB8A3E37C48F7EF6356EC8CE671461422
                                                                                                                                                                                                                                                  SHA-512:5A9F24D05F551750F4E757047CA196070027E970197887608EE7127AF2FC5C8F8CF9DE3C0E24482FD07BCF885C749E4A2C41CBAD5D5C8FE13D767B149C0397F7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Asennuksen poistamista ei voi jatkaa, jos kaikkia selainikkunoita ei suljeta.<br/>Sulje kaikki selainikkunat automaattisesti valitsemalla OK tai keskeyt. valitsemalla Peruuta.",.. ADMIN_WARNING: "Et pysty poistamaan sovelluksen {0} asennusta, sill. olet kirjautunut tietokoneeseen k.ytt.j.n., jolla on rajoitetut oikeudet. Kirjaudu Windowsin j.rjestelm.nvalvojana ja yrit. uudelleen.",.. KEEP_FREE_PROTECTION: "Jatka verkkosuojauksen k.ytt...",.. NO_THANKS_UNINSTALL: "Ei, kiitos. Poista asennus.",.. CANCEL: "Peruuta",.. NO_THANKS: "Ei kiitos",.. SURE: "OK",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} on poistettu.",.. SURVEY_OFFER: "Kuulisimme mielell.mme sinulta palautetta. Haluatko kertoa meille, miten voisimme tehd. tuotteesta viel. paremman?",.. SORRY_TO_GO: "Ik.v.., ett. et halua jatkaa tuotteen k.ytt...",.. UNINSTALLING: "Poistetaan ohjelmiston asennusta.",.. START_HEADER

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2674
                                                                                                                                                                                                                                                  Entropy (8bit):5.370515207845727
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UZbbplCgKbHGou9Uz0NHKVfNV7jUtmjV0fkJmTMOo8MXIHe5QXZhrgKHqeTsO:URbpEhDvVF5jUqckJXBIHe5scqqeTv
                                                                                                                                                                                                                                                  MD5:1907F5229E4B8C09A7C3716EE531CDB4
                                                                                                                                                                                                                                                  SHA1:933C89C28E04FF63969D6A3F137D2B43C84B2932
                                                                                                                                                                                                                                                  SHA-256:22D276421691E4D7D2D27CA2697420902CF1DFF2E8B50D8D409C92B0821ABBB4
                                                                                                                                                                                                                                                  SHA-512:4BB791A0671DC7663E7287B57558721C829618AC70F761D00B79BC992212B219649C1D1D5475F1113E74C3E28C661CB25B8E91E2E939D06336E3E9D1ED77A3C6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "La d.sinstallation ne peut pas se poursuivre sans avoir ferm. toutes les fen.tres du navigateur.<br/>Cliquez sur OK pour fermer automatiquement toutes les fen.tres du navigateur, ou sur Annuler pour abandonner.",.. ADMIN_WARNING: "Vous ne pouvez pas d.sinstaller {0}, car vous .tes connect. en tant qu'utilisateur disposant d'un acc.s restreint. Veuillez vous connecter en tant qu'administrateur Windows, puis essayez de nouveau.",.. KEEP_FREE_PROTECTION: "Garder la protection Web",.. NO_THANKS_UNINSTALL: "Non merci, d.sinstallez-la",.. CANCEL: "Annuler",.. NO_THANKS: "Non merci",.. SURE: "Bien s.r!",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Vous avez correctement d.sinstall. {0}.",.. SURVEY_OFFER: "Nous souhaitons conna.tre votre opinion. Seriez-vous dispos. . nous dire comment nous pourrions am.liorer ce produit?",.. SORRY_TO_GO: "Nous sommes d.sol.s que vous nous quittiez.",.. UNINSTA

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2626
                                                                                                                                                                                                                                                  Entropy (8bit):5.398923340868169
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UT3FlNKBwOdm79zoIuKntX3OPwnIeruBTCtnSo8sprasnmNz+f:UTVfsEtX+iIeq8XUsmNz+f
                                                                                                                                                                                                                                                  MD5:DE01057169269BDE1CEDB411BE89DC66
                                                                                                                                                                                                                                                  SHA1:4DCE5734177EC07EB100B875E54FA6508A590ABC
                                                                                                                                                                                                                                                  SHA-256:78D07B024DDB4F7ED57F48A39FB0B933814F65E6842516F9851490EBD18242C2
                                                                                                                                                                                                                                                  SHA-512:000B5F1B7C4988DC27610159B1FA245BF1D63DF245F2D4331EEC0B57226457C68D5182E7CEEF4823953DD1C2B85E1A6C76B8C21A2E1014162569D023E897DE59
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Impossible de poursuivre la d.sinstallation tant que toutes les fen.tres du navigateur ne sont pas ferm.es.<br/>Cliquez sur OK pour fermer automatiquement toutes les fen.tres du navigateur ou sur Annuler pour interrompre l'op.ration.",.. ADMIN_WARNING: "Vous ne pouvez pas d.sinstaller {0}, car vous .tes connect. en tant qu'utilisateur limit. sur votre ordinateur. Connectez-vous en tant qu'administrateur Windows et recommencez.",.. KEEP_FREE_PROTECTION: "Conserver la protection web",.. NO_THANKS_UNINSTALL: "Non merci, proc.der . la d.sinstallation",.. CANCEL: "Annuler",.. NO_THANKS: "Non, merci",.. SURE: "Bien s.r",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Vous avez d.sinstall. {0}.",.. SURVEY_OFFER: "Nous serions ravis de conna.tre votre opinion. Si vous avez des id.es pour am.liorer ce produit, n'h.sitez pas . nous en faire part.",.. SORRY_TO_GO: "Nous sommes d.sol.s de vous voir p

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2390
                                                                                                                                                                                                                                                  Entropy (8bit):5.44504076457636
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:U4qRJGbmxWQuD28CEnxSP+vuR4S0OaysKXXFrQ7zy5I:UxiRNC83kPEu30uRWPmI
                                                                                                                                                                                                                                                  MD5:F50611583168626FCD098F95E000A6B7
                                                                                                                                                                                                                                                  SHA1:9C4F81D6036D9309C7A126F3FAAF0460C75658AA
                                                                                                                                                                                                                                                  SHA-256:E4B242AC00B9FD3BB9FAD9AFA140A03B87D3561D12F047C98736178BCB4174C2
                                                                                                                                                                                                                                                  SHA-512:08CF92AE8D5FDCE90F296F15EC7F405275E8E1340652B515532B2F406AFBE0D2EF86C9B101FA49A55B70549571785FF4939775AA1E537097E6EA24C49725BF97
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Deinstalaciju nije mogu.e nastaviti ako svi prozori preglednika nisu zatvoreni.<br/>Kliknite na U redu da biste automatski zatvorili sve prozore preglednika ili Odustani da biste prekinuli proces.",.. ADMIN_WARNING: "Ne mo.ete deinstalirati {0} jer ste na ra.unalo prijavljeni kao korisnik s ograni.enim ovlastima. Prijavite se kao administrator sustava Windows i poku.ajte ponovno.",.. KEEP_FREE_PROTECTION: "Zadr.i za.titu na webu",.. NO_THANKS_UNINSTALL: "Ne, hvala, samo je deinstaliraj",.. CANCEL: "Odustani",.. NO_THANKS: "Ne, hvala",.. SURE: "Naravno",.. OK: "U redu",.. SUCCESSFULLY_UNINSTALLED: "Uspje.no ste deinstalirali {0}.",.. SURVEY_OFFER: ".elimo .uti va.e mi.ljenje. .elite li podijeliti s nama svoje ideje za pobolj.anje ovog proizvoda?",.. SORRY_TO_GO: ".ao nam je .to vi.e ne.ete biti na. korisnik.",.. UNINSTALLING: "Deinstaliramo va. softver sada...",.. START_HEADER: "

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2561
                                                                                                                                                                                                                                                  Entropy (8bit):5.595928399408576
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ud/4sBMK+ZvbkFzo5lQiw9Azz8eFRHJev0Dq4aVv/tYr8wlE:Ud/PBMKN6lu9aVFR4e2lFYr8wlE
                                                                                                                                                                                                                                                  MD5:84F9AA20F6323ECEC5FA9B5EA8A9585A
                                                                                                                                                                                                                                                  SHA1:3D6E310B88843329CEBDA20BDFECB7AA7973C95D
                                                                                                                                                                                                                                                  SHA-256:966CEB24ABDD99AA360D683C84BED10CE523D9F71674E58D7EEB5C4EACB79CED
                                                                                                                                                                                                                                                  SHA-512:A22FC3109FBF10A4D1A5E0B6667DE4A33764CFA70923BE68615532F8BBCAB1D4935D5B1D0234AC13191419DDF10764E85701FF87DDFF2E059A13E7D15DBB3F6D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Az elt.vol.t.s csak az .sszes b.ng.sz.ablak bez.r.sa ut.n folytathat..<br/>Az OK gombot megnyomva automatikusan bez.rhatja az ablakokat, a M.gse gombbal pedig megszak.thatja a m.veletet.",.. ADMIN_WARNING: "A(z) {0} szoftver elt.vol.t.sa nem lehets.ges, mivel a sz.m.t.g.pre korl.tozott hozz.f.r.s. felhaszn.l.k.nt jelentkezett be. L.pjen be Windows-rendszergazdak.nt, majd pr.b.lja .jra.",.. KEEP_FREE_PROTECTION: "Webes v.delem meg.rz.se",.. NO_THANKS_UNINSTALL: "Nem, egyszer.en t.vol.tsa el",.. CANCEL: "M.gse",.. NO_THANKS: "K.sz.n.m, nem",.. SURE: "Rendben",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Megt.rt.nt a(z) {0} elt.vol.t.sa.",.. SURVEY_OFFER: "Sokra .rt.keln.nk a v.lem.ny.t. Megosztan. vel.nk, hogy v.lem.nye szerint hogyan tehetn.nk m.g jobb. ezt a term.ket?",.. SORRY_TO_GO: "Sajn.ljuk, hogy nem tart ig.nyt a szolg.ltat.sra.",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2426
                                                                                                                                                                                                                                                  Entropy (8bit):5.330203387186763
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UUKu3r7X85X6/5Ouzl676xLqVDSdEfCXqYQ0d0ddfbOf5F:UDE/M5puk68VDcEK7vSdSxF
                                                                                                                                                                                                                                                  MD5:E24D4C1F4903ECD3773373995AA3F80D
                                                                                                                                                                                                                                                  SHA1:397F8056BB476BFE272F1CECB607E2518F132114
                                                                                                                                                                                                                                                  SHA-256:4026AA1727001F5E178F82C61D038FD577458D973057833F3C461B5996D0FB6A
                                                                                                                                                                                                                                                  SHA-512:EF4391809EC9651F927C906F93D4B8D01EFADFCC16CDBAAD512DAD578F797993887719C8EC20655E97C7163F60B9CCC43293997B34CE924B56647E545C1CE300
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Per procedere con la disinstallazione . necessario chiudere tutte le finestre del browser.<br/>Premi OK per chiudere automaticamente tutte le finestre del browser oppure Annulla per interrompere l'installazione.",.. ADMIN_WARNING: "Impossibile disinstallare {0} in quanto l'accesso al computer . stato effettuato come utente con restrizioni. Accedi come amministratore di Windows e riprova.",.. KEEP_FREE_PROTECTION: "Mantieni la protezione Web",.. NO_THANKS_UNINSTALL: "No grazie, disinstallala",.. CANCEL: "Annulla",.. NO_THANKS: "No, grazie",.. SURE: "Certo",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Disinstallazione di {0} riuscita.",.. SURVEY_OFFER: "Vogliamo sapere la tua opinione. Vuoi condividere la tua opinione per migliorare ancora di pi. questo prodotto?",.. SORRY_TO_GO: "Ci dispiace che tu abbia deciso di lasciarci.",.. UNINSTALLING: "Stiamo disinstallando il software...",.. START_HEADER: "

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2813
                                                                                                                                                                                                                                                  Entropy (8bit):5.7350879207820284
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UmgtjeIgCS7v06vDxzezcu5dbwaIVvOaaI9nCiGSGfKi4Z0YX+NrVd2J:UmgtjP6r3dzevdUnkbf4ANrVu
                                                                                                                                                                                                                                                  MD5:D09966922D3E2BB7825A01483211000F
                                                                                                                                                                                                                                                  SHA1:8C5C4D1A3DCA16BDCFF126299B7C3B787449E5D5
                                                                                                                                                                                                                                                  SHA-256:04A2E68B9929FD7CB806BBA560D6B3959F484847A422A17C3C0C684FB9FC3AC2
                                                                                                                                                                                                                                                  SHA-512:2A616AA8C9516A636386E7B53528FC7B65E5C0D467A380C8EA0704CF032694BF31129E40731C71983FB50318371C44BF06A87F3C211656462E46E3570DB2959C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".......................................<br/>[OK] .............. ...............................[.....] .........",.. ADMIN_WARNING: "{0} .........................................Windows ............................",.. KEEP_FREE_PROTECTION: "..........",.. NO_THANKS_UNINSTALL: "....",.. CANCEL: ".....",.. NO_THANKS: "...",.. SURE: "..",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} ..................",.. SURVEY_OFFER: "...........................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2648
                                                                                                                                                                                                                                                  Entropy (8bit):5.965466360269122
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UJfHnXcKfYWPiQrinx8fhU5aN0jFnSBra8ABYWajyqYOAl5us3aTLq9n:Upv2n0C5aejF4raNYdXAis+Lq9n
                                                                                                                                                                                                                                                  MD5:51900FE8A49914FDA1FBE1F35775FF4C
                                                                                                                                                                                                                                                  SHA1:3E5B62EE2F8252A8DA7159386015049176A84715
                                                                                                                                                                                                                                                  SHA-256:349F8BB67FD381A88379E4D36C2A03497D69FBAF12E2636164149BCD536B9A98
                                                                                                                                                                                                                                                  SHA-512:80CB766DE2522ED493CB0D9279F1B7D9C0C6E482A5BCDE8A27584042CA7BB49BE32BB8543FCF3367BE2647054DCCD7E6CAA0C1B378329B363465FD43BC34D69D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".. .... .. .. ... ... ... . .....<br/>... .. .... .. .... .. ... ... .. ... .......",.. ADMIN_WARNING: "... .... .... ..... .... {0}. ... . ..... Windows .... .... . .. .......",.. KEEP_FREE_PROTECTION: ". .. ..",.. NO_THANKS_UNINSTALL: "..., .....",.. CANCEL: "..",.. NO_THANKS: "...",.. SURE: ".",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "{0}. ..... ........",.. SURVEY_OFFER: "... .... .. ..... . ... .. ... .. ... .........?",.. SORRY_TO_GO: "... ..... .... . .. .... ......",.. UNINSTALLING: "...... .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2338
                                                                                                                                                                                                                                                  Entropy (8bit):5.396206405077309
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:U2AUYbOdeMb72i5iur+vrJBFJZG5biH7kFJqSCLUhS0TGpCaiSV5TNnH:ULkX2G+vNBFSbiHIFCAc6SPNH
                                                                                                                                                                                                                                                  MD5:D4879747D956E1916B263E98200D8135
                                                                                                                                                                                                                                                  SHA1:302BC33C8CEC22BEF418C04B4E67C45304AF3722
                                                                                                                                                                                                                                                  SHA-256:A20D5B7650772D59B347703844F9EF56191394681355B17346BEE90B99A6D9E9
                                                                                                                                                                                                                                                  SHA-512:95BB36B92D4A8FC9B04A6EDDF45255B6F9A662036A62F68BE33CD379459E695042FC884ECED1BDE92C72121400B57A5E9F9453E3589C65907827CB3026E56645
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Avinstallasjonen kan ikke fortsette f.r du har lukket alle nettleservinduer.<br/>Trykk p. OK for . lukke alle vinduene automatisk eller p. Avbryt for . avbryte.",.. ADMIN_WARNING: "Du kan ikke avinstallere {0} fordi du er logget p. datamaskinen som en Begrenset bruker. Logg p. som Windows-administrator og pr.v p. nytt.",.. KEEP_FREE_PROTECTION: "Behold webbeskyttelse",.. NO_THANKS_UNINSTALL: "Nei takk, bare avinstaller det",.. CANCEL: "Avbryt",.. NO_THANKS: "Nei takk",.. SURE: "Ja visst",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Du har avinstallert {0}.",.. SURVEY_OFFER: "Vi vil gjerne h.re fra deg. Kan du dele dine ideer om hvordan vi kan gj.re dette produktet enda bedre?",.. SORRY_TO_GO: "Det er synd at du ikke vil fortsette . bruke oss.",.. UNINSTALLING: "Vi avinstallerer programvaren n...",.. START_HEADER: "Vent! Vi vil savne deg hvis du velger . avinstallere",.. START_SUB_H

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2363
                                                                                                                                                                                                                                                  Entropy (8bit):5.330164663060023
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:URHXIzXIV2xo3lID6XgocC7h7kBzyNkIK+2L0LgSPGxetBt/XktFOFVQA3a/:UhXOXgYGi6XgAgtIKtLeOw3FmAq/
                                                                                                                                                                                                                                                  MD5:94FD0B4733A47B840735E1D3A97C347E
                                                                                                                                                                                                                                                  SHA1:96CB962BBDD9DF336C83E377AF7BE40798B76F9F
                                                                                                                                                                                                                                                  SHA-256:BC6272D53B4E2F610E7DCB3B2A9301FAFD4A50A0DF2FCA51F40C35FBE194D98A
                                                                                                                                                                                                                                                  SHA-512:470CF5E899AB6DD7AA113FAE32F8187AE9B6AFE7E7A0C25BDFD48608EECD28D27D379517575C2FF52BB7D725FC8BE4462A0F7E394E67E7D5563F7BCBB9E4B9E7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Verwijdering kan pas worden voortgezet wanneer alle browservensters zijn gesloten.<br/>Klik op OK om alle browservensters automatisch te sluiten of op Annuleren om af te breken.",.. ADMIN_WARNING: "U kunt {0} niet verwijderen, omdat u bij de computer bent aangemeld als Gebruiker met beperkte rechten. Meld u aan als Windows-beheerder en probeer het opnieuw.",.. KEEP_FREE_PROTECTION: "Webbeveiliging houden",.. NO_THANKS_UNINSTALL: "Nee, installatie verwijderen",.. CANCEL: "Annuleren",.. NO_THANKS: "Nee, bedankt",.. SURE: "Goed",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "U hebt {0} verwijderd.",.. SURVEY_OFFER: "We horen graag van u. Kunt u ons laten weten hoe dit product nog verder kan worden verbeterd?",.. SORRY_TO_GO: "Wat jammer dat u ons gaat verlaten.",.. UNINSTALLING: "Uw software wordt nu verwijderd...",.. START_HEADER: "Wacht! We zullen u missen als u de software verwijdert",.. START_SUB_HE

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2456
                                                                                                                                                                                                                                                  Entropy (8bit):5.639526314050624
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ux6l/L182ZR1tM7T4K95K19ehLvfZhKXdWjpLTFi:U4lBXZjKWCfEeU
                                                                                                                                                                                                                                                  MD5:DFFD53C36D72C8F2D4E492145350A5DA
                                                                                                                                                                                                                                                  SHA1:EEA8B352FE8A3DC367EFBBF50B2212270A7248C8
                                                                                                                                                                                                                                                  SHA-256:60C7AF2F7C8AF470204D02C8514B2E64B49673CF67B8D59D5D94F5B2C96A374D
                                                                                                                                                                                                                                                  SHA-512:C8C080A865CE349A389E6D7E24B6630165701CE8D462538E86E547FCFB3DCD560F47315DBD3354DB745BEEBBD97E8E25DF5366F77F1DDC128DC00CB506E82E77
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Nie mo.na odinstalowa., dop.ki wszystkie okna przegl.darki nie zostan. zamkni.te.<br/>Kliknij przycisk OK, aby automatycznie zamkn.. wszystkie okna, lub przycisk Anuluj, aby przerwa. proces.",.. ADMIN_WARNING: "Nie mo.na zainstalowa. programu {0} z powodu zalogowania na komputer jako u.ytkownik z ograniczonymi uprawnieniami. Zaloguj si. jako administrator systemu Windows i spr.buj ponownie.",.. KEEP_FREE_PROTECTION: "Zachowaj ochron. w sieci Web",.. NO_THANKS_UNINSTALL: "Nie, dzi.kuj.. Odinstaluj.",.. CANCEL: "Anuluj",.. NO_THANKS: "Nie, dzi.kuj.",.. SURE: "Pewnie",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Program {0} zosta. pomy.lnie odinstalowany.",.. SURVEY_OFFER: "Chcemy pozna. Twoj. opini.. Jak mogliby.my ulepszy. nasz produkt?",.. SORRY_TO_GO: "Przykro nam, .e musimy si. rozsta..",.. UNINSTALLING: "Odinstalowujemy Twoje oprogramowanie...",.. START_HEADER: "Czekaj!

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2373
                                                                                                                                                                                                                                                  Entropy (8bit):5.39733627694852
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UHC6Unw+8DeoRMzBDzXGZ077FG/BjS7kjd6AGBhofQR9Nv:UfUdkM1zk8Bw47kjZchofQDNv
                                                                                                                                                                                                                                                  MD5:E546B885A419C18A25AB3E1527AAF57B
                                                                                                                                                                                                                                                  SHA1:F2D3B303B8FFC113C380EF9A5CB13FCCE810D220
                                                                                                                                                                                                                                                  SHA-256:0FF28375F3BE52A5A5690D84A5C132D8F7B618A26AF281026BF96F4631E3F06E
                                                                                                                                                                                                                                                  SHA-512:258B309521A1EF4B3C1DFBEC927980861EE531B4FDAF71A46EAB18F24A8DC4B1347BEBE4E17B521F12BE3AD84CEEE8A1B720C7D35C08C35E6279FA8356C5E323
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "A desinstala..o poder. continuar somente se todas as janelas do navegador forem fechadas.<br/>Clique em OK para fechar todas as janelas do navegador automaticamente ou clique em Cancelar para interromper a opera..o.",.. ADMIN_WARNING: "N.o . poss.vel desinstalar o {0} porque voc. est. conectado ao computador como um Usu.rio Limitado. Entre como Administrador do Windows e tente novamente.",.. KEEP_FREE_PROTECTION: "Manter a prote..o na Web",.. NO_THANKS_UNINSTALL: "N.o, obrigado. Desinstale o programa",.. CANCEL: "Cancelar",.. NO_THANKS: "N.o, obrigado",.. SURE: "Claro",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} foi desinstalado com .xito.",.. SURVEY_OFFER: "Queremos saber a sua opini.o. Deseja compartilhar suas ideias para tornar esse produto ainda melhor?",.. SORRY_TO_GO: "Lamentamos pela sua sa.da.",.. UNINSTALLING: "O seu software est. sendo desinstalado...",.. START_HEADER

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2369
                                                                                                                                                                                                                                                  Entropy (8bit):5.4079735501786255
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UDlURTq+8ZxNHRSMMy7EVW14P9SZPkDPIjQ7AV2iEc5KQoID:UxUOitVQsDf7FQoQ
                                                                                                                                                                                                                                                  MD5:149E0BBF2EDFCF809D2CCBD0B34FD0B5
                                                                                                                                                                                                                                                  SHA1:18F49C57C8D9BC4778AE9F55DEB4B533BBD7F7C0
                                                                                                                                                                                                                                                  SHA-256:D7186ADD85922E32B75780A52804D2EFF89C175B7A6F81AC2AC2B554C850A6F5
                                                                                                                                                                                                                                                  SHA-512:6D8A9B6E94A6A725B9EEBE5D84740F9ED5450ECCC18252E43E3143CCE1DD4E229DD393062922134691234C5B80A86D5B4C9841FB68A8A1D7473E89AFAFEE313C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "N.o . poss.vel continuar com a desinstala..o sem fechar todas as janelas do browser.<br/>Prima Ok para fechar automaticamente todas as janelas do browser ou Cancelar para cancelar a opera..o.",.. ADMIN_WARNING: "N.o . poss.vel desinstalar o {0} porque tem sess.o iniciada no seu computador como Utilizador Limitado. Inicie sess.o como Administrador do Windows e tente novamente.",.. KEEP_FREE_PROTECTION: "Manter a prote..o Web gratuita",.. NO_THANKS_UNINSTALL: "N.o, obrigado, desinstalar",.. CANCEL: "Cancelar",.. NO_THANKS: "N.o, obrigado",.. SURE: "Claro",.. OK: "Ok",.. SUCCESSFULLY_UNINSTALLED: "Desinstalou o {0} com .xito.",.. SURVEY_OFFER: "Queremos ouvir a sua opini.o. Pode enviar os seus coment.rios para tornar este produto ainda melhor?",.. SORRY_TO_GO: "Temos pena que nos deixe.",.. UNINSTALLING: "Estamos a desinstalar o software...",.. START_HEADER: "Aguarde! Se desinstalar

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3465
                                                                                                                                                                                                                                                  Entropy (8bit):5.097424545190096
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UxdXe3T+ZqUelORd3BZjNfGqhHmLgw0ZIsgUKacbkgmhVXAT1Wh9TEP:Uxt3xPfGqhHmkwKIyK+hx8
                                                                                                                                                                                                                                                  MD5:31F821DCE9F7D669EFBECDE3185E050C
                                                                                                                                                                                                                                                  SHA1:B9F6BFE74E7517283C9EC7115FC10F111D1F5429
                                                                                                                                                                                                                                                  SHA-256:CE25AF25522FDE1E25816A9547D88C4508DB7A8D36820A0B69F49A44A6BE6BDC
                                                                                                                                                                                                                                                  SHA-512:261F3A5C16E273E37E2C313F1CEBC2925E679C9673E1BBDBE370AB0636BF29584795E38B860E3193D61E2E3E6D366389BFE9CAAF35D9F10EAC6DA58CB7A65423
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "..... .......... ........, .......... ....... ... .... .........<br/>....... ...... .., ..... ............. ....... ... .... ........, .... ...... ......, ..... .......... .. .......... .........",.. ADMIN_WARNING: ".......... ....... {0}, ... ... .. ..... . ....... ... ............ . ............. ........ ....... . ....... ... ............. Windows . ......... ........",.. KEEP_FREE_PROTECTION: "......... ...-......",.. NO_THANKS_UNINSTALL: "..., ........ ....... ...-......",.. CANCEL: "......",.. NO_THANKS: "..., .......",.. SURE: "......",.. OK: "..",.. SUCCESSF

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2602
                                                                                                                                                                                                                                                  Entropy (8bit):5.668373016806341
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ujo34jWoRebkIk8Am7/fz8x9kJghJhuaO+PUi53yqUA29nsYvrOstk:UjP1Ik8AajJMaavUi5RVgsSisa
                                                                                                                                                                                                                                                  MD5:D4F9C25D0D28EB10C7A96A40E38980C3
                                                                                                                                                                                                                                                  SHA1:C15BBE6C5B6380E54F6B08FC69B092A0164E9C0D
                                                                                                                                                                                                                                                  SHA-256:571E50354EC269C6BA06359A45B739A855B266B7C72C307A65F1E9D79CF9D33F
                                                                                                                                                                                                                                                  SHA-512:CFD35A19285CE4404110303CC39B0164F206784386EE9B66361745471057B7725EC810D854B1DE83ACF361AF3534D344233A66464FCF750632CC90C49D7BC17E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "V odin.talovan. bude mo.n. pokra.ova. a. po zavret. v.etk.ch okien prehliada.a.<br/>Ak chcete automaticky zavrie. v.etky okn. prehliada.a, kliknite na tla.idlo OK. Ak chcete odin.talovanie zru.i., kliknite na tla.idlo Zru.i..",.. ADMIN_WARNING: "Aplik.ciu {0} nem..ete odin.talova., preto.e ste sa do po..ta.a prihl.sili ako pou..vate. s obmedzen.m. Prihl.ste sa ako spr.vca syst.mu Windows a sk.ste to znova.",.. KEEP_FREE_PROTECTION: "Ponecha. ochranu pred webom",.. NO_THANKS_UNINSTALL: "Nie, .akujem, odin.talova. ju",.. CANCEL: "Zru.i.",.. NO_THANKS: "Nie, .akujem",.. SURE: "Iste",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "Aplik.ciu {0} ste .spe.ne odin.talovali.",.. SURVEY_OFFER: "Radi by sme poznali v.. n.zor. M..ete sa s nami podeli. o svoje n.vrhy na zlep.enie tohto produktu?",.. SORRY_TO_GO: "Je n.m ..to, .e sa l..ime.",.. UNINSTALLIN

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2387
                                                                                                                                                                                                                                                  Entropy (8bit):5.4861014984584076
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:Ub2RwcC6S2hGDlCEVFS/+uhRpTSQOa/YmAXXRTsa:UiKRE8ha/HhiQ70lX
                                                                                                                                                                                                                                                  MD5:7736A64C15E4E9C7E15E0499E8E40DE5
                                                                                                                                                                                                                                                  SHA1:A1F7B403C9E84B50220E047FF77B389A862CC0F3
                                                                                                                                                                                                                                                  SHA-256:D5B86BECA01ED3110AA80F81DDBFD916732415157D1586925BBDFB3A07A3E9CB
                                                                                                                                                                                                                                                  SHA-512:BEF67D2EA14F1A4223A678AEF4C50A1165130D7084E91F69B03C8A129DCFC8C2D52D5341F9B81F429F2AEACBD873C7B6746CB00B39308CED17ED11FBE85099EE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Nije mogu.e nastaviti deinstalaciju dok se ne zatvore svi prozori pregleda.a.<br/>Kliknite na dugme .U redu. da biste automatski zatvorili sve prozore pregleda.a ili kliknite na dugme .Otka.i. da biste odustali.",.. ADMIN_WARNING: "Ne mo.ete da deinstalirate {0} zato .to ste prijavljeni na ra.unar kao ograni.eni korisnik. Prijavite se kao Windows administrator i poku.ajte ponovo.",.. KEEP_FREE_PROTECTION: "Zadr.ite Veb za.titu",.. NO_THANKS_UNINSTALL: "Ne, hvala, deinstaliraj je",.. CANCEL: "Otka.i",.. NO_THANKS: "Ne, hvala",.. SURE: "Naravno",.. OK: "U redu",.. SUCCESSFULLY_UNINSTALLED: "Uspe.no ste deinstalirali {0}.",.. SURVEY_OFFER: ".elimo da .ujemo va.e mi.ljenje. Mo.ete li da podelite sa nama svoje ideje za pobolj.anje ovog proizvoda?",.. SORRY_TO_GO: ".ao nam je .to odlazite.",.. UNINSTALLING: "Sada deinstaliramo va. softver...",.. START_HEADER: "Sa.ekajte! Ak

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2300
                                                                                                                                                                                                                                                  Entropy (8bit):5.474804605063888
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:U2OwbAtfP5E+Ht3zni7IL8wPt2i6W7GvCZCjXAPPeMHi2iwsuwmwOMJxAQ5S:ULwq7t38IfFN7JCaPeMCH4Q7AQo
                                                                                                                                                                                                                                                  MD5:E4B03825A7303C09DBDF2742B4CDEC47
                                                                                                                                                                                                                                                  SHA1:7EA5102618AB1081C5B73D57BB3E238F723E8EBB
                                                                                                                                                                                                                                                  SHA-256:AC45BF99F99422FEA76F025AC059EE8DEDAF45A406716FDEC15DD2F09E9A4D4C
                                                                                                                                                                                                                                                  SHA-512:31EAA59916A6D5908F5B419517F9781B6D87FC207972394F1C89B4F9E76D19DD42178B31AB123FC21B2BE10E4AA44E4E6B9220CD3F2F8EC13FEF90754A346EAE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "Avinstallationen kan inte forts.tta f.rr.n samtliga webbl.sarf.nster .r st.ngda.<br/>Tryck p. OK f.r att st.nga alla webbl.sarf.nster automatiskt, eller p. Avbryt f.r att avbryta.",.. ADMIN_WARNING: "Du kan inte avinstallera {0} eftersom du .r inloggad p. datorn som begr.nsad anv.ndare. Logga in som Windows-administrat.r och f.rs.k igen.",.. KEEP_FREE_PROTECTION: "Beh.ll ditt webbskydd",.. NO_THANKS_UNINSTALL: "Nej tack, avinstallera det",.. CANCEL: "Avbryt",.. NO_THANKS: "Nej tack",.. SURE: "Ja tack",.. OK: "OK",.. SUCCESSFULLY_UNINSTALLED: "{0} har avinstallerats.",.. SURVEY_OFFER: "Kontakta oss g.rna. Vill du dela dina id.er om hur vi kan g.ra produkten .nnu b.ttre?",.. SORRY_TO_GO: "Vi beklagar att du l.mnar oss.",.. UNINSTALLING: "Avinstallerar programvaran nu ...",.. START_HEADER: "V.nta! Om du avinstallerar kommer vi sakna dig",.. START_SUB_HEADER: "Och v.rre

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2590
                                                                                                                                                                                                                                                  Entropy (8bit):5.547653990910053
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UrK+A3WqDVZRmSXdypNsXHp8QbTBtW+R+jNvSvp2DAw0kxnfcOKef3gtlvne1J:UW3WQyQXHpHHBw+R+x680GfF3gtlvQJ
                                                                                                                                                                                                                                                  MD5:F4D6D9CCB77242DFED6772A64B4BBEF4
                                                                                                                                                                                                                                                  SHA1:519EF1E4B31514FE2A50612CD086758CEEBA2EFE
                                                                                                                                                                                                                                                  SHA-256:64C94A44411592C50D7D37587831D19D36FC5B8E7913D84666691BB9EE861F24
                                                                                                                                                                                                                                                  SHA-512:CB19E90534BEC93426C6F92EB1CBBED852D54E3ADCF3B9E166718F509501A8600CBE4CF39EDE81E25DEE761D72BFA03CE8A8F495B1BADDD3496B235CE6F0C5CB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "T.m taray.c. pencereleri kapat.lmadan kald.rma i.lemine devam edilemez.<br/>T.m taray.c. pencerelerini otomatik olarak kapatmak i.in Tamam'a, i.lemi iptal etmek i.in ise .ptal'e bas.n.",.. ADMIN_WARNING: "Bilgisayar.n.zda S.n.rl. Kullan.c. olarak oturum a.t...n.z i.in {0} uygulamas.n. kald.ramazs.n.z. L.tfen Windows Y.neticisi olarak oturum a..n ve yeniden deneyin.",.. KEEP_FREE_PROTECTION: "Web korumas.n. tut",.. NO_THANKS_UNINSTALL: "Hay.r, te.ekk.rler, kald.rmak istiyorum",.. CANCEL: ".ptal",.. NO_THANKS: "Hay.r, te.ekk.rler",.. SURE: "Tabii ki",.. OK: "Tamam",.. SUCCESSFULLY_UNINSTALLED: "{0} uygulamas.n. ba.ar.yla kald.rd.n.z.",.. SURVEY_OFFER: "D...ncelerinizi ..renmek isteriz. Bu .r.n. daha iyi hale getirmek i.in neler yap.labilece.ine ili.kin d...ncelerinizi bizimle payla.abilir misiniz?",.. SORRY_TO_GO: "Gitti.iniz i.in .zg.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2207
                                                                                                                                                                                                                                                  Entropy (8bit):6.3594701403436575
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UtM+PzEwQSBjFt9CNLX15qklwzATPXtrVeGTGB:UPftMtFzwzUtriB
                                                                                                                                                                                                                                                  MD5:B59AAAAC52B618223883A3CCFACAB979
                                                                                                                                                                                                                                                  SHA1:18E34DD3BE96FA167BDFBCA4AE98BF4179145FB7
                                                                                                                                                                                                                                                  SHA-256:D2222A002F5A1701A470A7E10A1F8A6F6BDA13EDCB3B034A7A0C8C2DCCD6655F
                                                                                                                                                                                                                                                  SHA-512:86DA8B7860ADB4ED779A57F5C9201D384E0AA28C1151A2862B45EBCA9C2DAA5A47C9C50B44290AED118018B7FA49C3A9DDF5D1273186938F8D0B2587E9CC08E1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: "........................<br/>...............................",.. ADMIN_WARNING: "..... {0}.................. .. Windows .............",.. KEEP_FREE_PROTECTION: "......",.. NO_THANKS_UNINSTALL: "........",.. CANCEL: "..",.. NO_THANKS: "....",.. SURE: "..",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "...... {0}.",.. SURVEY_OFFER: "........... .....................?",.. SORRY_TO_GO: "............",.. UNINSTALLING: ".........",.. START_HEADER: "...! ................",.. START_SUB_HEADER: "............

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2271
                                                                                                                                                                                                                                                  Entropy (8bit):6.363323658706558
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:UtQEPQWGitIGg3V4BxFrtYqbu1bRqAO5qgggF3pA5Bo:UCEjAqxHsG5eEpAro
                                                                                                                                                                                                                                                  MD5:CC2579B3DFE06ACE43FEA4804C7ECE99
                                                                                                                                                                                                                                                  SHA1:07CA624B77091EF516C39E27477B469624F7C607
                                                                                                                                                                                                                                                  SHA-256:9D2A83637796F072C28218B4C5A9CB80820C1109CF1D64428706AECB99A6446F
                                                                                                                                                                                                                                                  SHA-512:B4DB2369F1CB3951461840FD5CE7840067AFE79CF2C9B90834B4F683ED556462413AF948112EF6E21A7FB5E1F83F42E2ECED838C024DB8D064496AD4EBE761CC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUninstall_ = {.. BROWSER_RUNNING_WARNING: ".........................<br/>. [..] ............... [..] ...",.. ADMIN_WARNING: "....... {0}..... [......] ....... .. Windows ..................",.. KEEP_FREE_PROTECTION: ".. Web ..",.. NO_THANKS_UNINSTALL: ".............",.. CANCEL: "..",.. NO_THANKS: "....",.. SURE: "..",.. OK: "..",.. SUCCESSFULLY_UNINSTALLED: "....... {0}.",.. SURVEY_OFFER: ".......... .......................",.. SORRY_TO_GO: ".................",.. UNINSTALLING: ".............",.. START_HEADER: "................",.. START_S

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.421577842693986
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPLng:Yo6KUtjVLk4t94iU3KNoT8u8ayg
                                                                                                                                                                                                                                                  MD5:9FE61AB675B400AEFAC96AA167CA4EB5
                                                                                                                                                                                                                                                  SHA1:402D75F1A5334A0387653D1AB0C72C362653FC0E
                                                                                                                                                                                                                                                  SHA-256:51990924DD2887EEA7AE572740D016EBBD970FA8015FD40BC2CBCBB63FE19A44
                                                                                                                                                                                                                                                  SHA-512:7EC5B2692C2F2C8B42FE97AD45A8F7B0DB0F02875B0A362329B39EE33391D309EB179DE9C2C2B3513364111D0851E97253029F768C7B78BAFA7BF4771D5D2385
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.419897316300179
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPcD:Yo6KUtjVLk4t94iU3KNoT8u8a5
                                                                                                                                                                                                                                                  MD5:A3672F0A0A41208730DD6E62E0AA0275
                                                                                                                                                                                                                                                  SHA1:CC2892D7780CE64CDD877EC759130C477C0ADD18
                                                                                                                                                                                                                                                  SHA-256:8C06426F664E2ACABAF1C6EB47752E255C90CADE05482494CA37E1D23EE4F138
                                                                                                                                                                                                                                                  SHA-512:C790782CCBB777EAEEC1CF7FA4C99445713B45A4960FF9C113DC6D446D2B1D68ADF1CC2A14054072700F230A113CE4189FB0984A4FED0B9827A2872431CAF96E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.409948627721378
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPn:Yo6KUtjVLk4t94iU3KNoT8u8aa
                                                                                                                                                                                                                                                  MD5:9EFDF51475A43968D6E4718EF377D114
                                                                                                                                                                                                                                                  SHA1:BE68A01805A1E485F65A5710AD1DE92B16FB83C3
                                                                                                                                                                                                                                                  SHA-256:4DD8335F3BC0D25322513392868B7E9CDA50107DE370AFD6ED6D0E1B00D75569
                                                                                                                                                                                                                                                  SHA-512:836EC2DC8AAE109026B4CD1050DF9469FCE61AF45EF171F732D2182EB31F4C4F46018535F3D5A559C367FFEF0F8ACAD964D4783CA6C14A93FC86ABAD335CF32E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.413603514419358
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP7:Yo6KUtjVLk4t94iU3KNoT8u8aW
                                                                                                                                                                                                                                                  MD5:0E73429D670F5C9CEEA7AF17D2EF9999
                                                                                                                                                                                                                                                  SHA1:C13A5D362F348ECB94B436B49136B3A94F413891
                                                                                                                                                                                                                                                  SHA-256:FC6D0B1BCDDDCEE70D03D796A706DFAC88AC0B8BAD72FEA327EDFEE730D8B71E
                                                                                                                                                                                                                                                  SHA-512:AD52364986752C1407E495027258EC5D3CE5C34E0D86029969DA0CFB93E66E2EA5BA5AEE523F63BAD0601FF601DA3CDAEACE24EC643B48F4B6055FC3710CBBAF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.413406832301877
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPpQ9vm:Yo6KUtjVLk4t94iU3KNoT8u8aA
                                                                                                                                                                                                                                                  MD5:3F6135FDB0DEAC31D3BD26B3BCB3D9FA
                                                                                                                                                                                                                                                  SHA1:56F00B405F7750AE50FF74C3751643B294EA9376
                                                                                                                                                                                                                                                  SHA-256:F524FC64628283054B562D159184E28745C17A0C4F206E06E08427438B4DE5C2
                                                                                                                                                                                                                                                  SHA-512:044FC79350664633EE117DCA61E2BBFDD93A1581246F022F0C790D0F278F7807B6B74AD90CDD9946E1D1983E7B2FB5CA12E80AF684088A1E414B6EA9DEA54BD2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.4161981543742375
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPY:Yo6KUtjVLk4t94iU3KNoT8u8aJ
                                                                                                                                                                                                                                                  MD5:C390774B91883A1BFCC628C735864D0F
                                                                                                                                                                                                                                                  SHA1:3CBF5604C05947E86B975BD95109FF1A00E2398D
                                                                                                                                                                                                                                                  SHA-256:FAE5F9ED555CAF667336B07E6086F878947EAF75501A56C5E5B7848C0EB59630
                                                                                                                                                                                                                                                  SHA-512:00611AE33EC58A991163DC3FC577912F7118DBFA7525C5716491759C9576EA2BE689CF07459E44BD0658A53169334964E8EBF64179EFD9FD21A936FA85FF4657
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.4133944203366635
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPY:Yo6KUtjVLk4t94iU3KNoT8u8at
                                                                                                                                                                                                                                                  MD5:C369092A4D4530239D42F94D631F683D
                                                                                                                                                                                                                                                  SHA1:D67FFDAB98A74C4E9A477BE6434A6B38D28E5508
                                                                                                                                                                                                                                                  SHA-256:C0F9CCE38563A117907543C1EA522CF0D014102324A9EF46660A9B01833895E8
                                                                                                                                                                                                                                                  SHA-512:17D6EC8C7DC17AA4D2F3A5B89C9CFCBF23903ADBE2AFC6ED938AA8A48C80B5778EB80B8BDA78D72BEE932AD56C4B5CCB743FEAB5D1B9D44D4541ADEBC9369FB3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.421392433119576
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPDH:Yo6KUtjVLk4t94iU3KNoT8u8aIH
                                                                                                                                                                                                                                                  MD5:4488C6A7EAEC8F97DDD2FBFA467BB3B8
                                                                                                                                                                                                                                                  SHA1:8DA32ADBB4CD5AE1B793AD8323C78F56EC1ECA41
                                                                                                                                                                                                                                                  SHA-256:0568B7E9AC97003EDC3DC5E277A4D1925E0E442DC99544E67F3F7ACFF2C1388F
                                                                                                                                                                                                                                                  SHA-512:7C358DEEAD1A3DD24CFF5B8CB174D5C457D9D898E51D49CD7A8DACDFEDD64DF831028BB73D69B79BD527FB857B4EE354A8C604A41CBF6FF514623378E8EB2EE9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.414224710526144
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPjgH:Yo6KUtjVLk4t94iU3KNoT8u8a6s
                                                                                                                                                                                                                                                  MD5:EB13CD7B73F29F695F8D2D470D1562CF
                                                                                                                                                                                                                                                  SHA1:4E9903DA07BF60BAF683C480EB5166AFE3CBA633
                                                                                                                                                                                                                                                  SHA-256:B867441425FE2997BBF5A4FA90151AB1EC964F7C7821174CBCEBD01994AFB91D
                                                                                                                                                                                                                                                  SHA-512:3561A7726CDF78AD4CB69CEC055AE51E97FAD3F627067DF65B2421A167DF5D040131714E02A72549EAA5825CBBA1FC927D0C5D06CBB1A31793101F166D11FDB6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.413744033444191
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPPD:Yo6KUtjVLk4t94iU3KNoT8u8aq
                                                                                                                                                                                                                                                  MD5:04ADB8773162AD4F83BB4B105D7A2D3C
                                                                                                                                                                                                                                                  SHA1:F5491694EE4A57C273DA2149C55953763FAC8F61
                                                                                                                                                                                                                                                  SHA-256:940BE99ABE6A2A19259F571D587EB1ABD3940D749DB8A68AC87CAD63C1DD921F
                                                                                                                                                                                                                                                  SHA-512:2241980DADCD13883DC91A8675B722C64839E4D12792E2BA7F304D805D8718D7DA83307A9D4C0AE3A933EF60902A33197DA7C075F2271B8CEBD4011497D19E35
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.418902385318098
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPmp:Yo6KUtjVLk4t94iU3KNoT8u8azp
                                                                                                                                                                                                                                                  MD5:8F21889C438D0E7FCD3FBB01936181F0
                                                                                                                                                                                                                                                  SHA1:3FEC8424E930A0305DC5AFE5456D434667703642
                                                                                                                                                                                                                                                  SHA-256:9EB1DDE93E8530B93D4A9FAEA2E2934A986621C6A1588DBC1C03E0EA762CE340
                                                                                                                                                                                                                                                  SHA-512:81003B269E54CD0D48BAC9D28F9459B37F9B15C343849F4EEB7FB64B1CA3EFA6F3B065E778306663E7FF5E3884A7A623FAA549DE4472244D0D93C7AA4AF4BE9D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.4174628836720355
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPp+:Yo6KUtjVLk4t94iU3KNoT8u8aQ+
                                                                                                                                                                                                                                                  MD5:09ACFE979DDC0083D223A2CD508C0D84
                                                                                                                                                                                                                                                  SHA1:116BFB0C7B06BF851CC6D6DA0FEF578F008875E5
                                                                                                                                                                                                                                                  SHA-256:DBB6582ACEAE46401F25DE2AC865AB4FEAC20248FEAA1AC48B41C706AD14AEA6
                                                                                                                                                                                                                                                  SHA-512:B0F0CEF8F5ADB5675B79149383C7FBCB718FF614592DE6D0D5A010DCFF61C3E459C71A2A0B5A73D635475E3169F2281BC5094BA0A509F060375677EA342C4266
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.4034843296203325
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPH:Yo6KUtjVLk4t94iU3KNoT8u8aq
                                                                                                                                                                                                                                                  MD5:679FF7B236A0BC9B892B1DB3CD04014B
                                                                                                                                                                                                                                                  SHA1:2707E7226882896D6239EA175AD68ADDBA858F3D
                                                                                                                                                                                                                                                  SHA-256:C8464B790741BFC9D24A96B7360AF3457BDFCC001AB48AE4636AEDBF18E66482
                                                                                                                                                                                                                                                  SHA-512:88F146D83BC386788541583CC149EE59FF3746A6D391476CFEF2FA6C667C0B07B75988B6A729E7CC474A8023FF88AFAE364536A9E84E30E695FDE3935D54724E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.413672546832975
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPI:Yo6KUtjVLk4t94iU3KNoT8u8aR
                                                                                                                                                                                                                                                  MD5:D0ABCD9FD9E845BF1290CDA39F3507BE
                                                                                                                                                                                                                                                  SHA1:4D71FBD13F5830A246A676DF51F42AC52C8AA183
                                                                                                                                                                                                                                                  SHA-256:420C537B799C6AE58B9E2F809B0FC191AA2E481644186F595469028D652B777F
                                                                                                                                                                                                                                                  SHA-512:3C3FE99872F8C3AF2FF858A5133FE878F23DB0CF21DA99183D44B3BCD0CFD72A5DCE919BE6CB29992A5496FD654B8FD5EB4804D22A034123C2BC64B2A1BC22AA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2008
                                                                                                                                                                                                                                                  Entropy (8bit):5.909488900192057
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:7vzEJoY7j197RD0AQUSRrNyEimWAwHM3+i3PZOHsciY/oY7BL+WPUJupxJXA0:/ZYt9iAQhRwEimWQ+i3YBLztgJ8xG0
                                                                                                                                                                                                                                                  MD5:10683AB0B71EBE3C1F51A299B7864D2C
                                                                                                                                                                                                                                                  SHA1:4416601198B6ABA9F187E0C1434EEAD892EC5C7B
                                                                                                                                                                                                                                                  SHA-256:A0F936B24F8A84CB6E4B7417C7DD6CA49C6D71C44CBCA1D458461CCFA4BCC9F6
                                                                                                                                                                                                                                                  SHA-512:748D3E6766123A46371754148D9B32766ECA7561A3F9DB7A3F34A92D2CFA59FACDACD4255486BC9A51F193F1E8104317D6DD2079AAC8AB2B524D6B9E8EEF66AB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: ".. ... ... ... .... ... .. .... ....",.. UT_WSS_TOAST_TITLE_COHORT_2: "McAfee. .. .... .. ",.. UT_WSS_TOAST_TITLE_2: "... .... ... {0}.(.) .. .. ..",.. UT_WSS_TOAST_TITLE_2_STRONG: "... ..",.. UT_WSS_TOAST_DESC_1_VAR_1: "McAfee. .. ..... .... VPN, .. .. .., Premium ...... ... .. . ... ......",.. UT_WSS_TOAST_DESC_1_VAR_2: ".. . ... ... ... .. ... . .. .... ......",.. UT_WSS_TOAST_DESC_2_VAR_2: ".. McAfee. .. ...... ......",.. UT_WSS_TOAST_DESC_COHORT_2: ".. .... ... ......, .. .. .., VPN, .. .. ... ... .... ......",.. UT_WSS_BUTTON_ACCEPT: ".. ....",.. UT_WSS_BU

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.418516889252441
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPKP:Yo6KUtjVLk4t94iU3KNoT8u8aF
                                                                                                                                                                                                                                                  MD5:B3C02DEC4E232FC624AB0C1E55F6312B
                                                                                                                                                                                                                                                  SHA1:4658B03C568897D0D1DA1245E243D95E86BEB868
                                                                                                                                                                                                                                                  SHA-256:3EB1D58410DCCEC475EBF1DB6B892A52188691DACAEB2EC8E667FA64D3119DDF
                                                                                                                                                                                                                                                  SHA-512:935768715B870599369B004E5B044A5673C3FBFB54F1FE53A36F1605D6FAD1399C2257661C3ED76F58232F60BF38B9A68F18CA7C5E7CE6E921A6C0641083CB1A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.418407979344233
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP/isU:Yo6KUtjVLk4t94iU3KNoT8u8amisU
                                                                                                                                                                                                                                                  MD5:52573AEC0D6D921E975497F0266F23BB
                                                                                                                                                                                                                                                  SHA1:E445E213D9A958E02A09630C751E91D2DF68FB88
                                                                                                                                                                                                                                                  SHA-256:9723D05E9B11A6FF8747957DF31E6FD0D37CE0A6CA1B5FF355D3E8D4C4E9AD2A
                                                                                                                                                                                                                                                  SHA-512:0A08872AA6F3CBD7976D6BE5E5DBDA0DD7D4546C071F4D0D307E9A7987D6373BC8CDB3DF9C5224B2E69EC75CF1BB1095B4C02E6B41450D1C45C996D730EA3ABB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.411191886747714
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPdgd:Yo6KUtjVLk4t94iU3KNoT8u8ayO
                                                                                                                                                                                                                                                  MD5:B6E853A5599D13BB5F612EF9AD8E497D
                                                                                                                                                                                                                                                  SHA1:37A450E00707344D6B97F75B189C85E6FBDA64F3
                                                                                                                                                                                                                                                  SHA-256:3CF0A5FB0F04EC78B4FDB3E5E305F633EA809EBD157AE825B1FDA59530019EFB
                                                                                                                                                                                                                                                  SHA-512:69CB3F1F0D88293EE85555AFB296975AA57ABB975ED7B9E25453C90D7939FCE1D83CA42FA5990E33F6D23AFAA297FFF84F8CCF1E7739C15E67DF3D2201337DAE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.419642142736874
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPA:Yo6KUtjVLk4t94iU3KNoT8u8a9
                                                                                                                                                                                                                                                  MD5:F2964EDBA338BF8C3448180A1103A0B9
                                                                                                                                                                                                                                                  SHA1:80C7E663F9EC61A3C7D02AA651FB0E6825C09E06
                                                                                                                                                                                                                                                  SHA-256:A8151AA386FFBA740FC887DE1B77717A9192789B371D4393CD29D60ED9B7EB88
                                                                                                                                                                                                                                                  SHA-512:1534BE7ABCD235B79394993E499748944BF216D091768DCCEDA7484E76D64C46F3501BDEC69B7C12A9F76965892475584529C12FE8CB59EB0B34D6E2228BD70D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.416188183976697
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPT:Yo6KUtjVLk4t94iU3KNoT8u8a2
                                                                                                                                                                                                                                                  MD5:B621CE9D127DEA90D5B356C0621533CD
                                                                                                                                                                                                                                                  SHA1:4EADEE73CE9E83B86F2DE551054518AA5C2D2AEC
                                                                                                                                                                                                                                                  SHA-256:D9FC7D632EEFA7C04DAA892858D730569E9ACCF79EEF69E20354A19B4A0C9548
                                                                                                                                                                                                                                                  SHA-512:5F9C0E575C3B51C9D8264160937D07B2D04540DDD688EC9AF3C31981786F928CDEA5172832CF6F90F438B493E65413DCB879B92DEDAF86096D399FA53DAA5E20
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.421464808614118
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPb:Yo6KUtjVLk4t94iU3KNoT8u8a2
                                                                                                                                                                                                                                                  MD5:78F2AC106B4B5DBA5BA1E3A49A1C2EBB
                                                                                                                                                                                                                                                  SHA1:79D5B6D8AF4C28F41299619DA439893E0B9E911F
                                                                                                                                                                                                                                                  SHA-256:66CAC992D653ACE527EC60F7134F481456C25CD62F1ACCDC0D2720D7EB5D987F
                                                                                                                                                                                                                                                  SHA-512:F6A7E6C1E6D2BC678AEAFA25DD5609A2E8FFFCD92FA6752EECA69EC33B15ABF704D9099AA19C883385959369103541D82D20B16CB4BE9DE70855D8A5B589C8EF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.419498727672663
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP3H:Yo6KUtjVLk4t94iU3KNoT8u8aq
                                                                                                                                                                                                                                                  MD5:2E52C69A19D3C7EE73E3B4FEBF98F5D2
                                                                                                                                                                                                                                                  SHA1:3E42280B017D03E04AD54E0BCEC0649BFB0088C6
                                                                                                                                                                                                                                                  SHA-256:DDF44D25CF0196F680F43E9DE89CAF0ECFEE299DE1C943EB6DBCD6E1338CEEB2
                                                                                                                                                                                                                                                  SHA-512:F28E167B0608DA1A7D49ECF6ECFC1A89B3A49F47867A49D6DF1B8A09E9D82EE93CE8F7284C9ABEE0B23F7E0C7F0F57D35AE097A478919164D8DB44A8CD284020
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.4174647835949745
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aP6r:Yo6KUtjVLk4t94iU3KNoT8u8a7
                                                                                                                                                                                                                                                  MD5:1952E5DD26BCABA52EB1809DD35FC27D
                                                                                                                                                                                                                                                  SHA1:869C956A9C66E2371B0F95E0AD6311323926D4A9
                                                                                                                                                                                                                                                  SHA-256:41D6AC5C30C06E6F1342C699F0479115A2BE08ED8B0527A88E26751DC2A7DDF1
                                                                                                                                                                                                                                                  SHA-512:D8520BD10CD7C26664BF16EF21853397A3824A88A90D07C413D06CCC1B7CD28E63672C3F10FC84C12E267089A2029371989A01B5517384C3B3624F55EBCF2552
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.407751420560367
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPqYL:Yo6KUtjVLk4t94iU3KNoT8u8aNYL
                                                                                                                                                                                                                                                  MD5:CDAA2CC07FBA9C893F81D2FC43722BC1
                                                                                                                                                                                                                                                  SHA1:81D8D73C23167AE95DFB4D4EEBFAD502DD7E8CF2
                                                                                                                                                                                                                                                  SHA-256:94D40769CD5CFA698C1D20BD20BF8192141D612CFBAC077F3B40AC4E42A09930
                                                                                                                                                                                                                                                  SHA-512:82A23AA8DA5E8B98EAE67D2705953AEF1673A0C5ECC5582435CE79681AB57B86528FE5279646350E85A4DA4E47463B4D0A32663D3C1FEF9A49BC3E2BA7AABA70
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.415854621104547
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPug:Yo6KUtjVLk4t94iU3KNoT8u8a7g
                                                                                                                                                                                                                                                  MD5:DEC587EADBFCEF562C3FE22C8EE0D213
                                                                                                                                                                                                                                                  SHA1:942A2388B313A96CBAC4F0A23556CA2C8E39ED7B
                                                                                                                                                                                                                                                  SHA-256:D8D1560A39D5756E3613DCA69156E11D7899E589B861818D056F87E0B80B59AD
                                                                                                                                                                                                                                                  SHA-512:BB68351E3C0AF86929E92A5A36BCD0BB55A390019AE9F0FAC159AF2019685C4DFE4C81251C51D849C359321A5AC301766E9474023795F7FD49E8CEF856AA5E0C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.418590506750218
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPZS1t:Yo6KUtjVLk4t94iU3KNoT8u8agO
                                                                                                                                                                                                                                                  MD5:A594F29F65A7459ED90AC4A1087029BE
                                                                                                                                                                                                                                                  SHA1:19BC2C3F3E7A5331E4A59F39F50121855905D4C2
                                                                                                                                                                                                                                                  SHA-256:22D72E4BEEFE897605B4548656925F7790EEEF7317272CA35C26302821F5502F
                                                                                                                                                                                                                                                  SHA-512:84C428B0B890BAFFE6B073F552F207F784302D4E5550137DC59D8D9BB1D44E5C465EC13A950A03C7A5F5337B4167D6CCBA36BA91091CBD839CBDA9AF7BE9ED66
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-upsell-toast-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3601
                                                                                                                                                                                                                                                  Entropy (8bit):5.40638253326414
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:YvEkE6KESqDxGRoHJjq2lEk1k4thVZ/gN8UC8Kw8om88uwlE2+aPPY:Yo6KUtjVLk4t94iU3KNoT8u8aeY
                                                                                                                                                                                                                                                  MD5:67A1529C4568AE5C4E2AC3A63DF33C99
                                                                                                                                                                                                                                                  SHA1:317DF42B5A1680B3A093580D423C60D4BAB37D6B
                                                                                                                                                                                                                                                  SHA-256:7F9F04214166818007111A861D5812888B2E87772C7B5E84A7B511686C57D218
                                                                                                                                                                                                                                                  SHA-512:7E7F88E083B6857C4427BA720431ABD030E6A84751F1388134206D077FD6EE7DA3434258246BB0BF0830B575F17473740A89D043CD65FD152B1F50A5291EE38D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrUpsellToast_ = {.. UT_WSS_TOAST_TITLE: "Life online is now a necessity and hackers are taking advantage",.. UT_WSS_TOAST_TITLE_COHORT_2: "Get McAfee. Total Protection ",.. UT_WSS_TOAST_TITLE_2: "{0} against hackers in these uncertain times",.. UT_WSS_TOAST_TITLE_2_STRONG: "Take a stand",.. UT_WSS_TOAST_DESC_1_VAR_1: "Ensure your family and devices are protected with VPN, Identity Theft Protection, premium antivirus, and more with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_1_VAR_2: "The online safety of your family and their connected devices matters now more than ever.",.. UT_WSS_TOAST_DESC_2_VAR_2: "Protect them now with McAfee. Total Protection.",.. UT_WSS_TOAST_DESC_COHORT_2: "Protect your digital life with award-winning antivirus, Identity Theft Protection, VPN, parental controls, and more.",.. UT_WSS_BUTTON_ACCEPT: "Get it now",.. UT_WSS_BUTTON_REMIND_LATER: "Remind me later",.. UT_WSS_BUTTON_DECLINE: "No, thanks",.. //AV Quick scan.. AV_RED_HEADER: "We

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1260
                                                                                                                                                                                                                                                  Entropy (8bit):5.772215715910839
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPy7dadSybOjRlnkggpHlnEAKETUy6fQXKb6fMocWjq1EU:PyRaSgCLyZgfQaCMocWjen
                                                                                                                                                                                                                                                  MD5:35584AC9B786234394C8B70C8FA6AC35
                                                                                                                                                                                                                                                  SHA1:AC700C057336AA7C96548C1CE11D30D2D259F722
                                                                                                                                                                                                                                                  SHA-256:11187D284C306769E3F08F01E6ED01C9F94299969607CAE708BAFD47A59FDB2E
                                                                                                                                                                                                                                                  SHA-512:8555070A8F1F8D2C376B0341E92D631D1F040A80888E8830A577AA981F9EFE3827590F0F8D3332E4B0E46F5A34F53754BFBDDB2DCFB4978B21CD851ADAA7897C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Z.skejte aplikaci {0}",.. BANNER_RIGHT_TEXT: "Zrychlete proch.zen. internetu",.. TITLE_FIRST: "Zdr.uje v.s nep..jemn. automatick. p.ehr.v.n. vide. p.i pr.ci?",.. CONTENT_FIRST: "Proch.zejte internet rychleji pomoc. aplikace {0}. Zastav.me automaticky p.ehr.van. videa, kter. zpomaluj. prohl..en. webov.ch str.nek.",.. TITLE_SECOND: "Posledn. uji.t.n. . chcete zastavit automatick. p.ehr.v.n. vide.?",.. CONTENT_SECOND: "Aplikace {0} zastav. automaticky p.ehr.van. videa, kter. zpomaluj. prohl..en. webov.ch str.nek. Pokud o aplikaci Web Boost nem.te z.jem, nebudeme se znovu pt.t.",.. NO_THANKS: "Ne, d.kuji",.. YES_GET_IT: "Z.skat aplikaci Web Boost",.. LICENSE: "Licen.n. smlouva",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Prohl..en. o ochran. osobn.ch .daj.",.. PRIVACY_URL: "https://

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1184
                                                                                                                                                                                                                                                  Entropy (8bit):5.493379571388782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPVdSoggneOKTDy3DHZXQTDITDy3DHM1qrjgHMf8WpK8+kGdJIVj:P/SojnMDkD5+DWDkD/CMf8W74JGj
                                                                                                                                                                                                                                                  MD5:205CFFD766ABF808BB30C34EE05B4ABA
                                                                                                                                                                                                                                                  SHA1:09114D40CB7256F915BA7036C3FBDC836E95CA39
                                                                                                                                                                                                                                                  SHA-256:54A11C149265195665A5683B9ED4DA615407D01C37B14EBDD48ADABD82B76281
                                                                                                                                                                                                                                                  SHA-512:707CD9E4EB76B0E7A5C2E5D41E773E3EF11E9B863B6E1904F42E2BDE363BEBBE2B3AC103A69BB44A9774000A9B82AFA7932CA99CE05D91FA2496525E04F9FFE7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Hent {0}",.. BANNER_RIGHT_TEXT: "G.r browseren hurtigere",.. TITLE_FIRST: "Bliver du sinket af irriterende videoer, der afspilles automatisk?",.. CONTENT_FIRST: "Med {0} kan du surfe hurtigere p. nettet. Vi stopper automatisk afspilning af videoer, som s.nker hastigheden, n.r du surfer p. nettet.",.. TITLE_SECOND: "Vi sp.rger lige for sidste gang: Vil du stoppe automatisk afspilning af videoer?",.. CONTENT_SECOND: "{0} forhindrer automatisk afspilning af videoer, som s.nker hastigheden, n.r du surfer p. nettet. Hvis du ikke er interesseret i Web Boost, sp.rger vi dig ikke igen.",.. NO_THANKS: "Nej tak",.. YES_GET_IT: "Hent Web Boost",.. LICENSE: "Licensaftale",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Meddelelse om beskyttelse af personlige oplysninger",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "N.r du kl

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1153
                                                                                                                                                                                                                                                  Entropy (8bit):5.4998219823651135
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPRPcuFic3c4kEZkxQ0jwkIWDBpfCdEIfkSWFHCn+Gx:PRkU3c4xZEjw1WLmhfBWF3Gx
                                                                                                                                                                                                                                                  MD5:1769F0B2E4704D0A487D97B9CF07B526
                                                                                                                                                                                                                                                  SHA1:31CA3771EC4F63FD2F8003379AC7226288AEE18F
                                                                                                                                                                                                                                                  SHA-256:C1C718E195530D312DF8C0AB602FE8314F9E23691C23CF0C7DFA4451A4E7479C
                                                                                                                                                                                                                                                  SHA-512:2CBCBF569CB781CFD7257641F247A0ED1648B4B2A59ADCEEFDA1371E0600F697695353902228DFB49AF70F2A30EAB9EB2E2F26FE573A9356991136CEC49DFBC7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "{0} herunterladen",.. BANNER_RIGHT_TEXT: "Surfen beschleunigen",.. TITLE_FIRST: "Wird Ihr Browser durch st.rende automatisch wiedergegebene Videos verlangsamt?",.. CONTENT_FIRST: "Surfen Sie schneller mit {0}. Wir stoppen die automatische Wiedergabe von Videos, die Ihren Webbrowser verlangsamen.",.. TITLE_SECOND: "Letzte Nachfrage: M.chten Sie die automatische Wiedergabe von Videos stoppen?",.. CONTENT_SECOND: "{0} stoppt die automatische Wiedergabe von Videos, die Ihren Webbrowser verlangsamen. Falls Sie nicht an Web Boost interessiert sind, fragen wir nicht mehr nach.",.. NO_THANKS: "Nein danke",.. YES_GET_IT: "Web Boost herunterladen",.. LICENSE: "Lizenzvertrag",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Datenschutzhinweise",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Durch Klicken auf {0} stimmen Sie Folgendem z

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1666
                                                                                                                                                                                                                                                  Entropy (8bit):5.276007230044297
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPcdh0GeuxX+8PFGIPg+c8NS0I5mmiKfQOQryfRXCWkHW3uUIOM4ckS1:Pah0G1+8NHc8mv46fIWkHW3uUIScky
                                                                                                                                                                                                                                                  MD5:750F6354F3C1DAAC685A13A2BBCAC0B7
                                                                                                                                                                                                                                                  SHA1:0471C8CA5222DF85D04FF4C94957DC2A18D43D13
                                                                                                                                                                                                                                                  SHA-256:FA9C971A81F8BD3695119C0D9172B79C8D1F37F3549422CC96025A8F8129058A
                                                                                                                                                                                                                                                  SHA-512:649A64C9A72BFA316C3E71CE8315E759639FCA9735DDE910D9C67F26D29D5FA06E40DD3B42C527B7198C8439148036778E302285825741DD51FE2CB6637FB0EE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "......... .. {0}",.. BANNER_RIGHT_TEXT: ".......... ..........",.. TITLE_FIRST: "........... . .......... ........ ........... ...... ... .............. ...;",.. CONTENT_FIRST: "............ ........... .. .. {0}. .. ........... ... ........ ........... ...... ... ........... ... ......... ....",.. TITLE_SECOND: ".......... .......: ...... .. ......... ... ........ ........... ......;",.. CONTENT_SECOND: ".. {0} ......... ... ........ ........... ...... ... ........... ... ......... .... .. ... ... .......... .. .............

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1000
                                                                                                                                                                                                                                                  Entropy (8bit):5.56075824951649
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPSdHKCjkAyNRtOzeWaAb5LOze8WRSonGfQX0CWP9A91C9uNhzu:P0/nyNRtlWhb5Ll8W2fQJWPu91EwS
                                                                                                                                                                                                                                                  MD5:64583F0ABA7A4186E415D77218B7E672
                                                                                                                                                                                                                                                  SHA1:28CB70402C9F58D0C1326A81CACF7A590ACDF150
                                                                                                                                                                                                                                                  SHA-256:1FFA0B8D9DFAC39AD0E45D79FEC0BFD16C77185DAB792A906F88AD39FA0605B9
                                                                                                                                                                                                                                                  SHA-512:08B8C6CAF3305DEA24B3FE1E8BF52EAD2161BB2445AF5D7ED7674530AD7D0ABE74A91F92DD25AB58429D8ADDF999193E419C0402C4747E4D996BD90A6F1019FF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Get {0}",.. BANNER_RIGHT_TEXT: "Speed up browsing",.. TITLE_FIRST: "Annoying auto-playing videos slowing you down?",.. CONTENT_FIRST: "Browse faster with {0}. We'll stop videos from auto-playing and slowing down your browsing.",.. TITLE_SECOND: "Checking one last time--want to stop auto-playing videos?",.. CONTENT_SECOND: "{0} stops videos from auto-playing and slowing down your browsing. If you're not interested in Web Boost, we won't ask again.",.. NO_THANKS: "No, thanks",.. YES_GET_IT: "Get Web Boost",.. LICENSE: "License Agreement",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Privacy Notice",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "By clicking {0}, you agree to our {1} and {2}."..}..//4720748BE27465304240FDBD315F2AAE6A7A79C5EE1211FA36CD7AB9BA8916B06BA6027F9DA702C2AD7805617C166B89D36A1B58D5D2A3B46BC73859E9F0EDD1++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1169
                                                                                                                                                                                                                                                  Entropy (8bit):5.504340578436135
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPDV7dKPMce+abJtZ5hZUsMNei5hZGSHGNf9gnW+l5ww8:PJRCMceXbJrnAeingfGWWww8
                                                                                                                                                                                                                                                  MD5:4E2EBF3C90B102D9AFD14F0245DABC5C
                                                                                                                                                                                                                                                  SHA1:81064E6F4F70F4DC40920F8EF6636F0AFC1120F8
                                                                                                                                                                                                                                                  SHA-256:785B165B34601A7D239BD554770BAF0B7AC050D5D665C5258056E946575DAE83
                                                                                                                                                                                                                                                  SHA-512:068F3D29D2FE998D536ED9B8B2221D1D6E016F0EFB63C56FDE2721469E4EE12E7AD76CC0858C80085758BFA0401E83B09CF1ABE96844A03A8EB53CB8D0E87416
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtener {0}",.. BANNER_RIGHT_TEXT: "Acelerar navegaci.n",.. TITLE_FIRST: ".Los molestos v.deos de reproducci.n autom.tica entorpecen su trabajo?",.. CONTENT_FIRST: "Navegue m.s r.pido con {0}. Impediremos que los v.deos se reproduzcan autom.ticamente y ralenticen su navegaci.n por Internet.",.. TITLE_SECOND: "Se lo preguntamos por .ltima vez: .Desea detener la reproducci.n autom.tica de v.deos?",.. CONTENT_SECOND: "{0} impide que los v.deos se reproduzcan autom.ticamente y ralenticen su navegaci.n por Internet. Si no est. interesado en Web Boost, no volveremos a preguntar.",.. NO_THANKS: "No, gracias",.. YES_GET_IT: "Obtener Web Boost",.. LICENSE: "Acuerdo de licencia",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Al hacer clic en {0}, ac

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1126
                                                                                                                                                                                                                                                  Entropy (8bit):5.509097532884307
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPydhtceEumJUqeJmyUe8EFXjeseZqSHGNf9gnW+l5wOrlAv2:PUhtceEumJUqePUeVtjes5fGWWw4O2
                                                                                                                                                                                                                                                  MD5:653FA3D4DB0656089D8EE55D413CB59E
                                                                                                                                                                                                                                                  SHA1:C61B475CF2E096DF6FC88059AB001BFCB9735365
                                                                                                                                                                                                                                                  SHA-256:4041E229FEC34DB623A3A789400712CE248EC88188BF0CC468CB82DC4AC4B30E
                                                                                                                                                                                                                                                  SHA-512:F94F389A8F87CAD019C3BDB60D8CF35B7EFCF4CC3065E937FE95FEC1F8E543AE48B5B869601EDBA1BA6EB1E38312E6452B43E7E5B446CDC6E4C6D6A3D1ED27E9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenga {0}",.. BANNER_RIGHT_TEXT: "Acelere la navegaci.n",.. TITLE_FIRST: ".Los molestos videos de reproducci.n autom.tica lo ralentizan?",.. CONTENT_FIRST: "Navegue m.s r.pido con {0}. Detenga la reproducci.n autom.tica de videos que hacen m.s lenta su navegaci.n por la web.",.. TITLE_SECOND: "Su .ltima oportunidad: .desea detener la reproducci.n autom.tica de videos?",.. CONTENT_SECOND: "{0}detiene la reproducci.n autom.tica de videos que ralentizan su navegaci.n por la web. Si no est. interesado en Web Boost, no volveremos a preguntar.",.. NO_THANKS: "No, gracias",.. YES_GET_IT: "Obtener Web Boost",.. LICENSE: "Acuerdo de licencia",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Al hacer clic en {0}, acepta nuestro {1} y {2}."..}..//6865

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1104
                                                                                                                                                                                                                                                  Entropy (8bit):5.521656371165339
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPNdI11Y5jxKjrdTcv+qjYbKjrdT7vVa6EafIWd+H1g29Tqd:Pnc65jxKjJAfEbKjJPgafIWoVg2li
                                                                                                                                                                                                                                                  MD5:7774BF229837F1B9B7BF1D8735BE1714
                                                                                                                                                                                                                                                  SHA1:F405A7A0329642844EADCF17A42C57B2B34130A1
                                                                                                                                                                                                                                                  SHA-256:83D4E504D43FD0B2C10582E000E7246F9E250CF8CBC9F6C3C874938825029E04
                                                                                                                                                                                                                                                  SHA-512:9578CBBEF03CEBBE7DEC6BF9B3B406E221B8596C90DAE554488524E9A09A0DB5BA0720ECF10DF2965A0E2F25660842C49A86314636A68171F27CDD3336E96C25
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Hanki {0}",.. BANNER_RIGHT_TEXT: "Nopeuta selailua",.. TITLE_FIRST: "Hidastavatko .rsytt.v.t automaattisesti k.ynnistyv.t videot menoasi?",.. CONTENT_FIRST: "{0} nopeuttaa selailua. Est. videoita k.ynnistym.st. automaattisesti ja hidastamasta selailuasi.",.. TITLE_SECOND: "Tarkistetaan viel. kerran . haluatko est.. automaattisesti k.ynnistyv.t videot?",.. CONTENT_SECOND: "{0} est.. videoita k.ynnistym.st. automaattisesti ja hidastamasta selailuasi. Jollet ole kiinnostunut Web Boostista, emme kysy asiasta uudelleen.",.. NO_THANKS: "Ei kiitos",.. YES_GET_IT: "Hanki Web Boost",.. LICENSE: "K.ytt.oikeussopimus",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Tietosuojaseloste",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Kun napsautat {0}, hyv.ksyt seuraavat: {1} ja {2}."..}..//2A309CCE73146E96FB63676D6B

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1197
                                                                                                                                                                                                                                                  Entropy (8bit):5.4715773971999635
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPFd4FWZ8+GS85J9gUPIk6J9gU1qqKGfvW//aM6+pTI9HG:Pv4gZ8+GSYJmFJmsfvW1VTIU
                                                                                                                                                                                                                                                  MD5:8E9C2CCDFB4A03F5521258D4DAD10A44
                                                                                                                                                                                                                                                  SHA1:3DA1F19EBCAEAE171ED02143943898C613D6B016
                                                                                                                                                                                                                                                  SHA-256:58E2C4AF21F2AECEF37F3787BD0FBDF9346601634802B617CCF1C9FA98BA5342
                                                                                                                                                                                                                                                  SHA-512:3BBF2BB2BC7A2D3F76C7A2EF8722D5D683C43D751F31AD74E1431375E7561700118E876DAF5C0A86ED024A404DFFDFAFA2976318BA5DBD39396680562673281E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenir {0}",.. BANNER_RIGHT_TEXT: "Acc.l.rer la navigation",.. TITLE_FIRST: "Votre navigation est-elle ralentie par la lecture automatique de vid.os?",.. CONTENT_FIRST: "Navigation plus rapide avec {0}. Nous bloquerons la lecture automatique des vid.os pour .viter un ralentissement de la navigation.",.. TITLE_SECOND: "Nous vous le demandons un derni.re fois.: souhaitez-vous bloquer la lecture automatique des vid.os?",.. CONTENT_SECOND: "{0} bloque la lecture automatique des vid.os pour .viter un ralentissement de la navigation. Nous ne vous sugg.rerons plus Web Boost si vous n'est pas int.ress..",.. NO_THANKS: "Non merci",.. YES_GET_IT: "Obtenir Web.Boost",.. LICENSE: "Contrat de licence",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Avis de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "En

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1198
                                                                                                                                                                                                                                                  Entropy (8bit):5.516846127697029
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPFd4n2vFhChN8zp42hBWxH+3wjq4CfjdW/kXT8n:Pv4n2vbCN8V5ohCfhWZ
                                                                                                                                                                                                                                                  MD5:5AB999C61567AF63D8B300CB8F4AD48C
                                                                                                                                                                                                                                                  SHA1:575CD8D48E6D0E8E47EF0F078B6ADDEE2499AF90
                                                                                                                                                                                                                                                  SHA-256:6D862BC51900C77742443CB50C960F713F070ED23BE2267AEDBCDC763E800EA3
                                                                                                                                                                                                                                                  SHA-512:DF151B291401FD228B2F63248556BF2AE1E1E6BDC914E39AA1390098DD0A146F597A935CF3A11CEE37F3474AEF9CEB439F122FE41CE008B7F3097A744A676725
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenir {0}",.. BANNER_RIGHT_TEXT: "Acc.l.rer la navigation",.. TITLE_FIRST: "La lecture automatique des vid.os ralentit votre navigation.?",.. CONTENT_FIRST: "Naviguez plus rapidement gr.ce . {0}. Nous emp.cherons la lecture automatique des vid.os afin qu'elles ne ralentissent pas votre navigation.",.. TITLE_SECOND: "Derni.re v.rification.: vous souhaitez bloquer la lecture automatique des vid.os.?",.. CONTENT_SECOND: "{0} emp.che la lecture automatique des vid.os afin qu'elles ne ralentissent pas votre navigation. Si vous n'.tes pas int.ress. par Web Boost, nous ne vous demanderons plus.",.. NO_THANKS: "Non, merci",.. YES_GET_IT: "Obtenir Web Boost",.. LICENSE: "Accord de licence",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "D.claration de confidentialit.",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG:

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1126
                                                                                                                                                                                                                                                  Entropy (8bit):5.5929737504614705
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPuddK6oPnF2h0fPnFvydoZSfgBoW7ZFb8unoVcD:PAoJmyh6fgBoW7ZBBn6cD
                                                                                                                                                                                                                                                  MD5:D000EC780C028620DF149E57E85B4B96
                                                                                                                                                                                                                                                  SHA1:FFA1AF0ED8D23282E734E2B61E8A5DC5E39830E2
                                                                                                                                                                                                                                                  SHA-256:7478901B7DB0D175E9803B9CBC8F0B9BC6BDE51CF18F89D45C359B1E7863DB5F
                                                                                                                                                                                                                                                  SHA-512:392CA51D2F7A575341CDD32F26C352AD59EB5E3A2C9809291371F61DEC7FB8ED8E2EDC43AC292DAD42E6306E68BD3AA9F977735D8F440C24C5BB0401C73040BE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Nabavite {0}",.. BANNER_RIGHT_TEXT: "Ubrzaj pregledavanje interneta",.. TITLE_FIRST: "Uznemiruju.e auto-igranje videozapisa koji vas usporavaju?",.. CONTENT_FIRST: "Br.e pretra.ujte pomo.u {0}. Sprije.ite automatsko reproduciranje videozapisa i usporavanje va.eg pregledavanja interneta.",.. TITLE_SECOND: "Najnovija provjera - .elite zaustaviti reprodukciju videozapisa?",.. CONTENT_SECOND: "{0} sprije.ite automatsko reproduciranje videozapisa i usporavanje va.eg pregledavanja interneta. Ako vas ne zanima Web Boost, ne.emo vi.e pitati.",.. NO_THANKS: "Ne, hvala",.. YES_GET_IT: "Nabavite Web Boost",.. LICENSE: "Licencni ugovor",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Obavijest o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Klikom na gumb {0} u nastavku prihva.ate sporazum {1} i {2}."..}..//60E0

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1214
                                                                                                                                                                                                                                                  Entropy (8bit):5.686044216902248
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPUXeUzUbI0mSCkFThSCfHPMDy7n7fn6ocWPNyUhSJGC15:P6Ub06f6ocW1ycC15
                                                                                                                                                                                                                                                  MD5:F04C3F700B1D9A618945BF197A592F94
                                                                                                                                                                                                                                                  SHA1:8351E7E24C5287D36E604DAC386485A8A0AD8006
                                                                                                                                                                                                                                                  SHA-256:83990FF4B3FD6A14475E16288AEAA1BA412ACE77312D1E6357091F37DF863936
                                                                                                                                                                                                                                                  SHA-512:41E48C90A4D7795B6D6FD425E2B2E6C9E37CECA9A034ADFC3BC2F3E3DF2EE9ECD712EA3841B7B29BCDA750FF83CA7C1A1D8F654340CEC330B139201D6355A2B3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "A {0} let.lt.se",.. BANNER_RIGHT_TEXT: "B.ng.sz.s felgyors.t.sa",.. TITLE_FIRST: "Bosszant., automatikusan elindul. vide.k lass.tj.k munk.j.t?",.. CONTENT_FIRST: "B.ng.sszen gyorsabban a {0} seg.ts.g.vel. Megakad.lyozzuk a vide.k automatikus lej.tsz.s.t, ami lelass.tja a b.ng.sz.st.",.. TITLE_SECOND: "M.g egyszer megk.rdezz.k: meg szeretn. akad.lyozni a vide.k automatikus lej.tsz.s.t?",.. CONTENT_SECOND: "A {0} megakad.lyozza a vide.k automatikus lej.tsz.s.t, ami lelass.tja a b.ng.sz.st. Ha nem .rdekli .nt a Web Boost, akkor nem k.rdezz.k meg .jra.",.. NO_THANKS: "K.sz.n.m, nem",.. YES_GET_IT: "A Web Boost let.lt.se",.. LICENSE: "Licencmeg.llapod.s",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Adatv.delmi k.zlem.ny",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1108
                                                                                                                                                                                                                                                  Entropy (8bit):5.445177805596594
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPMd7T0JakK38gx/SS11ZuBWMfjkWFt8K3/oGhb9:PKX0Jah37yWMfjkWFyK3/vhb9
                                                                                                                                                                                                                                                  MD5:96F813E0388159704675245E019001A9
                                                                                                                                                                                                                                                  SHA1:67DCC82E84E8D9D76579321637F11E8A3D501F22
                                                                                                                                                                                                                                                  SHA-256:675A9FBCA2B4FED8AC9C52403C833626F232FAB3B5A51ADAABD9A1008F2C1663
                                                                                                                                                                                                                                                  SHA-512:2108451E99086CA1F383417A35F525BCDB36C594166665CF0FC9AEF04B823F623506E092DFF1846FFF66B0D2AAF007DCD8D05323B06DF28F15E5EF784800AC2D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Ottieni {0}",.. BANNER_RIGHT_TEXT: "Accelera la navigazione",.. TITLE_FIRST: "I fastidiosi video che si riproducono automaticamente ti rallentano?",.. CONTENT_FIRST: "Naviga pi. velocemente con {0}. Bloccheremo la riproduzione automatica dei video che ti rallentano la navigazione sul Web.",.. TITLE_SECOND: "Ultima verifica: vuoi bloccare la riproduzione automatica dei video?",.. CONTENT_SECOND: "{0} blocca la riproduzione automatica dei video che rallentano la navigazione sul Web. Se Web Boost non ti interessa, non te lo chiederemo pi..",.. NO_THANKS: "No, grazie",.. YES_GET_IT: "Ottieni Web Boost",.. LICENSE: "Contratto di licenza",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Notifica sulla privacy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Facendo clic su {0}, accetti il {1} e la {2}."..}..//22509397807425AFADDB89

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1276
                                                                                                                                                                                                                                                  Entropy (8bit):6.005430500861147
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cl/yRv8dFdqOdsgWOep2Ht+LRvcsvifh2AWtufn7ThXgwkIG:VyRv4dqqspnDRvbifwAWtsPJgwkj
                                                                                                                                                                                                                                                  MD5:FB76FC02B19FB66CEA9BAC64C588FA14
                                                                                                                                                                                                                                                  SHA1:B045AE1E35EDA30B7C5BC342C92DBF1EF974D7BD
                                                                                                                                                                                                                                                  SHA-256:4591276FC32E0938D15E718FEDD49A5402A20001E1633DB642E49D43A4540EA1
                                                                                                                                                                                                                                                  SHA-512:BDAE9375030813135A62F71EE81CE740BA771769A1E978C5B8E5C1DBD6B434BF69CBE2349E29682478BDCC0F56DDE99F50C0713743065F75383A1A7182DF232A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: ".....&reg; .......",.. BANNER_LEFT_TEXT: "{0} .....",.. BANNER_RIGHT_TEXT: ".........",.. TITLE_FIRST: ".......................",.. CONTENT_FIRST: "{0} ......... ...............................",.. TITLE_SECOND: "...........................",.. CONTENT_SECOND: "{0} ................................. ................................",.. NO_THANKS: "...",.. YES_GET_IT: "............",.. LICENSE: "......",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "........",.. PRIVACY_URL: "http

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1251
                                                                                                                                                                                                                                                  Entropy (8bit):6.065152294905446
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cxJLqkS5WCtU2htU6iiZTjfbWIYlgkYJtu:rlKi0fbWIYOkiu
                                                                                                                                                                                                                                                  MD5:01D7894C4F0A7D0A486FAADBBEF53BF3
                                                                                                                                                                                                                                                  SHA1:6BCF3F14EE8DF64BB31B6C907D7E88D1D873EAAD
                                                                                                                                                                                                                                                  SHA-256:DEE5AD1000D1CB76839D865FADEEDDA30479A0E84B33584983500475A3F22FAF
                                                                                                                                                                                                                                                  SHA-512:7656A7F7717DC258E33CB7CE84B5CCFB373CD8078497DC45551E66DF992CFB0A7B4F7BE071432293FAFE0494305EFF70F65F82F7B340F936BF818B27FDE08B33
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; . .. ..",.. BANNER_LEFT_TEXT: "{0} ..",.. BANNER_RIGHT_TEXT: ".. .. ..",.. TITLE_FIRST: "... ... .. .... .. .. ... .....?",.. CONTENT_FIRST: "{0}.(.) ... .. ... ........ .... .. .... .. .. ... .... .....",.. TITLE_SECOND: "..... ........ ... .. ... .......?",.. CONTENT_SECOND: "{0}.(.) .... .... .. .... .. .. ... .... ..... . .. ... ... ..... .. .. ......",.. NO_THANKS: "...",.. YES_GET_IT: ". .. .. ..",.. LICENSE: ".... ..",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: ".. .. ....",.. PRIVACY_URL: "https://www.mcafee

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1112
                                                                                                                                                                                                                                                  Entropy (8bit):5.496690529097096
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPymdI+c1iPRRj+7+yR+2nr4rtR++Moj+wnMfQwsHWpx4ZOX:Pyoqg5QJ/etrMojMfQPWX
                                                                                                                                                                                                                                                  MD5:ED82B8B0815D33E2078D05A64EED3AEA
                                                                                                                                                                                                                                                  SHA1:92C3E5E055B8C4F73A0C1884975E8E984CEBBB7F
                                                                                                                                                                                                                                                  SHA-256:EBAF5162874B119EA995F85EB41BD0220F39ABEEFED3EB3D15864D60E01AC7C4
                                                                                                                                                                                                                                                  SHA-512:7C46259AE5060CC6DC56B28ED7B004884B7753CE7BC3147E805BAD11A13191B058A8712D8B6E31B0675FB60FCB826D2B2CC579C3C6669830C946D445A04A24E1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "F. tak i {0}",.. BANNER_RIGHT_TEXT: "F. opp farten p. nettsurfingen",.. TITLE_FIRST: "Sinkes du av irriterende automatisk avspilling av videoer?",.. CONTENT_FIRST: "F. raskere nettsurfingen med {0}. Vi stopper videoer som spilles av automatisk, slik at de ikke sinker nettsurfingen din.",.. TITLE_SECOND: "Siste sjanse . vil du stoppe automatisk avspilling av videoer?",.. CONTENT_SECOND: "{0} stopper automatisk avspilling av videoer, slik at de ikke sinker nettsurfingen din. Hvis du ikke er interessert i Web Boost, vil vi ikke sp.rre deg igjen.",.. NO_THANKS: "Nei takk",.. YES_GET_IT: "F. tak i Web Boost",.. LICENSE: "Lisensavtale",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Personvernmerknad",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "N.r du klikker p. {0}, godtar du v.r {1} og {2}."..}..//496264484E8BED8A84

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1206
                                                                                                                                                                                                                                                  Entropy (8bit):5.443359066757402
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPMdeWjkB8UjFpXIMtRBviSqLwz4tRBviV3rEFihdEMtB2pQXbEnWtB221G+p99:PKeWniFpYMtz1qDtzsr7djPuQQWPxGwj
                                                                                                                                                                                                                                                  MD5:E2110B836D9B395F21EAF5A193846F1D
                                                                                                                                                                                                                                                  SHA1:C8734B326942C1D16998261CFEA22D7E9931EE71
                                                                                                                                                                                                                                                  SHA-256:877265F05C7E6ACB0CAF6EE86C831329F3357A1C5440EAF192A35755B7D6BE24
                                                                                                                                                                                                                                                  SHA-512:F41B3B8701D113049ADFC23792CDB0DB9CC350B7F77D4483762C7521089B5D91F74BCC779D1F63E1553328EA9F824BA01B6187265EEE9D3AD78FE54F8EC8E91E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Download {0}",.. BANNER_RIGHT_TEXT: "Internetactiviteiten versnellen",.. TITLE_FIRST: "Trage prestaties door irritante video's die automatisch worden afgespeeld?",.. CONTENT_FIRST: "Sneller internetten met {0}. Wij voorkomen dat video's automatisch worden afgespeeld en uw internetactiviteiten vertragen.",.. TITLE_SECOND: "Weet u zeker dat u automatisch afspelen van video's wilt stoppen?",.. CONTENT_SECOND: "{0} voorkomt dat video's automatisch worden afgespeeld en uw internetactiviteiten vertragen. Als u geen interesse hebt in Web Boost, vragen we het niet meer.",.. NO_THANKS: "Nee, geen interesse",.. YES_GET_IT: "Web Boost downloaden",.. LICENSE: "Licentieovereenkomst",.. LICENSE_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. PRIVACY: "Privacyverklaring",.. PRIVACY_URL: "https://www.mcafee.com/consumer/nl-nl/policy/legal.html",.. AGREEM

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1217
                                                                                                                                                                                                                                                  Entropy (8bit):5.6700805556738585
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPGdrelNj+8d2gQwYsklKGoTE3abMfXMGGnWjM/z9eWlrERhH:PIrevjvd2gRcljfmWjteAH
                                                                                                                                                                                                                                                  MD5:4AA248F4DBA9B7E937ED2DC6AE67D2C9
                                                                                                                                                                                                                                                  SHA1:BADE0083A61CBAFDD4F3AA9C36629C090AD1A91B
                                                                                                                                                                                                                                                  SHA-256:2AE4B9F55E29D26760929871A092AE41FB15A5C75E13022628946F2E8AB4783D
                                                                                                                                                                                                                                                  SHA-512:CC60547BD2AB94F47B2E81DBEB076A32AFFEA3FB5D11A39AB2AF387D5E060AEEB216C68BF7DC865C5E5107BF5DFBB3460D9893FBAA021D9282A72FA94541A85F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Pobierz produkt {0}",.. BANNER_RIGHT_TEXT: "Przyspiesz przegl.danie Internetu",.. TITLE_FIRST: "Irytuj.ce automatycznie odtwarzane filmy spowalniaj. Ci prac.?",.. CONTENT_FIRST: "Szybciej przegl.daj Internet dzi.ki programowi {0}. Powstrzymamy automatyczne odtwarzanie film.w, kt.re spowalnia przegl.danie sieci.",.. TITLE_SECOND: "Sprawdzamy po raz ostatni . chcesz powstrzyma. filmy przed automatycznym odtwarzaniem?",.. CONTENT_SECOND: "Program {0} powstrzymuje automatyczne odtwarzanie film.w, kt.re spowalnia przegl.danie sieci. Je.li nie interesuje Ci. program Web Boost, nie spytamy ponownie.",.. NO_THANKS: "Nie, dzi.kuj..",.. YES_GET_IT: "Pobierz program Web Boost",.. LICENSE: "Umowa licencyjna",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Informacje o ochronie prywatno.ci",.. PRIVACY_URL: "https://www.mcafee.com/legal",..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1162
                                                                                                                                                                                                                                                  Entropy (8bit):5.5107078162206635
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cP4djLetDhf8CL369L3yM03Byf9HWfOBIolfBLD:PmjLifLq9LCMhfBWGBIollD
                                                                                                                                                                                                                                                  MD5:887A302F32B6C5833304E3DCF8CACBD9
                                                                                                                                                                                                                                                  SHA1:C6BAB3BBDB718BBA28439D942059ACE2F698FAC6
                                                                                                                                                                                                                                                  SHA-256:819990A8D3616CD8E75C4113DC58AFD3F63A9B1964C9BFF71410A15E9336178C
                                                                                                                                                                                                                                                  SHA-512:D12E5F9F3E16EA4CCCD3513406FDA71806934653AB48149C5C769A44B449F036D2E1596B3EA1D252418812600AEE9B4E1C883E90B2AD4C9D8AE7D248096A81F9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obtenha o {0}",.. BANNER_RIGHT_TEXT: "Acelere a sua navega..o",.. TITLE_FIRST: "O v.deos irritantes de reprodu..o autom.tica est.o atrapalhando voc.?",.. CONTENT_FIRST: "Navegue mais rapidamente com {0}. Interromperemos v.deos de reprodu..o autom.tica que desaceleram sua navega..o.",.. TITLE_SECOND: "Conferindo uma .ltima vez. Deseja interromper a reprodu..o autom.tica de v.deos?",.. CONTENT_SECOND: "{0} interrompe v.deos de reprodu..o autom.tica que desaceleram sua navega..o. Se n.o estiver interessado no Web Boost, n.o perguntaremos novamente.",.. NO_THANKS: "N.o, obrigado",.. YES_GET_IT: "Obtenha o Web Boost",.. LICENSE: "Contrato de Licen.a",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Ao clicar em {0}, voc. concorda com

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1147
                                                                                                                                                                                                                                                  Entropy (8bit):5.5124495727770295
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6dJkfeI3duQBCXV9j8/TfYGCAVXAxuQ3oKtcnEheASulWZhHjDkE6pRY8gHwGbq4:6cP3dWF+fYGGxf5SQ03x6Sf9HW3Xmfk2
                                                                                                                                                                                                                                                  MD5:DF620B4314E93736FF7C71147BCE037A
                                                                                                                                                                                                                                                  SHA1:243692569F8B832F918AC5006261D5572DD2B7C0
                                                                                                                                                                                                                                                  SHA-256:65B5BF52B5491DC090F026A0323CEBB0B05D048FE85AB6B6EEE84BBDCE59CB69
                                                                                                                                                                                                                                                  SHA-512:B23BC4D7E38985A271FB18FF4727D32654E7C8C9555B907998F75478F9D1030B390F246B8B0421F39EC0FA73C99074A7E32E95373EB9798F8AC44809B7EBFBDC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Obter o {0}",.. BANNER_RIGHT_TEXT: "Otimizar navega..o",.. TITLE_FIRST: "A reprodu..o autom.tica de v.deos . inc.moda e atrasa o seu trabalho?",.. CONTENT_FIRST: "Navegue mais rapidamente com o {0}. Impediremos a reprodu..o autom.tica de v.deos que reduz o desempenho da navega..o.",.. TITLE_SECOND: "Vamos confirmar mais uma vez, pretende impedir a reprodu..o autom.tica de v.deos?",.. CONTENT_SECOND: "O {0} impede a reprodu..o autom.tica de v.deos que reduz o desempenho da navega..o. Se n.o est. interessado no Web Boost, n.o perguntaremos novamente.",.. NO_THANKS: "N.o, obrigado",.. YES_GET_IT: "Obter o Web Boost",.. LICENSE: "Contrato de licen.a",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Aviso de privacidade",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Ao clicar em {0}, aceita o nosso {1}

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1673
                                                                                                                                                                                                                                                  Entropy (8bit):5.253020883068515
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPMd9+PJr6H30J3vlfL4qR30NZHxsVyY3DM30NZH6Xho4qs35sngONfQrWWFw0B:PKgN6a39f9+sVX0Rws35BONfQrWWFLM0
                                                                                                                                                                                                                                                  MD5:5DD3091205864CC054B2BED7AAC0C4FB
                                                                                                                                                                                                                                                  SHA1:515AF5F30D759F6A499358188B3A6215DC3BFABA
                                                                                                                                                                                                                                                  SHA-256:245289AC6A8466C5CEDD37475851622EFF28D4E4A9BD0475B09B9628ACD2F0B3
                                                                                                                                                                                                                                                  SHA-512:8E57FBD23DFE6AFEC389FC89C9202BD36DBE7FF0ACFAF30A81183633D7A43825EC2075627B8B85DD9E1639925507598AA836BCC05F90C997B8D450D045A18897
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "........ {0}",.. BANNER_RIGHT_TEXT: "........ ........ ........ ...-......",.. TITLE_FIRST: ".......... .............. ............ ..... ...... ........?",.. CONTENT_FIRST: ".............. ...-........ ....... . ....... {0}. .. ........... .............. ............ ............, ..... ........ ........ ...-.......",.. TITLE_SECOND: "........ ....... .......... ............... ............ .....?",.. CONTENT_SECOND: "{0} ......... .............. ............ ............, ..... ........ ........ ...-....... .... ... .. .

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1171
                                                                                                                                                                                                                                                  Entropy (8bit):5.761957648272607
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPGd2mcJsq8vMi8zJ0+46fQXwWjelzfhthovQo:PINesPtKFfQAWjwzjhmd
                                                                                                                                                                                                                                                  MD5:558DE1A054602D76385CFBD74DB161F4
                                                                                                                                                                                                                                                  SHA1:9052C94BF3728E795E9B357C0AA536E271CAFD0B
                                                                                                                                                                                                                                                  SHA-256:6E1029A70C282EB6878477EA62417609947C9E4FD59CAF5CD5976F697DB21FB9
                                                                                                                                                                                                                                                  SHA-512:EDBF31E8755EE5D4BAAA157C3DB387779E78EB587479C1324C071D9D06C279C09B3A52B444FCDBBE662BD3BEC841DF119983383314CC97AB054F0DFC4D7514E8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Z.ska. produkt {0}",.. BANNER_RIGHT_TEXT: "Ur.chli. prehliadanie",.. TITLE_FIRST: "Spoma.uje v.s otravn. automatick. prehr.vanie vide.?",.. CONTENT_FIRST: "Surfujte r.chlej.ie s {0}. Zastav.me automatick. prehr.vanie vide., ktor. v.s zbyto.ne spoma.uje.",.. TITLE_SECOND: "Naposledy sa p.tame: Chcete sa zbavi. otravn.ho automatick.ho prehr.vania vide.?",.. CONTENT_SECOND: "{0} zastav. otravn. automatick. prehr.vanie vide., ktor. v.s brzd.. Ak nem.te z.ujem o Web Boost, nebudeme sa op.ta. znova.",.. NO_THANKS: "Nie, .akujem",.. YES_GET_IT: "Z.ska. Web Boost",.. LICENSE: "Licen.n. zmluva",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Prehl.senie o pou..van. osobn.ch .dajov",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Kliknut.m na tla.idlo {0} ni..ie vyjadrujete s.hlas s

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1112
                                                                                                                                                                                                                                                  Entropy (8bit):5.570641306627158
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPud3hBmY2dFwHPhtDmY2dFWoZ1fjjWxOxwzQ:PA3hBmY243mY2HfPWxOaU
                                                                                                                                                                                                                                                  MD5:20B2EEA989F913978CB658F552C77CF0
                                                                                                                                                                                                                                                  SHA1:A18E6054BB1B11B1CFC5461E22E69DBF112C7CC0
                                                                                                                                                                                                                                                  SHA-256:74185F6279166C70E47A5B0E2C5F53E39364F916028296CCC30AA98D8349B915
                                                                                                                                                                                                                                                  SHA-512:7F232B59898334536C2B07E2ABABDC2908868C2873CA0D28407A4AFCB254637D8F66C3D60D19F36386E0BFBC262D9A2564C55818CC6E7715CE2530D2EAF49F12
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "Nabavite {0}",.. BANNER_RIGHT_TEXT: "Ubrzaj pregledavanje interneta",.. TITLE_FIRST: "Uznemiravajuc.e auto-video snimke koje vas usporavaju?",.. CONTENT_FIRST: "Brzo pretra.ite {0}. Spre.ite automatsku reprodukciju videa i usporavanje va.eg pregledavanja interneta.",.. TITLE_SECOND: "Proveravate li poslednji put - .elite da zaustavite automatsko reprodukovanje video zapisa?",.. CONTENT_SECOND: "{0} spre.ite automatsku reprodukciju videa i usporavanje va.eg pregledavanja interneta. Ako vas ne zanima Web Boost, nec.emo ponovo da vas pitamo.",.. NO_THANKS: "Ne, hvala",.. YES_GET_IT: "Nabavite Web Boost",.. LICENSE: "Ugovor o licenciranju",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Obave.tenje o privatnosti",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Klikom na {0}, prihvatate {1} i {2}."..}..//04AE79C9BE25E98BB4

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1116
                                                                                                                                                                                                                                                  Entropy (8bit):5.608523955833537
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPYodlhp2AtRW5Tm0XECCyK45Tam0XEEHh6qrTojI/HfMXGWNI5WmKO+bO:PYWXYAbWRmsEkTamsEEBbHYIffRWqpKQ
                                                                                                                                                                                                                                                  MD5:29C1808A36FAB01F0A16BB89052E4603
                                                                                                                                                                                                                                                  SHA1:C0602D3A5F476076300BEE133A012A9AA98A51CA
                                                                                                                                                                                                                                                  SHA-256:3215360E7DCE6F598F5EDEF1BC6A2088715689683400E955A7C776C8DA85693D
                                                                                                                                                                                                                                                  SHA-512:C71001668BF21DC36CF88FA68BE8BED8B214A6F45BE7C3418A578D58A0A39711FF1F29EF7FFE0DEB1CC060D5E6ED163E0F856D1B7B78535017AFA9B275A5A8FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "H.mta {0}",.. BANNER_RIGHT_TEXT: ".ka hastigheten p. surfandet",.. TITLE_FIRST: ".r datorn l.ngsam p. grund av st.rande automatiska videoklipp?",.. CONTENT_FIRST: "Bl.ddra snabbare med {0}. Vi stoppar videoklipp fr.n att spelas automatiskt och sakta ner ditt webbsurfande.",.. TITLE_SECOND: "Vi fr.gar f.r sista g.ngen . vill du stoppa automatisk uppspelning av videoklipp?",.. CONTENT_SECOND: "{0} f.rhindrar videoklipp fr.n att spelas automatiskt och sakta ner ditt webbsurfande. Vi fr.gar inte igen om du inte .r intresserad av Web Boost.",.. NO_THANKS: "Nej tack",.. YES_GET_IT: "H.mta Web Boost",.. LICENSE: "Licensavtal",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Sekretesspolicy",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "Genom att klicka p. {0} godk.nner du v.rt {1} och {2}."..}..//FAC366FD80549C

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1173
                                                                                                                                                                                                                                                  Entropy (8bit):5.6698292539374044
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cP/XRGHmeqM6+bBNLefXtexcJYOEvKxUew53ksNefXtexcJ6dp7hVE9tClfs2QU:P/XRGHmelbBFevBuv7ew53NevBS1nwOx
                                                                                                                                                                                                                                                  MD5:A47E52695D26A9D44A52C95891C5DAAD
                                                                                                                                                                                                                                                  SHA1:238E7986F01B4CD1EF0007FFDA47982F1F2DDA6A
                                                                                                                                                                                                                                                  SHA-256:8A2BE15BAC94FC4C65F85AB47F1FFE82E1A9FF92E27536BA0E729654134ECA64
                                                                                                                                                                                                                                                  SHA-512:A2AF1912171ACE4B619265DCA28FB0635BD948CE4496654340DBAF9AC30688FFB409DE3D4F4C30E89DFE71EB7B0BE22A7E71799BEA93A0F308DDDC2F3C7299A7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: "{0} Uygulamas.n. Edinin",.. BANNER_RIGHT_TEXT: "Web'de gezinmeyi h.zland.r.n",.. TITLE_FIRST: "Otomatik olarak oynayan can s.k.c. videolar sizi yava.lat.yor mu?",.. CONTENT_FIRST: "{0} ile daha h.zl. g.z at.n. Otomatik olarak oynayan ve web'de gezinmenizi yava.latan videolar. durdururuz.",.. TITLE_SECOND: "Son kez soruyoruz, videolar.n otomatik olarak oynat.lmas.n. .nlemek ister misiniz?",.. CONTENT_SECOND: "{0} otomatik olarak oynayan ve web'de gezinmenizi yava.latan videolar. durdurur. Web Boost'la ilgilenmiyorsan.z tekrar sormayaca..z.",.. NO_THANKS: "Hay.r, te.ekk.rler",.. YES_GET_IT: "Web Boost'u Edinin",.. LICENSE: "Lisans S.zle.mesi",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "Gizlilik Bildirimi",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "{0} d..mesine t.klayarak {1} ve {2} ko.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1062
                                                                                                                                                                                                                                                  Entropy (8bit):6.421114200378586
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cyPdC/0RFVLakZxaoK4K1nfmHWMm3YmSJSyrqs9GZujn:yVC/0VLvLVSf4WMPmMSyz9Hjn
                                                                                                                                                                                                                                                  MD5:635F2A0611035E12DBD5A05796795F56
                                                                                                                                                                                                                                                  SHA1:F0A32248F74D5EBCE6FBA778AEBB373A0754AE53
                                                                                                                                                                                                                                                  SHA-256:B440D737480AECDBCC21AF7D7479CB7604F0DC245CE97F2C009DEF17967E0816
                                                                                                                                                                                                                                                  SHA-512:1AAD70B7ECF4D2342406C1A93E124B0CC1D8AE06FAEAA63D0DCC4858C8F30DA62F6DD5D2A8E2DEA7D378442AF8D1B2A0A89D5AD3D373E877CCE70E0A3A225F4B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "...&reg; Web ..",.. BANNER_LEFT_TEXT: ".. {0}",.. BANNER_RIGHT_TEXT: "......",.. TITLE_FIRST: "....................?",.. CONTENT_FIRST: ".. {0} ........ ........................",.. TITLE_SECOND: "....... - ...........?",.. CONTENT_SECOND: "{0} ...................... .... Web ...............",.. NO_THANKS: "....",.. YES_GET_IT: ".. Web ..",.. LICENSE: "....",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: "....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "...{0}.........{1}...{2}.."..}..//DA967F30A8397D87D36DCF865371223DB42D757877A05E23F893E2F4F82CF12F2293

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1018
                                                                                                                                                                                                                                                  Entropy (8bit):6.3837742402318005
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6cPGdRXudZh7df/9cIDlcFesbfOKU6D8Gfg1WJ9xIKHk:PIBudv5H9cIDMy9opfg1WJzg
                                                                                                                                                                                                                                                  MD5:9E05238B81150CA18CEF8E66BD797CE0
                                                                                                                                                                                                                                                  SHA1:4421AA76C2A28C879E87A9242A6597D62E910297
                                                                                                                                                                                                                                                  SHA-256:CB56CCA7ED6A897A9E261344CECBBFDB5D6F089487D476BF386A3B3AE1135A5A
                                                                                                                                                                                                                                                  SHA-512:F68354A2B07F788E144B5C6EE8A9721FD33A6B72317CFCDBC7BF173622AFE8A82FB51A26029D152EB72CABD87D948E09D829888BE9F36A2710EF68D73125F04C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.var _lrWebBoost_ = {.. MCAFEE_WEB_BOOST: "McAfee&reg; Web Boost",.. BANNER_LEFT_TEXT: ".. {0}",.. BANNER_RIGHT_TEXT: "....",.. TITLE_FIRST: "...............",.. CONTENT_FIRST: "..{0}....... .....................",.. TITLE_SECOND: ".....................",.. CONTENT_SECOND: "{0} .................. ... Web Boost ..............",.. NO_THANKS: "......",.. YES_GET_IT: ".. Web Boost",.. LICENSE: "....",.. LICENSE_URL: "https://www.mcafee.com/legal",.. PRIVACY: ".....",.. PRIVACY_URL: "https://www.mcafee.com/legal",.. AGREEMENT_MSG: "...{0} ......... {1} . {2}."..}..//42C12F96FD2519022C33BDB7AC557CECFF9F9EFF2C6F5652DD1BC4DCC7995D9A6B8931EE4D5DC460A1E45462C6DCDB43541650932759178C

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-cs-CZ.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.255815433151384
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+Acq:+sv+K5+CtTFCqsUz0AUoey+Acq
                                                                                                                                                                                                                                                  MD5:09FE12E7B96C35AB16275AAC9490E159
                                                                                                                                                                                                                                                  SHA1:0A7BF96950CCDDBDE7E96797E26684E8E0944DFE
                                                                                                                                                                                                                                                  SHA-256:B93A8AD83FE4F8C51C5ABE313A28C5CBDB0E7DA2A551419EE7C341871EEF1A0E
                                                                                                                                                                                                                                                  SHA-512:0A21B76054D7C96E3F651AAF414598878F2FC889CA3E7538014A7EC07FD106536136513AC0367321BB9E46A7BDD9D82E9D1A0DF3413FF6FB078E27C53AD9C59B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-da-DK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.258749941419516
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+fmO:+sv+K5+CtTFCqsUz0AUoey+v
                                                                                                                                                                                                                                                  MD5:8D9FE269136A5DF4FFE099F9FE8B4002
                                                                                                                                                                                                                                                  SHA1:F34E58A062622A0D99D16DC2232B98391B07FCDC
                                                                                                                                                                                                                                                  SHA-256:66D643DA365997B123D65F98E68AD2AFF2547B8F25C0D68CC5D6DED8873798EB
                                                                                                                                                                                                                                                  SHA-512:68C3925090228934195645BDDFE0AB7D91EEA63A47540E442A761B775CAC87929203A4056CC1BE2EB88E44B77E54D799EDFC79AF05ED7C839AE332C76D2549B9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-de-DE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.2549369997060795
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+ggDJZ:+sv+K5+CtTFCqsUz0AUoey+gmj
                                                                                                                                                                                                                                                  MD5:E35D0D20EA41CD143C7D31A901FA8A32
                                                                                                                                                                                                                                                  SHA1:CEA9DA88E29C7B7D5628A8406658033E1577F699
                                                                                                                                                                                                                                                  SHA-256:872EF7BCC59BF8E5CF85C674ED0E633A5EB24E629A6503A32BFC8E15BC750FCF
                                                                                                                                                                                                                                                  SHA-512:7A654D4EF451615BF749567FAD96922AC8E9767222D0F457028EF7E053081FA3889C54AB9E3C8A5EBD5EE4D66EF5CF0AE2A1B79C5E8A3C7BA26848C3EE437DFC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-el-GR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.258626910218937
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+aC:+sv+K5+CtTFCqsUz0AUoey+aC
                                                                                                                                                                                                                                                  MD5:E1AB8C2442B2032745741C8387A44921
                                                                                                                                                                                                                                                  SHA1:1F9788F1205BAB4ED35235F126A58EE8285F9B0A
                                                                                                                                                                                                                                                  SHA-256:DF6AF6D8FC279CFDA071EB2EE78C2FCC056B03AE9F9FBBF714ED354B78E75432
                                                                                                                                                                                                                                                  SHA-512:325F114C3ED7890F85411C2795F11D7756726FB8BD31F06EF57F5F6ACE58757BACD4057C6AB539839588E78D02779019FA23480EB1A846F1CBA3FE3EBB621129
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-en-US.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.26473179591435
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+HP:+sv+K5+CtTFCqsUz0AUoey+v
                                                                                                                                                                                                                                                  MD5:7E536037355A4C8EA13AED6EDEF9DA4D
                                                                                                                                                                                                                                                  SHA1:B115858D0A1155EF74593617F3FD530FB1A8291B
                                                                                                                                                                                                                                                  SHA-256:B57458084F1C6289464D5D11749F3DE67CB44D997DE2843E5BCD357CE7DC1EBC
                                                                                                                                                                                                                                                  SHA-512:D688AA9FFB3CEFC5A0E78D95817B760632965C9469DBAFBA3672B576E618FEA37745779C957E0DDD605FC4DEFAF053587F641D5F92E83098D234D108EC880092
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-es-ES.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.24948020806169
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+rq:+sv+K5+CtTFCqsUz0AUoey+u
                                                                                                                                                                                                                                                  MD5:AC41CD01C5C11D401371B80BCD2E9AEF
                                                                                                                                                                                                                                                  SHA1:641298528F0449266F0057849D46B94B70052010
                                                                                                                                                                                                                                                  SHA-256:A5990EACEF537A81CADC4611C4F6ED48307AB98CDBB62B3D602321BF730D90D8
                                                                                                                                                                                                                                                  SHA-512:31B690DC064269D23CCBBC36463E968439CD229475517FBB0A7B5DEC5346DBE119DDEC68C16B84ADE7795DEB782B12434A995EF64B081984BC45758228C80EBD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-es-MX.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.25725111754855
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+I27:+sv+K5+CtTFCqsUz0AUoey+I27
                                                                                                                                                                                                                                                  MD5:D139AA10295D4D66CCA63FFCCE9034BC
                                                                                                                                                                                                                                                  SHA1:07B2D175355CCC53FC778727B6B073C7A927CB23
                                                                                                                                                                                                                                                  SHA-256:6246C9C3EE0BF94448B0B5548773B7FCAB27C7F94BF73C4CE3DA8502E6BD6132
                                                                                                                                                                                                                                                  SHA-512:99A48E6E090ACCA0AF3EE6462503A1F6DC7405A2FCF9425F3834F790F4F7C9E54CAFF4AE2C9B3FF9509B9473A032CBC4381DA6636ACADAA351C96215A29D4A98
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fi-FI.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.258169866605646
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+h+dyaZ:+sv+K5+CtTFCqsUz0AUoey+hm
                                                                                                                                                                                                                                                  MD5:B85ABB5D7F27AC91BF9EF84B5C3F8DA5
                                                                                                                                                                                                                                                  SHA1:3B02A6BFA38525E275AC11A5D39F27E923B83747
                                                                                                                                                                                                                                                  SHA-256:12B221759491901EBB0A3F27B17BD615FD11F02061BBD171E1D8B022B3217721
                                                                                                                                                                                                                                                  SHA-512:1081D7D0AA811A2A275AE3A9937B7C2AF79534BBDEA646467EC97460EA0E822D70BE97F76E7ECB02F39C0A86564860576E7F6593452D48D30F407FB1F18E07DE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fr-CA.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.260510627760021
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+9pc/:+sv+K5+CtTFCqsUz0AUoey+9+
                                                                                                                                                                                                                                                  MD5:73FF3BCCDF7C1CE2739C762A9D79BE79
                                                                                                                                                                                                                                                  SHA1:145AE5141F73E99C8087141C52BDE36A716B09F4
                                                                                                                                                                                                                                                  SHA-256:E4F4E6BCE8482DA96ABDEEF2319C6C211BF6ABF4D976C9A4AE01DD6B0E4EEF3A
                                                                                                                                                                                                                                                  SHA-512:02CF71D13AC5C4DC34A9EFD39C31A9F2131C10F9E9623444CBDB9C8320CC899D5611282AC8CF07233CB8023C24D584D2DE0243E3BA0675223D52203169072263
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-fr-FR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.25607038325692
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+kp+1:+sv+K5+CtTFCqsUz0AUoey+u+1
                                                                                                                                                                                                                                                  MD5:5461449179F53521618D358AA2399C95
                                                                                                                                                                                                                                                  SHA1:8114987C08ED15AA6372899C7405C728AF02365F
                                                                                                                                                                                                                                                  SHA-256:9E6D35A5E3F71E7FB4D0503FED68181305CC5BF7557B3B532F29785AA7F3502D
                                                                                                                                                                                                                                                  SHA-512:DADCC0160A219045C4C752BA688F6ECE9A9DBA099BAE80D2A843E5E965BF6B3019697DE2B5ED1F80AE584A55DAE4E226C889ED92DD6DA286312D57B520859349
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hr-HR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.260888352905892
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+jpOnumQOev:+sv+K5+CtTFCqsUz0AUoey+9ZmQ3
                                                                                                                                                                                                                                                  MD5:604FF7C86E5A753DB6140217807081B1
                                                                                                                                                                                                                                                  SHA1:78CFEE03DCFEBE9F3D21ACF10D643E93F0410947
                                                                                                                                                                                                                                                  SHA-256:658D263EFFF36A0C8E57D58F5D146696266618D869732A4F57CBAACB8B937E9B
                                                                                                                                                                                                                                                  SHA-512:764BE04E4F10B9C2C9A2BE69A10AD570AC146008DF9BD5485FC0DE81BCE96C084BD68F46A1BA24E51E6258498EBA3DDC3BB38DAF5178C79F9D4CD031A7CC411D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-hu-HU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.266427629105407
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+eq8ee:+sv+K5+CtTFCqsUz0AUoey+eq/e
                                                                                                                                                                                                                                                  MD5:568912B1E4655CDD8ABEF25C2D9EB64E
                                                                                                                                                                                                                                                  SHA1:46936BCC2D6E924F4E608286447E93A9E7AFBA8A
                                                                                                                                                                                                                                                  SHA-256:A4ADAFD5A6EE98640F4C45446436CCAA299CBB571C4EAF17207CA5EDD0BC4B88
                                                                                                                                                                                                                                                  SHA-512:C723CE14D9E4C6B22C46ED9D1E8D1751D97778A671E055D1CF10A456C5CC096B52D660EB23E40BB61EA5F6B071F66BC6A015CEA50B481617AC3985B37A59688E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-it-IT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.2456289487653285
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+x6y:+sv+K5+CtTFCqsUz0AUoey+x1
                                                                                                                                                                                                                                                  MD5:728DA5B1FBA9401D5954B173DB414DFC
                                                                                                                                                                                                                                                  SHA1:ACA844DEBD3C8F284D19E16D50151E004DDDF656
                                                                                                                                                                                                                                                  SHA-256:EC051DCCABF2CECEB0F216BB8911F5EED4E64AD598A228008F2AC72F769CB8B9
                                                                                                                                                                                                                                                  SHA-512:2C4A9A746E937FCCAA161BFBC368DC5E17C37941A8DC8D7153865C43EFDE2C7395DB4BE6E0D95D56C22791DED84402960C301BEC21EEFC7A1939F81092FFC878
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ja-JP.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.261577620433791
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+jBbNr:+sv+K5+CtTFCqsUz0AUoey+1B
                                                                                                                                                                                                                                                  MD5:A4781D22BC1BA74F63A8E62AB9A4D987
                                                                                                                                                                                                                                                  SHA1:89DB90647D0539C7B6A65ABE7049C5DEC4733B7D
                                                                                                                                                                                                                                                  SHA-256:91B20B7B40EFBE8185F3BA2E3C53BBDC58AC0F68A028873D37951578C28BD08F
                                                                                                                                                                                                                                                  SHA-512:7BB38C51ADFFC7EB2AA5F4E1753BAEC15043A54887B0793B9210F74FB577975663BB8BB5FFF9838B7A342D7908893972838E6A48A28AA8181C4059EE30A3599C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ko-KR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.249923494889432
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+X:+sv+K5+CtTFCqsUz0AUoey+X
                                                                                                                                                                                                                                                  MD5:C875E4673332B21AF00F0A2F2A98A4D0
                                                                                                                                                                                                                                                  SHA1:AB152736BFAAE6F3C0D1780730257DFBC65F0A4E
                                                                                                                                                                                                                                                  SHA-256:C8B4304C22E2EDE9FE6A4D6DDACE9446D9F1F5A12806CDC4B030214C99A3973B
                                                                                                                                                                                                                                                  SHA-512:EFD3411B3FF6B02C42B3373A8F2C2B9CE6D8E7443B8A4F5F43421166FA7737DAB4635446019EFDB0AA3796319494E874EF4E6AA51976583BC6F2FFFF9EE19980
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nb-NO.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.249500943614529
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+9jC:+sv+K5+CtTFCqsUz0AUoey+9O
                                                                                                                                                                                                                                                  MD5:FDCA9C26797C23FFBA696632DA5AD10A
                                                                                                                                                                                                                                                  SHA1:5A11B096812CDFAB01732620C1801465D14BAC95
                                                                                                                                                                                                                                                  SHA-256:6672D19A7833DCCF5139573657910053F040FCF05326CC112CB66C171AAB6FF7
                                                                                                                                                                                                                                                  SHA-512:93ECA0BFDFFA98EFE26E9446650B8A8831DB80B1994D9855F527D4CB7DCBC098938F411B1EFDFCB4D61BF8B859C5A94B879C57D162CEFFED2D63DCE44A6F6CB0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-nl-NL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.246937070314897
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+TDC:+sv+K5+CtTFCqsUz0AUoey+TW
                                                                                                                                                                                                                                                  MD5:3EEA13D100ABAE41A13E345689E4F262
                                                                                                                                                                                                                                                  SHA1:8C14A8874BDE4632FC85ECA470C4CD6179292BAF
                                                                                                                                                                                                                                                  SHA-256:DA482FCE7F9444CB4750BA11B21162CAFC09ED16551074FF944065F7146A7DE1
                                                                                                                                                                                                                                                  SHA-512:31435BB41CCDD3285A9279AEA89CBAD6FCFB703A9F783C88C93D21E1FB6C0498754EBA1E322800BECB546FFF1B7DBE348647D9C388AFFC42DDED9A792EF9A991
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pl-PL.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.253179062882507
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+R3wlF:+sv+K5+CtTFCqsUz0AUoey+dQ
                                                                                                                                                                                                                                                  MD5:48D45A955DC961FDF220ADE6DEF69793
                                                                                                                                                                                                                                                  SHA1:5CD0F5BCA17D5C5626678F31D215CEEC6A27F96B
                                                                                                                                                                                                                                                  SHA-256:9984C016483DF6E8B3552451534C4E18B42CD3D827F4C369BDD574BB5E5B1209
                                                                                                                                                                                                                                                  SHA-512:B47FCE991257C036468A66B5DF2C72F1BF2D4FB95A607E3CFCB4A091134DBAFF567AD20592A615F1051171ABE4AFBD25E75F0B85A80B21A3BCE65803DB5BCABE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pt-BR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.262451795310626
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm++mq8p1Q:+sv+K5+CtTFCqsUz0AUoey++mXPQ
                                                                                                                                                                                                                                                  MD5:D956575A64DE678908FFB8CEFC2D6B39
                                                                                                                                                                                                                                                  SHA1:2ACE5530B16B6A90B51C23FB48147331EFC0C08F
                                                                                                                                                                                                                                                  SHA-256:AADEA0781FF909FEA482CF7EF2298B1D7151BFE51C0966690F6EBC7E7A25994D
                                                                                                                                                                                                                                                  SHA-512:058D20B8B1730C715992ADF60304277F307644236517ADF1E8A815E874EB965A3BCA6290593A832ACABBEDCDE35FE446BEBC8E96F9C5FC3DD6182CB8F19DE181
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-pt-PT.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.267063923875303
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+Of0H:+sv+K5+CtTFCqsUz0AUoey+H
                                                                                                                                                                                                                                                  MD5:95C6E5167BF31C0F915EED7163A930B8
                                                                                                                                                                                                                                                  SHA1:9A9A108F6E42BFBE92A27B1806569CAB962DDB9D
                                                                                                                                                                                                                                                  SHA-256:EF1D54ACCC383DE429BB0487C045A63A01BDAB8FBFA0CFC807F9AD3836F76CB4
                                                                                                                                                                                                                                                  SHA-512:80A3EBE515C43C40DE24E7A24FAA0AA83D756D6FA317FD58D5940DF776D04D19E35F3CD524C1EFC22F3C1CB05B9134BBA04904252B24C9FF955C2C99F4D10CC2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-ru-RU.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.257459656988995
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+cx:+sv+K5+CtTFCqsUz0AUoey+cx
                                                                                                                                                                                                                                                  MD5:B55FCCA4A4CC4FDDF428CF3D41DC5FAD
                                                                                                                                                                                                                                                  SHA1:489F21E89EA446A47D865B3A08090D1C545296A3
                                                                                                                                                                                                                                                  SHA-256:D6C1C7C20335FB7CE04FA077F8462DE9B64D81E454CD5B695A376C06BDCF3563
                                                                                                                                                                                                                                                  SHA-512:7539E9E912E567FC7FD471506B5980E07B25166E58B5FCC876989C29982665E7D2612524BFB8D8CEC78E2CB2E1EC9FCDEA8B771FDDEB88698F5B98373CFCAD30
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sk-SK.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.250747676593963
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm++BH2+h:+sv+K5+CtTFCqsUz0AUoey+CH2+h
                                                                                                                                                                                                                                                  MD5:93FCBA60FCE4A902457B19D483D1EF37
                                                                                                                                                                                                                                                  SHA1:C20ACE7F4A5DAB11496ECAFE3810C2D0EEE11E60
                                                                                                                                                                                                                                                  SHA-256:533CC246A0375F2330D0CEC542BEC87040A42BEDD2B0D693EC06EA12E785BCDC
                                                                                                                                                                                                                                                  SHA-512:33D3483B1CE08CAB5161725DD0E8ACFEB130F953ADA9B65A208C36E4215E48B2C4432B95A1EA5BC118D9619610FC4369152F3C41006015939B67710F801B08FF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sr-Latn-CS.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.264120563543988
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+ugxH0OX:+sv+K5+CtTFCqsUz0AUoey+XKOX
                                                                                                                                                                                                                                                  MD5:4E16F2DF0C5AE0730112815DBA14EA73
                                                                                                                                                                                                                                                  SHA1:599CCA3A2CC02AE81BDA230ACBA2C7A2A7C4FAC9
                                                                                                                                                                                                                                                  SHA-256:205A2633ACD1EC30491A5556172C5281E41C23B0237530EBDC8517CC0C64ECA7
                                                                                                                                                                                                                                                  SHA-512:E286AC531471A82A92C2817AF2C06E079F79D71E3C0F4FC8007E59A8C0AB6A206BC170876B6AC336FDE56D0F6DF217B86119DAFEA3A3F87EA9B04D9D6D1B16A0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-sv-SE.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.2547729771089555
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+BiOBO:+sv+K5+CtTFCqsUz0AUoey+B7E
                                                                                                                                                                                                                                                  MD5:C28AAD7101D47619F5A140E967C7285D
                                                                                                                                                                                                                                                  SHA1:53101D540DAC65CA09EB40E2E0D214B11E90A11F
                                                                                                                                                                                                                                                  SHA-256:77C27A824B50D0CC00591DD12513EA2648F1EE693A93E08D846CED2B467EE914
                                                                                                                                                                                                                                                  SHA-512:DF65933B7625CB9109D53F2CAD260201CAFED80CA9597C6CF57797D4C121A1F445F6726D1EF457FDBEBC7CB12A3584A8E1EDFE075E39D9964EC4A115B87DB438
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-tr-TR.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.256845597743145
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+oj8:+sv+K5+CtTFCqsUz0AUoey+oo
                                                                                                                                                                                                                                                  MD5:1CF522B93D68580DC403017497715104
                                                                                                                                                                                                                                                  SHA1:820F27C0745DB2943E531FE66FD90A6320039849
                                                                                                                                                                                                                                                  SHA-256:0C679C6DE3944586EA09F370506E398E220211E6D312B2A9F34CFA790F79AD04
                                                                                                                                                                                                                                                  SHA-512:3663E24C57C87348D8600206CBF368F2E53A441967A5256467DE8E0609EA602A48E58F3FA790A29457E7F0E80F0F9F9A09E10046602C32323B8E41819562B68F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-zh-CN.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.252334490525137
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+Gg7:+sv+K5+CtTFCqsUz0AUoey+Gg7
                                                                                                                                                                                                                                                  MD5:0D3BFE421022498BE9051237F86FC49D
                                                                                                                                                                                                                                                  SHA1:7F1C25D6CF27ACE555540A5734D7FE8A2994E8FA
                                                                                                                                                                                                                                                  SHA-256:E2ADEC91EB998B4D67F8237C8375E611011752C949017BB28394CA1849E62917
                                                                                                                                                                                                                                                  SHA-512:4480837D5760DBD1FA9C94BFE93DD894D9A5F81AED3100F9C8E446B1537D6FB9A8071B4F0D68F577AD5510CD2BD1FF1DB3DC1AC22B38C96A0E06E6C338F367E2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\jslang\wa-score-toast-zh-TW.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2380
                                                                                                                                                                                                                                                  Entropy (8bit):5.252688604348839
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:atsGm+KQfpzm+RkPlLnFSpqsbSjufrW0GtUoefLm+5Lz:+sv+K5+CtTFCqsUz0AUoey+5H
                                                                                                                                                                                                                                                  MD5:B11557016DF48AEB013C9E883C8B2894
                                                                                                                                                                                                                                                  SHA1:4F58C7F0A0571AB3F62D564413C5B7580D1DB536
                                                                                                                                                                                                                                                  SHA-256:7C066023DEFE028F546EBDF290A1B226BFDCE8903195AA811C12FEAFDA60D5D9
                                                                                                                                                                                                                                                  SHA-512:2F3DC52C555ED1B4865FB69150E7308894ABC751F56832A805E7CEB05C1F61421FAF1A64F98C6022502182985FABDB33D008D7C7C11C84E45845C96667AB9C00
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:var _lrSecureSearchToast_ = {.. WA_ST_M_STATUS_P:"Protection Score",.. WA_ST_M_MESSAGE_TITLE:"Increase your protection score",.. WA_ST_M_MESSAGE_TITLE_V1:"Search safer online and boost your protection score",.. WA_ST_M_MESSAGE_DESC:"Your protection score helps you monitor your overall digital health and safety. Get search protection for safer online searches and boost your protection score.",.. WA_ST_M_MESSAGE_DESC_V1:"Turn on search protection for safer online searches and see your protection score increase. Feel confident knowing you can monitor your overall digital health and safety with Protection Score.",.. WA_ST_M_ONLINE_PROTECTION_STATUS:"ON",.. WA_ST_M_ONLINE_PROTECTION_TITLE:"Online browser protection",.. WA_ST_M_ONLINE_PROTECTION_FREE:"Free",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE:"Browser protection is your first line of defense against unsafe websites, links, downloads, malware, and more.",.. WA_ST_M_BROWSER_PROTECTION_MESSAGE_V1:"Browser protect

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\aj_logic.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2893
                                                                                                                                                                                                                                                  Entropy (8bit):5.5085933045855295
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:+eV+P0Xb5sb0Po/U0cHLKDJea6xVIfXUckHUTkZ6yXbo06Ev+3TlJR9Y:+GLrPo/aHLZBIfsn8JY
                                                                                                                                                                                                                                                  MD5:2D4A669FDE1A14F55CDD7EB0EF287C59
                                                                                                                                                                                                                                                  SHA1:A43F895B5E2C6242AB0F4432D447B3E9838CD49D
                                                                                                                                                                                                                                                  SHA-256:91D67E5AA2345B028163226FE40999E64CFE7B9EA231794E0268E636FD0E7D71
                                                                                                                                                                                                                                                  SHA-512:F87E4D980DF816E2FCCCBC3E374EFCD3FD8CB3C4B2DC27610FAB2BD320899C9578ED054EC2B769293DE8CB17AC2EAEC5B205321615F9A15168FF60E407FF3A8D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ.......... 6...9.......9...'...B...6...B.......X...6...9.......9...'...B...+...L.......9...B...6...9.......9...'...6.......B...&...B...L....tostring)[BL]: is_aj_blocked: end, returning .is_active1[BL]: is_aj_blocked: standalone installation.get_oem_implementation.[BL]: is_aj_blocked: start.info.log.core........O6...9.......9...'...6.......B...'...6.......B...&...B...6...9...9.......9...+...-.......B.......X...6...9.......9...'...B...+...L...-...B.......X...6...9.......9...'...B...+...L...6...9...9.......9...+...-.......'...B.......X...6...9.......9...'...6.......B...&...B...+...L...4...6...9.......9...'...B...'.......J.........Ewacore:mfw\packages\webadvisor\aj_toasts\wa-aj-toast-toggle.html8[BL]: aj_logic.get_template: returning toggle toastJ[BL]: aj_logic.get_template: current extension annotation setting is .ALL..GetBrowserSetting1[BL]: aj_logic.get_template: suite is active;[BL]: aj_logic.get_template: AJ toast was seen already.does_browser_setting_exist.BrowserUtils.utils. and

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\base_provider.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1804
                                                                                                                                                                                                                                                  Entropy (8bit):5.794129827458554
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:5y/BcaU1lu6t2gCqXXm3Oh0KxAACL/w6ns:5y/BcYUtiS0KxApL/s
                                                                                                                                                                                                                                                  MD5:D57F36EB1F2C6F2685EB68A6939F718F
                                                                                                                                                                                                                                                  SHA1:70BCA36AA02B54ED2B80C084F3E15B3D39E7821A
                                                                                                                                                                                                                                                  SHA-256:600D76503BEBF9EAC51F5F6FBE4265E362F11EDA723DFC8DDE006D579AC4419A
                                                                                                                                                                                                                                                  SHA-512:F4F48C102E397EF639311F40A97B8C97ED905143434C3F4B918B5A5837FC7EFE4DB1A3290FF7D0702E9A0680D3D6689CE7CCB8222985E765E5BAA1ECB8F1732B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..8.......=...=...=...K....providerName.providerId.priority........+...L...........+...L...........+...L...........+...L...........+...L...........K...........K...........+...L............6...9.......9...'...6.......B...&...B...'...5...'...J...]file:///[WA_FILES]/mfw\packages_web_view\webadvisor\wa-ss-toast-variants-rebranding.html..."secure_search_toast_variation..?wacore:mfw\packages\webadvisor\wa-ss-toast-rebranding.html.tostring0[BL]: calling get_toast_template_path with .info.log.core........'...L....default........'...L....DefaultSearch........+...L............6...9.......9...'...6.......B...'...6.......B...&...B...6...-...B...X...6...9...9.......9...+...............B...E...R...K......SetBrowserSetting.BrowserUtils.utils.ipairs., browser_type=.tostringM[BL] calling Base_provider:fill_url_settings_with_the_same_url with url=.info.log.core......%.?6...9.......X...6...4...=...6...9.......X...6...'...B...5...7...6...9...3...B...7...6...3...=...6...3...=...6...3...=...6...3...=...6

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\edge_onboarding.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4540
                                                                                                                                                                                                                                                  Entropy (8bit):5.7215463842427425
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:/15UBuCYLAbf/uKwWbQ+YMVVnM/EdvsyJfQMGUu7:/3AX6SZVMEd3ZQDUu7
                                                                                                                                                                                                                                                  MD5:CD798E5EF0695CE45913CFE9FF24DA07
                                                                                                                                                                                                                                                  SHA1:F93D5CE576A5D9F3758E8DEC89B2956BB666CFA7
                                                                                                                                                                                                                                                  SHA-256:9817B919A08CB4C5393364AE0E8F1B68D36E0F929DEBCD08F9539CAEF703A6FF
                                                                                                                                                                                                                                                  SHA-512:9A8C4926558E2DCABD9EFE661C926428C7B9AA328D29D4CB833124EE8E95737ADC6060A307FBE53F93859C294C9F24D62C2088E812C9567FE926DFEDBF8B065B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........;6...9.......9...'...B...6.......9...6...9...9...9...9...-...B.......X...6...9.......9...'...B...+...L...6.......9...6...9...9...9...9...-...B.......X...6...9.......9...'...6.......B...'...&...B...+...L...6...9.......9...'...B...+...L......common_checks: end., won't proceed.'.tostring$common_checks: extension state .get_extension_state*common_checks: registry entry present.edge.BrowserType.BrowserUtils.utils!has_extension_registry_entry.browserSettings.common_checks: start.info.log.core.........'6...9.......9...'...B.......X...-...B.......X...6...9.......9...'...B...K...6.......9...+...'...-...B...6.......9...'.......B...6...9.......9...'...B...K.......!schedule_edge_ext_check: end.on_edge_check.SetEventTimer.timerFactory.edge_onboarding_check.GetOption.settings2schedule_edge_ext_check: common checks failed#schedule_edge_ext_check: start.info.log.core......E...6...9.......9...'...B.......X...-...+...B...-...B.......X...6...9.......9...'...B...K...6.......9...+...'...+...B.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\ff_monitor.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3446
                                                                                                                                                                                                                                                  Entropy (8bit):5.580599253252745
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:8QlNSU52MBNIsd+eE+Zo1PsLjgjg2kYIf0TfdXdWXbiA:8YSU5pd+IZo1PBg2kYw0TfdXdWuA
                                                                                                                                                                                                                                                  MD5:174EA661C9AE5700F50E0C6C8B298909
                                                                                                                                                                                                                                                  SHA1:1625F68F91A0D3D0981AE33AA127B2C8B4261E51
                                                                                                                                                                                                                                                  SHA-256:EDBAC1B754DDAA727AD3CDBDDF97FACB4FABF4A4F4BBDBE9C943961D951CA1C8
                                                                                                                                                                                                                                                  SHA-512:F884D0DC98EA0A1816D241751D6E56A0E2434B1F5435726ABD03338A4F99469A3F95D0AC4A8465ED89BCA458D38050804F2685A1E47AAF896312880941DF2ACB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........T6...9.......9...'...B...6.......9...6...9...9...9...9...B.......X...6...9.......9...'...6.......B...&...B...+...L...6.......B...).J.....X...6...9.......9...'...6.......B...'...&...B...+...L...6...9...9...9...9...6.......9...6...9...9...9...9...6...9...9...9...B.......X...6...9.......9...'...B...+...L...6...9.......9...'...B...+...L....common_ff_toast_checks endBcommon_ff_toast_checks: WA extension is installed and enabled.ff_wa_ext_id.get_extension_state.ext_enabled.ExtensionState$ supports registry installation%common_ff_toast_checks: version .tonumber.tostringIcommon_ff_toast_checks: failed to get Firefox major version . Error .err.ff.BrowserType.BrowserUtils.utils.get_browser_major_version.browserSettings!common_ff_toast_checks start.info.log.core......#.l6...9.......9...'...B...6...6.......9...+...'...)...B...A...6...9...B...6...6.......9...+...'...)...B...A...6...9...9...9...............B.......X...6...9.......9...'...B...K...5...6...9...9...9...=...6.......9...+...'

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\logic_loader.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2880
                                                                                                                                                                                                                                                  Entropy (8bit):5.680378484791574
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:qChuRIL5WuR0dyMGhKzG2VzWGLk5a2TB+2QSusUAwJjfRkmypUy8NqXRUsUc+LcI:qChuzuOGo9zk5FTAdSQgRUsUc+LcU0Ut
                                                                                                                                                                                                                                                  MD5:6042C4E797DB58361D3649E6FA0BE845
                                                                                                                                                                                                                                                  SHA1:ABAB0A1839EB6F478FDC6AE90CEF2FFEEC62689C
                                                                                                                                                                                                                                                  SHA-256:9493F3374C1CE55BBAF24A7F0E13E20ED21827E76F3A3E1EFF14A2519BBD7FD8
                                                                                                                                                                                                                                                  SHA-512:CB804CF67A710E2782FAE66CAE9F75C50F79AC2EA87D39BB4F33FA64875EA9FB488D014D82E83A51554FB15F56884F49FD3EE651B24EA90FC17DF36A8517DACA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6...9...8.......X...8...L.......X...+...6.......9...............B.......X.......X...+...<...L...6.......)...B...K....error.include.external.loaded.package.........5...'...6.......B...X...6...........B...E...R...K....require.ipairs.MFW\core\.....logger.dkjson.json.utils\stringUtils.utils\browserUtils.class.win32helper.utils\common_utils.........5...6.......B...X...6...6...8...'.......&...B...E...R...K....Module does not exist: ._G.assert.ipairs.....external.settings.subdb.telemetry.utility.browserSettings.registry.timerFactory.........5...'...6.......B...X...6...........B...E...R...K....require.ipairs.logic\.....usage_calculation.MiscUtils.providers_selector.base_provider.ss_logic.oem_business_logic.ff_monitor.type_tag_utils.tests_logic.aj_logic.edge_onboarding.oem_utils\oem_util.oem_utils\oem_utils_wss.oem_utils\oem_utils_wps oem_utils\oem_util_selector.oem_utils\affid_monitor........d6...9.......9...'...B...'...6.......9...B.......&...6...9.......9...'.......&...B...6...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\miscutils.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5319
                                                                                                                                                                                                                                                  Entropy (8bit):5.745975256849087
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:XXleAMNJLtWOVh7jqJlkN48gkaxwSCTNOUnPmZ6Fnr6uoS9:nl07tWOGJlkJgkaOBNOUPxFrLoi
                                                                                                                                                                                                                                                  MD5:E1C40EBE2C5D157FCBD18C89655653B5
                                                                                                                                                                                                                                                  SHA1:1A4B6AFC1F430F6D5E9B5231AB1A6106F2F3C062
                                                                                                                                                                                                                                                  SHA-256:F80EA2075917CA238EF3B46D9277BC1E905C10546E65996B3FEC603B81FF4633
                                                                                                                                                                                                                                                  SHA-512:78606799678830D27DF7CF33E3DFF4DCA4B8EB449517B507D909B9714A1060265B1AC2FFC0387DB8C12B1BB00C3C4B980EDDF32017B1876DC12E7CC2FE9B09B8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........$6...9...9...9...6...9...9...9...B...)...-...9...'.......B...6...9...9...9.......6...9...9...9...........)...B.......X...+...L...-...9.......D......string.GEO_ISO2.SYSGEOTYPE.GetGeoInfoA.char[?].new.GEOCLASS_NATION.SYSGEOCLASS.GetUserGeoID.kernel32.Win32.core..........6.......9...+...'...'...B.......X...6...9.......9...'...B...6...9...9...9...B.......L....GetUserLevelGeo.MiscUtils.utilsH[BL] GetGeo: Got empty value of SystemGEO, falling back to user GEO.warn.log.core..SystemGEO.GetOption.settings.........6...9...9...-...9...9...)...)...'...B...A...9.......X...+...X...+...L......handle+{B3251298-6CD7-4C88-A541-A62A7500D233}.OpenMutexA.C.Win32Handle.Win32.core........8-..."... .......X...+...X...+...6.......B.......X.*.....X...6.......9...+.......6...6...9...9...9...........B...A...A...X...6.......9...+.......'...B...6.......B.......X...6.......B.......X...6.......9...+...........B...L......(current<setting).days_elapsed.common_utils.utils.core.tostring.SetOption.settings.st

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9815
                                                                                                                                                                                                                                                  Entropy (8bit):5.839563999700545
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:76Qa+8YiRGQLtdF4ivOiTSzDSEoNw0FKgv/a6auYc4HGLJUgd:76Qa+8YAGQLdHONHOKgHPoc4mLGgd
                                                                                                                                                                                                                                                  MD5:DED78D399D6009980BE422242A9BBD8E
                                                                                                                                                                                                                                                  SHA1:35B6F92F31D06ABF5F81EE11E4AA41B5AF5E20E8
                                                                                                                                                                                                                                                  SHA-256:BAF9C732E0AE7A53AB4B01EAD3122559AC3E42CA9BF014136275C8FA69B1242F
                                                                                                                                                                                                                                                  SHA-512:D852CE53905C84FDA63BC74FAAABDC2512FEC11E2B7ED8B9470D378F589461EE49D21E188D3D4FC21E2E1A2F6DCABCD8162D4F74D8BF9909A1139BCEA650C62F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........J6.......9...+...'...)...B...6.......B.......6...9.......9...'...6.......B...&...B.......X...6.......9...+...'...6...6...9...B...A...A...6.......9...+...'...'...B...+...L...6.......9...+...'...)...B.......X...6.......9...+...'...'...B...+...L...6...9...9...9...6...6...9...B...A...........'...D....MinimumDaysElapsed.MiscUtils.utils.(interval=0)3*DEFER_SEARCH_MINIMUM_DAYS_AFTER_WSS_UNINSTALL.(just set).OEM_WSSUninstallDateState.time.os.SetOption.tostring.[BL] *WSSUninstallDate = .info.log.core.tonumber.*WSSUninstallDate.GetOption.settings.........V6.......9...+...'...+...B...6.......9...+...'...)...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'...'...B...6.......9...+...'.......B...6...9...9.......9.......B.......X...6...9.......9...'...6.......B...&...B...K...6.......9...+...'.......&...'...B...K....NoError.RecoveryAttemptLastError_.tostringA[BL]: SetSearchOfferAllowed: nil browser string

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\affid_monitor.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1779
                                                                                                                                                                                                                                                  Entropy (8bit):5.569415025810661
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:FVI5znjQm2soNtKCSTeiijbeTOx/6ATk0pdpy6cSVIBmD/JF8vor:fIpjzatN2U80FIBKBtr
                                                                                                                                                                                                                                                  MD5:5728F2F5B792DB52879923AA04B66F14
                                                                                                                                                                                                                                                  SHA1:621A4FD5A6F5CD74B8F9279DB8E8C9BE53618C55
                                                                                                                                                                                                                                                  SHA-256:6FE5698A9FB8ECE4B1234606B51F23725FE82DE21BED3E8B964E07021C549886
                                                                                                                                                                                                                                                  SHA-512:F8D87D29E49E04C8B236B43D564DD9D787549AB95E0D4C1BB24976DC32E519053BD13C3BFC6DEC0F16FBF3FE303E0E9207ADDDA56B5F1ADBC45BE7F75CA789F9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ............6...9.......9...'...B...6.......9...+...'...B.......X...6...9.......9...'...B...K...6.......9...+...'...+...B.......X...6...9.......9...'...B...K...6...B.......X...6...9.......9...'...B...K.......9...B.......X...6...9.......9...'...B...K...6.......B...6...9.......9...'.......&...B...+...6.......9...+...-...B.......X...6...6.......9...+...-...'...B...A...6...9.......9...'.......&...B.......X...6.......9...+...-.......B...+...X...6...9.......9...'...B...6.......9...+...-.......B...+.......X...6...9.......9...'...B...6.......9...B...6...9.......9...'...B...K......wps_affid_check_impl end.apply_customization.wps_utils1wps_affid_check_impl: applying customization3wps_affid_check_impl: affid is not updated yet.SetOption6wps_affid_check_impl: current WA saved aff_id is .0)wps_affid_check_impl: wps aff_id is .tostring,wps_affid_check_impl: wps aff_id is nil.get_aff_id4wps_affid_check_impl: wps implimentation is nil.oem_utils_wps2wps_affid_check_impl: affid override disabled.affi

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):560
                                                                                                                                                                                                                                                  Entropy (8bit):5.070909170520725
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6f0a/55P8Z+U3bTs3IdtnugLBGgiO6CaMAEWfIJw8nGAOdg:68aMZdTs0ugLBx2ChAEWfF8d8g
                                                                                                                                                                                                                                                  MD5:3FA88847EE0F13538ABEC9AD10F2EE73
                                                                                                                                                                                                                                                  SHA1:6BC7F487FD4D06AB255B892BB33DF6FE038B0621
                                                                                                                                                                                                                                                  SHA-256:D8A3B76B9B3793DE75F2DB4A5011FDEDBE873BF4C50B3C0C69CB937076801381
                                                                                                                                                                                                                                                  SHA-512:430C5ED86BC477678D1A74384EC14A25A3AD6EF34D29ECF87F9146A1702DFE23BCE63746EBCB90B69F5D0F02103349E24A2CD9AAA2FC0AE2D81BC199609CA0EC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........K...........+...L...........+...L...........+...L...........+...L...........+...L...........+...L...........+...L..........."6...9.......X...6...'...B...6...9...3...B...7...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...6...3...=...K.....is_active..get_expiry_date..get_activation_date..get_install_date..is_trial_active..is_trial..is_installed.oem_util..class.core.class.require.core._G...//0C88CD92C38CC31371E2A7FFEF24E36ED213BABD85DC71FD564CF5CAA71EDCF41046765B4EB07BF8B13B0624816E7C09F18C9A2148C8D43D962748870C87EC73++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_util_selector.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):672
                                                                                                                                                                                                                                                  Entropy (8bit):5.329052509256524
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:6DmOMYinnQlYelgLOphYfR2MQyPiOhYfQIMBFSWbB4Fd/0/b/UtmEmgh:6nVMeNwfR2MQsmfQIMBFXG1QUtmyh
                                                                                                                                                                                                                                                  MD5:C459A560CB78933ACAC76514E2408D5A
                                                                                                                                                                                                                                                  SHA1:FA5086A115872496C2D59EF500FDBE123F7B8C52
                                                                                                                                                                                                                                                  SHA-256:D8C8985978EDCA7FF9CCF655D4BF3823C8428C8AEE16DC51F5564DDB1F0AFB2F
                                                                                                                                                                                                                                                  SHA-512:001BA39B437B7804508B81B4D560F8C73924A9F9FE882195CDF2B780E3C6F21DE09BD9940A115434B98D59D1DFC635EE891BFF59C23A86ED57D89EFFDB899D2C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........46...9.......9...'...B...6...B.......X...6...9.......9...'...B.......9...B.......X...6...9.......9...'...B...L...6...B.......X...6...9.......9...'...B.......9...B.......X...6...9.......9...'...B...L...+...L...0[BL]: get_oem_implementation: wps installed2[BL]: get_oem_implementation: wps_oem not nil.oem_utils_wps0[BL]: get_oem_implementation: wss installed.is_installed2[BL]: get_oem_implementation: wss_oem not nil.oem_utils_wss([BL]: get_oem_implementation: start.info.log.core+.......3...7...K....get_oem_implementation....//836C5B03D9868F1E7E3E80AF6F0A8B8EBCB0FD233926B88E4C5C83320CF9F3A7CB133D48875B0A53A6F9F32262D69227F8387C864E9257C874D53016B35D51F9++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wps.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5508
                                                                                                                                                                                                                                                  Entropy (8bit):5.601274527465085
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:WHn6Gmsvuo4xjk8mxfFDMkJH40m9sjvqFXf+2rWVH9b5lRUwsqt:U6vcJvmAtYeUwsqt
                                                                                                                                                                                                                                                  MD5:15D0398B9F76392BDA31A64E92EBEF60
                                                                                                                                                                                                                                                  SHA1:D49B2128B16A9948D16C39ABB8650592137C2EE2
                                                                                                                                                                                                                                                  SHA-256:6633C5E2D1E16325A6172E260EEE73186B1063D63911F21F18141D255040A1A9
                                                                                                                                                                                                                                                  SHA-512:403A09F1FF6F6000893B4D49BAD0CA9FD796C3B10BBC94C6B54AA7B7E869B858E6E73210A9FB99B9D717B587C5E5E413488C3088C788A8B80F5D6FF22BBC7E80
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........?6...9.......9...'...6.......B...&...B...6.......9...-...B.......X...6.......9...-...B.......6...9.......9...'...B.......X...6...9.......9...'...B...K...6.......B...6...9.......9...'.......&...B...6...9.......9.......B...6...9.......9...'...B...=...K........wps_data5[BL]: oem_utils_wps:constructor: parse succeeded.decode.json1[BL]: oem_utils_wps:constructor: setting is 0[BL]: oem_utils_wps:constructor nil setting([BL]: oem_utils_wps:fallback to v1 .get_setting.wps_utils.tostring.[BL]: oem_utils_wps:constructor. self is .info.log.core........;6.......B...6...9.......9...'.......&...B.......9...-...B...6...9.......9...'...6.......B...'...6.......B...'...6.......B...'...6.......B...'...6.......B...'...6.......B...'...6.......B...&...B...6...9...5...=...=...=...=...=...=...D......sec.min.hour.day.month.year....sec..hour..day..month..year..min..time.os...:. .-([BL]: wps_date_to_lua: parsed date .match)[BL]: wps_date_to_lua: input string .info.log.core.tostring.........6...9....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\oem_utils\oem_utils_wss.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2385
                                                                                                                                                                                                                                                  Entropy (8bit):5.565249107581106
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:eYWhvpfcvH72EQvevwdH85FkRkBjvFV4sl2V:2lpfEH7hQ6wdeFkRkBbz4slQ
                                                                                                                                                                                                                                                  MD5:2F92638A462617B9BF64DFD7C4D1D401
                                                                                                                                                                                                                                                  SHA1:C407EB5D173957076EA2985E2AC6F581DBA98E59
                                                                                                                                                                                                                                                  SHA-256:41F4E60EFEC88CA3AF71D5E26398E7A35609B81EC2A6E62E2D5CDA27D9433156
                                                                                                                                                                                                                                                  SHA-512:1F6FE9D172EC60199669F32E6E7996B901D8078B1FFB9D76B3F9A9F04CA15235276517E38CE55192EEAE4C05629308003C983752848EAB5E562F5EBD85F9D95E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........6...9.......9...'...B...6...9...9...9...D....IsSuiteInstalled.common_utils.utils%[BL]: oem_utils_wss:is_installed.info.log.core.........6...9.......9...'...B...6...9...9...9...D....check_wss_trial.common_utils.utils![BL]: oem_utils_wss:is_trial.info.log.core.........6...9.......9...'...B...6...9...9...9...D....is_active_wss_trial.common_utils.utils([BL]: oem_utils_wss:is_trial_active.info.log.core........46...9.......9...'...B...6.......9...'...'...B...6.......B.......X...6...9.......9...'...B...+...L.......X...6...9.......9...'...B...+...L...6...9...9...9.......B.......X...6...9.......9...'...B...+...L...L...:[BL]: oem_utils_wss:get_install_date null expiry time.SubDBTimeToOsDate.common_utils.utils>[BL]: oem_utils_wss:get_install_date data is empty string.;[BL]: oem_utils_wss:get_install_date data not a string.string.type.installed.vso.GetProperty.subdb)[BL]: oem_utils_wss:get_install_date.info.log.core........L6...9.......9...'...B...6.......9...'...'...B...6.......B...

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\providers\bing.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5694
                                                                                                                                                                                                                                                  Entropy (8bit):5.849470354833383
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:2/dh6DsRoC42BeCpx7Pd0e+VOleAGrLNPF0pBtw9CJ5ohtbKI3Ht:2/dhLRqyPvd0ZOlOXNP2p3bJ+hVZ3t
                                                                                                                                                                                                                                                  MD5:9CB4856CFB3739CC2218002F4FD729A6
                                                                                                                                                                                                                                                  SHA1:BF36999CE3FB36B6E479957B5220D9DDE5C4CC20
                                                                                                                                                                                                                                                  SHA-256:787B1152F9A87D32B0A3073B1015D270B5D849B41A41C95012C2A41270BB87A7
                                                                                                                                                                                                                                                  SHA-512:AB5FC590F4DCF0F8E951F7A9ABEB0E1C30F9EA4743589CFF10A15A8C62FBEDAA1FAD9D04E3BC201871ABB03759D5308712CE1CE8BC66970173ABB33918641738
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........E6...9.......9...'...6.......B...&...B...6...9...9...9.......B.......X...+...L...6.......9...+...'...6...9...B...6...9.......X...6.......9...+...'...'...B...6...9...9...9...'.......B...6...9...9...9...B...8.......X...+...L...6...9.......9...'...6.......B...'...&...B...+...L.... end"[BL] should_be_selected_impl .GetGeo.,.Tokenize.common_utils.AU,DE.BingCountrySet.Bing.Yahoo.SearchProviderCodes.ProviderForced.GetOption.settings.ShouldSelectBingOverYahoo.MiscUtils.utils.tostring&[BL] should_be_selected_impl for .info.log.core........-6...9.......9...'...B...6.......9.......6...9...9...9.......B...A...6...9.......9...'...6.......B...&...B...6...9...9...9...9.......X...6...9...9...9...9.......X...+...X...+...L....ext_not_accepted.ext_disabled.ExtensionState.BrowserUtils.tostring4y_for_b_extension_criteria: extension state is .get_search_extension_id.MiscUtils.utils.get_extension_state.browserSettings&y_for_b_extension_criteria: start.info.log.core........e6.......9...+...'...).

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\providers\yahoo.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):18145
                                                                                                                                                                                                                                                  Entropy (8bit):5.8898803796156605
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:0baPqTqj5R2F46vdSGGgOqkmzLKh0hyKc1BSF63i8IOB6VNplF9az:0b4qTq1R2F4WgGGgOqkmzqkyKc1Bqd8p
                                                                                                                                                                                                                                                  MD5:1BDB3B40489026FD4B88B72CB1728E6F
                                                                                                                                                                                                                                                  SHA1:0D5565819D96ECB2F422C103CE9CC75D72C1F746
                                                                                                                                                                                                                                                  SHA-256:A80EE525C4ABD87F5089FFC31076702C68A76DF9642ECF316E1AC974E292E2BB
                                                                                                                                                                                                                                                  SHA-512:C66982AD355155C528DC41B759E1870CC1BF536D0C4C617A60B629FF2CFE19F671DCCFD22226058E6C44E3630E3D3590A338BEFDC3152D6BA30681BDC350F7FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ.........."6...9...9...9...B...-...8.......X...+...L...6.......9.......6.......9...+...'...'...B...A.......X...6.......9...+...'...+...D...+...L....."*EMEA_COUNTRY_SUPPORT_ENABLED.HU *EMEA_COUNTRY_SUPPORT_REGEX.GetOption.settings.RegexTest.utility.GetGeo.MiscUtils.utils.core........16.......9...+...'...-...B...6.......9...+...'...'...B.......X...6...9.......9...'.......&...B.......X.......'.......&...X.......6...9.......9...'.......&...B.......X...-...'.......'...&...>...K........).*..^http(s)?://(us\.|ar\.|at\.|au\.|br\.|ca\.|ch\.|fr\.|fi\.|de\.|dk\.|hk\.|in\.|it\.|kr\.|mx\.|no\.|es\.|se\.|tw\.|uk\.|cf\.|cl\.|co\.|id\.|nl\.|nz\.|pe\.|ph\.|sg\.|th\.|pl\.|tr\.|espanol\.|ve\.|vn\.|malaysia\.)?search\.yahoo\.(com|co\.jp)/search.*(\?|&)fr=(mcasa|mcsaoff|mcsaoffblock|slv8-mcafee|$AdjustRegex: regex addition is .|,AdjustRegex: got special chrome frcode .info.log.core..YAHOO_CH_FR_CODE_REGEX_ADD.*YAHOO_FF_FR_CODE.GetOption.settingsG.......6.......9...B.......K......get_config.smart_toast_s

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\providers_selector.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1917
                                                                                                                                                                                                                                                  Entropy (8bit):5.844687996879564
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:iFZZRFnYQrEfyAb/taw2mx/YH8tEiwtRU1VWk+gj99:iFz/REfyAb/Yw2mx/G8tEiwtyok+gjn
                                                                                                                                                                                                                                                  MD5:5F7613E39C466B29459B809F692398D6
                                                                                                                                                                                                                                                  SHA1:FD6F702282C45FEC65CCD2F7A84763FB9EA91447
                                                                                                                                                                                                                                                  SHA-256:FCDE3D311F9B801860D2E34DFD79F30C1649EA27F8F6F56F399F43134D6FF670
                                                                                                                                                                                                                                                  SHA-512:B37D26C12A53C78FF7A962B69C3B7E6E45A52897472410AA7473E5F77D361B9DA7B813534995694CBDA33B6CBB35F344B7A520B14FC8E02144D1EF478671149F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........`6...9.......9...'...6.......B...&...B...4...6...6...B...H...6...9...........B...F...R...6...9.......B...).......)...M...6...8...8.......9.......B.......X...L...O...6...9...6...9...9.......9...'.......6...9...B.......X.'.6...9.......9...'...B...6.......9...+...'...'...B...6...9...9.......9...+...'.......'...B...6...9...9.......9...+...'.......)...B...6.......9...'.......B...+...L....(empty)(fill_url_settings_with_the_same_url.Base_provider.SetBrowserSettingInt.(Unknown).ProviderToastedName.SetBrowserSettingL^http(s)?:\/\/(www\.)?yandex\.(com|ru)\/search\/(\?|&)fake_param=fake.*.SECURE_SEARCH_REGEXES.SetOption.settingsI[BL] ssProviderSelector.GetSSProvider nullifying settings for Yandex.Yahoo.ProviderToasted*GetUserBrowserSettingWithSystemBackup.BrowserUtils.utils.Yandex.SearchProviderCodes.ShouldBeSelected.sort.insert.table.ss_providers.pairs.tostring/[BL] ssProviderSelector.GetSSProvider for .info.log.core.........6...9.......9...'...6.......B...'...6.......B...&...B...6.

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\selectors\smart_toast_search_setting.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1079
                                                                                                                                                                                                                                                  Entropy (8bit):5.59753508033406
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6XKNbPMFjBgrexyj1yA9yqlyt4KU8qyHm6nqJq8Uf+E3Vxcz+nr:f0b6yy1P9xlUUDixMq8Ufxxd
                                                                                                                                                                                                                                                  MD5:C52D3C82D16896F10A24ED0F18962E8B
                                                                                                                                                                                                                                                  SHA1:B829FEBB4A81259B67C1CAFF710E881EC976B08B
                                                                                                                                                                                                                                                  SHA-256:36233C98FF348E0040319E8A125AC24988ED59A7C52F3F5805F543A5A61186B4
                                                                                                                                                                                                                                                  SHA-512:B0A63CD117B5C97929D774FC2B0208C8A3F4BE7A7C2B1138F76BE4825164F48FC6CF068374D61FB2493E2BE4E312A53D22ECA2979DE6F9721CC64E2C8DDCFA69
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........J6...9.......9...'...B...6...9.......B.......X.5.9.......X.2.4...6...9...B...H...6.......B.......X...9.......X...6...9.......9...'...9...&...B...9...=...X...6...9.......9...'.......&...B...<...F...R...6...9.......9...'...6...9.......9.......B...&...B...L...X...6...9.......9...'...B...+...L...K...Q[BL]: smart_toast_search_setting:get_config: Smart search settings not found.encode.jsonF[BL]: smart_toast_search_setting:get_config: Processed settings: ][BL]: smart_toast_search_setting:get_config: Unknown setting or malformed data for key: H[BL]: smart_toast_search_setting:get_config: Found frcode setting: .frcode.table.type.pairs.search_settings.get_config smart_toast_config_selectorO[BL]: smart_toast_search_setting:get_config: Getting smart search settings.info.log.core.........6...9.......X...6...6...9...6...B...=...6...3...=...6...2...L.....get_config smart_toast_config_selector.class.core.smart_toast_search_setting._G...//F0A6836976F59F59578A7F23C605584C8A2C452DF6247868F42

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\selectors\smart_toast_template.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):811
                                                                                                                                                                                                                                                  Entropy (8bit):5.5627366010630785
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6ni3JB40xJB888hUeJBlznqJq8UtTgc6e:+i3JLxJOXUeJrzMq8UtTgc6e
                                                                                                                                                                                                                                                  MD5:E607C870DDB1433C445E1C46E3766C99
                                                                                                                                                                                                                                                  SHA1:66F3A4BB2A953FB4750EA0DAF512A5DB077CC050
                                                                                                                                                                                                                                                  SHA-256:5DD2F9C2FBA8C7B96D5BBBBC6DA6DA646AAFCF16522C4DC22195AA22D4E6F072
                                                                                                                                                                                                                                                  SHA-512:5188642411431160F1C2046624B64C0ADD278082D3686ABC32FBC1A6495BFFE90B4460FBE5D72DACD56B0799F0D1BE480B43407CD4B60AB250048454CAD20761
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........06...9.......9...'...B...6...9.......B.......X...9.......X...9...9...9...9...9...9...6...9.......9...'...6...9.......9...9...B...&...B...............J...X...6...9.......9...'...B...,...J...K...J[BL]: smart_toast_template:get_config: Smart toast template not found.encode.jsonB[BL]: smart_toast_template:get_config: Toast template found: .web_view2_template.template_data.template.toast_template.get_config smart_toast_config_selectorH[BL]: smart_toast_template:get_config: Getting smart toast template.info.log.core.........6...9.......X...6...6...9...6...B...=...6...3...=...6...2...L.....get_config smart_toast_config_selector.class.core.smart_toast_template._G...//A5D557B96D3D8EF81D45E71E298E1D15E70890FAE0CFBB872033838E2F034A97DB01EAB7B0A563393BFF010FB182CD70A3DDEB2EBE978785C7097A4DF6F51E0F++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\selectors\smart_toast_trigger.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):903
                                                                                                                                                                                                                                                  Entropy (8bit):5.527964649762146
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:6VPcljcvIPYljlAEltlXfgNUIqlLnqJq8U6r+SGj9:Zlj85WEBYNUIqNMq8U6fGx
                                                                                                                                                                                                                                                  MD5:0E81B6D2373D30AEB9B86784E94C9AB4
                                                                                                                                                                                                                                                  SHA1:B4C833E6D6C26C652F24CCC4EB784D66D5E42E3D
                                                                                                                                                                                                                                                  SHA-256:4C172C578AFAE4F866C3AD5258230906B171B2937FEFB48F5B1D06917A572576
                                                                                                                                                                                                                                                  SHA-512:F98B9A9E843BD86BF9A388A92B0E5D54D594635B69A233D49FE48286B2FCE59EA1976DCD305CEA4E0FE5D7D75D15D9240CD567E68FE59645A7CFBBFD8F1DE0D1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........<6...9.......9...'...B...6...9.......B.......X.'.9.......X.$.4...6...9...9...B...X...6...9.......9...'.......&...B...6...9...........B...E...R...6...9.......9...'...6...9.......9.......B...&...B...L...X...6...9.......9...'...B...+...L...K...E[BL]: smart_toast_trigger:get_config: Trigger settings not found.encode.jsonG[BL]: smart_toast_trigger:get_config: Processed trigger settings: .insert.tableB[BL]: smart_toast_trigger:get_config: Found trigger setting: .triggers.ipairs.trigger_setting.get_config smart_toast_config_selectorC[BL]: smart_toast_trigger:get_config: Getting trigger settings.info.log.core.........6...9.......X...6...6...9...6...B...=...6...3...=...6...2...L.....get_config smart_toast_config_selector.class.core.smart_toast_trigger._G...//894BE453DE029DD5840552784029DC188B404F167CC065ABC224735C9BA01F79CCFBD988E2ADEAB24C6180B9A534AA2FE0BEF10C4D408CA840AD3D221C87D0DA++

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\smart_toast_config_manager.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):49012
                                                                                                                                                                                                                                                  Entropy (8bit):5.056113680206571
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:+wf+IsIWUHHe4QmwgUwTjNxHS/lpliu/ATe:DDsRU+4ZXBnBu/Ay
                                                                                                                                                                                                                                                  MD5:215D687FAA6F35A92EB6FC31CA5CCD46
                                                                                                                                                                                                                                                  SHA1:614E6B7F747C7FBD9AAE75FC1B3C2C13E1CFE521
                                                                                                                                                                                                                                                  SHA-256:7BBCDD6D869930E31FBD7FA2721009557BF84EB81E7CBC6ADBD040B05EA674B5
                                                                                                                                                                                                                                                  SHA-512:758D4ECAB869CA1F356B22D4FB613C050DE02B035EAAD87F3B90B335203E5DC91275F1E931CF2FE5F1DC72015B7164ABFEDBFFE177FACE3FAC3D2011AB19BA89
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ...........5...9...=...-...9...9...8...=...-...9...9...8...=...-...9...9...8...=...L..........toast_template.search_settings.trigger_setting.config_setting....config_id..search_settings..trigger_setting..toast_template..config_id..........6...9.......9...'...B...6.......9...+...'...+...B.......X...6...9.......9...'...B...K...4...4...6...6...9...B...H.(.6.......B...6...9...........B...4...6.......B...X...6...9.......B...9...<...E...R...6...9...<...6.......B.......<...6...9.......9...'.......'.......'...&...B...F...R...6.......9...+...'...6...9.......9.......B...A...6.......9...+...'...6...9.......9.......B...A...6.......9...+...'...+...B.......X...6...9.......B...:...6...9.......9...'...6.......B...&...B...6.......9...+...'.......B...6...9.......9...'...B...K...I[BL]: smart_toast_config_manager.initialize: Initialization complete.SetOptionInt..[BL]: smart_toast_config_manager.initialize: client_config_version is not set, defaulting to the least available version = .sort&smart_toast_c

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\smart_toasting\smart_toast_config_selector.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2203
                                                                                                                                                                                                                                                  Entropy (8bit):5.472780090169697
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:kVInVFaoLKmuO8UVUoDUJU0UvrUsmU2FXvoIHEUj3UQtUQqDUHUQTUQKDrUMUYq4:QInVlmhhUVU2UJU0UvrUPUIvoIHEq3Ur
                                                                                                                                                                                                                                                  MD5:DF2352EEA6BE71F1B5D79F10662739E3
                                                                                                                                                                                                                                                  SHA1:8A413AF42DE3D7EF4950A7E52BA337805DCAF38B
                                                                                                                                                                                                                                                  SHA-256:0D645C681D19923BD277955F389DF56E4F7EF99BFB758C47FE05E0625BD84B0D
                                                                                                                                                                                                                                                  SHA-512:4043E355B56787F8742F1D5C9224753C306489FD0CA71EE7AEC49DD7B87745E7DCAD417A26C849CD08E31BFDFEEF1781FDF142AB98AFD31A789E70FBF86AFD5F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........]6...9.......9...'...B...6.......9...+...'...'...B...6.......9...+...'...+...B.......X.......X.......X...6...9.......9...'...B...6...+...=...6...+...=...1...6.......9...+...-...+...B...K...6...=...6...=...6...9...6.......B...6.......B...A.......-.......X...6...9.......9...'...B...6.......9...+...-...+...B...X...6...9.......9...'...B...6.......9...+...-...+...B...1...K.......P[BL]: smart_toast_config_selector.initialize: Configuration loading failed!U[BL]: smart_toast_config_selector.initialize: Configuration loaded successfully!.tonumber.get_configuration.smart_toast_config_manager.SetOption.config_version.config_id smart_toast_config_selector^[BL]: smart_toast_config_selector.initialize: Config ID or Config Version is nil or empty&smart_toast_client_config_version..smart_toast_config_id.GetOption.settingsB[BL]: smart_toast_config_selector.initialize: Initializing....info.log.core........]6.......9...+...'...'...B...6.......9...+...'...+...B.......X.......X.......X...6...9

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\ss_logic.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):34823
                                                                                                                                                                                                                                                  Entropy (8bit):5.86515989822727
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:IhyM9PIgux64k9yq5nwbpVnk+XQqXMrWD7C7Us7hUfmE:WP9wZOfZh+L57C7Us7hUL
                                                                                                                                                                                                                                                  MD5:27735FFCAFD79E2DD7FAA14983E7B047
                                                                                                                                                                                                                                                  SHA1:3EF73EF114D0F8BAACC6A8DD0E95D9C4D7CF34B6
                                                                                                                                                                                                                                                  SHA-256:FE72597C6E27D3A31E893B754D793AFD614B1501250880812E306ADC286168EB
                                                                                                                                                                                                                                                  SHA-512:4A798E5E861198A11D2D8D4FE991AB2E9B0556701A7BFA90424B27B0808E4029A0819162B2BBF0D417111EF6FA0CCF892F7499420F6EDAA37A3A78C61D80787E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........76...9...9.......9.......B.......X...6...9.......9...'.......&...B...K...6...9...6...9...9.......9.......B...A...6.......9...+...'.......&...6.......9.......B...A...6.......9...+...'.......&...6.......9.......B...A...K....GetCurrentMinVersion.MinBrowserVersion_.GetCurrentMaxVersion.browserSettings.MaxBrowserVersion_.SetOptionInt.settings.GetBrowserStr.lower.stringLInvalid browser type passed to UpdateSupportedBrowserVersionDimensions.info.log.IsValidBrowser.BrowserUtils.utils.core........%6...6.......9...+...'...-...9...B...A...6...9.......9...'...6.......B...&...B...-...9.......X...-...9.......X...6...9.......9...'...B...-...9...L.....7[BL]: alt_triggers_get_cohort: setting cohort to 0.logon_unlock.tostring6[BL]: alt_triggers_get_cohort: settings value is .info.log.core.regular.alt_triggers_cohort.GetOption.settings.tonumber>.......6.......B...X.......X...+...L...E...R...+...L....ipairs@.......6.......9...B.......K......get_config.smart_toast_trigger........-...-...-...D

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\tests_logic.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1783
                                                                                                                                                                                                                                                  Entropy (8bit):5.633941139078878
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:2mDrfjaG7ffgaIddgL9tlVewikdQ9THVK9LySRk:2mfraG7foLddqhiDVPwk
                                                                                                                                                                                                                                                  MD5:6DD0F5422A0B0A63DE2B7E6672159761
                                                                                                                                                                                                                                                  SHA1:BFC28D332AC773FBDCDCD008B64C937C904E8539
                                                                                                                                                                                                                                                  SHA-256:0E3B4BB44790636DCD295570E7B70AFD6EDA5724EB1D6C3F1850213368F23552
                                                                                                                                                                                                                                                  SHA-512:D0AF0F8D018C6F715BC6767F5F740232B744A19C2EEB6931067057BBEF3010DC1B53FBD7432E951B1EC908679A36F02C07937C878CC8FFE292B779734F6807A1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ........)...6...9.......9...'...B...6...9...9...9...9.......X...6...9.......9...'...6.......B...&...B...6...9...9...)...J...6.......9...+...'...+...B.......X...6...9.......9...'...B...6...9...9...)...J...6.......9...+...'...)...B...6...9...B...).......X...6...9.......9...'...B.......6.......9...+...'.......B...X.*.6...9...9...9...........B.......6.......9...+...'...)...B...6...9.......9...'...6.......B...'...6.......B...&...B.......X...6...9.......9...'...B...6...9...9.......J...6...9...'...B...9...6.......9...+...'. .)...B...6.......9...+...'.!.)...B...6...9.......9...'.".6.......B...'.#.6.......B...'.$.6.......B...&...B.......X.......X...6...9.......9...'.%.B...6...9...9.&.....J...6...9.......9...'.'.B...6...9...9.(.....J....ignore_within_timeframe.tests_logic.tt_check: end.no_toastAtests_logic.tt_check: time of date is out of limit. No toast., higher limit ., lower limit *tests_logic.tt_check: current hour - .tt_higher_hour.tt_lower_hour.hour.*t.date.ignore_threshold_passed?tests

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\type_tag_utils.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2150
                                                                                                                                                                                                                                                  Entropy (8bit):5.8901240226380915
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:USmjnzqGkwl85sHGX6lVwas7aeKCRMB52R7N3hWpL:U12UGuORaehk5ONx+L
                                                                                                                                                                                                                                                  MD5:8842D40DEDEC7911CE6FCE164CBD02C0
                                                                                                                                                                                                                                                  SHA1:8AA59AF52E797479B0ED72BE3B9ACA363360A2B2
                                                                                                                                                                                                                                                  SHA-256:8A4F20A6DAD25234A22C3F19D87BAB56E18CA3A59507F945FE580A001B6FFBE1
                                                                                                                                                                                                                                                  SHA-512:11C80C711E63A047046F0A8ECFEBA879E8B8EA097D255F19E8009EC6C1E4371CBF08A34AD8CCDD76E9072BA87084DBB6CCA4793D2C288BEE9CB2A830504BAC0A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ........$...6.......9...+...'...'...B...)...6...9...9...9...B.......X...6...9.......)...B.......6.......9...+...'...+...B.......X...6...9.......)...B.......6.......9...+...'...+...B.......X...6...9.......)...B.......6.......9...+...'...)...B...6...9.......'...B.......X...'...X...6...9...........B.......X...'...X.......6.......B...6...9...9...9...9.......X...'...6.......9...+...'...+...B.......X.).6...9.......9...'...B...6...9...9...9...B...6.......9.......B...'.......X...6.......9.......B.......'. .........6.......B...........'.!.6.......B...'.".....&...L...'.#.........6.......B...........'.!.6.......B...&...L....type=E.M.G.type=G.EscapeA..MD5Hash.utility#get_analytics_hashed_device_id.MiscUtils&make_type_tag: G type tag enabled.info.log.g_type_tag_enabled.5.edge.BrowserType.BrowserUtils.tostring.find.%d+.match.string.*Experiment.*Freemium.*Orphaned.bor.bit.IsSuiteInstalled.common_utils.utils.core.0.*Affid.GetOption.settings..........'...6...9.......'...B.......X...6...9.......'...B

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logic\usage_calculation.luc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2030
                                                                                                                                                                                                                                                  Entropy (8bit):5.596807579263866
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:fhO0Zf/+V+JJUh10pF/M1KsAwTh4Bdj5minH30vY3I+J:Q0nW0cUsABQiH/b
                                                                                                                                                                                                                                                  MD5:6EE000A68CBB4BFB9D2E138103B6DD57
                                                                                                                                                                                                                                                  SHA1:54A356A89FF249F9810081EC4D5681760AB0BDDE
                                                                                                                                                                                                                                                  SHA-256:8B5185E2590714C3B30E2F1A4F9670441AB0E864E81E0013E6B707FDF9FA5225
                                                                                                                                                                                                                                                  SHA-512:0FAC66C1D3E9889B06E8FF4C1BAA30867F062DA01097A3A44800BA34DEFBDE8A30DD06E9F1B9E227B9F4EBE3CB2CCE6A922C9DEFBB36668147F485A9A130DFC4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.LJ..........P6.......B...6...9.......9...'.......&...B...6...6...9...9.......9...+...-.......)...B...A.......X...6...9.......9...'.......&...B...K...6...9...B...6...9...9.......9...+...-...........B...6...6...9...9.......9...+...-.......)...B...A.......X...6...9...9.......9...+...-...........B...6...9.......9...'.......&...B...K.......)calc_on_browser_start: end. Browser .SetBrowserSetting.time.os=calc_on_browser_start: session started already. Browser .GetBrowserSetting.BrowserUtils.utils.tonumber+calc_on_browser_start: start. Browser .info.log.core.tostring...........6.......B...6...9.......9...'.......&...B...6...6...9...9.......9...+...-.......)...B...A.......X...6...9.......9...'.......&...B...K...6...9...B...!...6...9...9.......9...+...-.......)...B...6...6...9...9.......9...+...-.......)...B...A... ...6...9...9.......9...+...-...........B...6...6...9...9.......9...+...-.......)...B...A...6...6.......9...+...'.......B...A...6...9...!...6...9...9...9...#...B...6...9...!...6...9..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\logicmodule.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4541672
                                                                                                                                                                                                                                                  Entropy (8bit):6.544760213696757
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:vmZNRHnBao2l7VKSm+iKQB0Aulh8fGLDXVL5rtORei/vV+VnW8l+Homj1vy4iYuw:CB+j3lh8eLDXVd6znfIeuegdk
                                                                                                                                                                                                                                                  MD5:9CD903BA6980812F23811F8622DF893F
                                                                                                                                                                                                                                                  SHA1:29A00C25A8624935B31309446AF15ACDAE463477
                                                                                                                                                                                                                                                  SHA-256:32EB612688981D2CBB469F54AC0F8CBD7F70698872269582DA9D5C7F7150B416
                                                                                                                                                                                                                                                  SHA-512:13567F64002D9F1080F6D72C4FD21700CEB44084F3E3F719C4D5AA5C3BF9DF22C989BC10B55DA3734F9AFF43DB72EE1F5FC2DA5DBEBC3EEDA81610475E471000
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........E#..+p..+p..+p..qe.+p&./q..+p&.(q..+p&..q..+p...q..+pF..q..+p.(q..+p.-q..+pE./q..+p..+p..+p.*q..+p..*pj.+p./q..+pH./q..+pqv.q..+p.."q..+p..+q..+p...p..+p..)q..+pRich..+p................PE..d....XWg.........." ...$.(4.........P1,......................................0G.......E...`A.........................................C@.<....R@.......F.X.....D..x....D.......F.Ph..0.<.p.....................<.(.....9.@............@4..... =@......................text...<'4......(4................. ..`.rdata..~5...@4..6...,4.............@..@.data...,.....@..:...b@.............@....pdata...x....D..z....A.............@..@.didat..@.....F.......D.............@..._RDATA..\.....F.......D.............@..@.rsrc...X.....F.......D.............@..@.reloc..Ph....F..j....D.............@..B................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\microsoftedgewebview2setup.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1785632
                                                                                                                                                                                                                                                  Entropy (8bit):7.942738490429967
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:NSI3oiG08swq0fhLy0fEg6IGJIlq+S6O8:NSCG08sw3YyEg6IiYq8
                                                                                                                                                                                                                                                  MD5:080FF9263F39F62DBDAE513C66B7B9D2
                                                                                                                                                                                                                                                  SHA1:32DF585659003B10E7ED769932727D53480B9C34
                                                                                                                                                                                                                                                  SHA-256:326CBB6CD7D6062B850337A50200C805CDCBF59A6E05818990E6352AC68B4935
                                                                                                                                                                                                                                                  SHA-512:7A7A21D05FA8D2562A0598B254A25A49099AFA5EBD072DE391D9EE8DC30F57CD2830816C8A2B5997AE74C0B9924185334B15EC5CC3587B74C2E7957296E6E02B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.c......................................................9..............................................[...........Rich............................PE..L....R/`.....................t.......t............@..........................P............@.................................l)..x....`..,............... +...0..p.......T...................<...........@...............H....(..`....................text.../........................... ..`.rdata.............................@..@.data...\....@.......(..............@....rsrc...,....`.......2..............@..@.reloc..p....0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\resource.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):27336
                                                                                                                                                                                                                                                  Entropy (8bit):5.57578184442293
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:UBhBT/W58RrB3M65lWHqXPDenaKb6ki29d1ikN42niSJIVE8E9VF0NyJlP:uBr3M65Kr22Psu/2ExP
                                                                                                                                                                                                                                                  MD5:5E8BFBB3A3DC1E55C7D024E6C1ED51C5
                                                                                                                                                                                                                                                  SHA1:5676951B6835B3426365F73A5FAF398BA705B611
                                                                                                                                                                                                                                                  SHA-256:C5C3A970925D4BA60CE859F90ED37A206BD658B88F852BAC3B182BED75A9C9ED
                                                                                                                                                                                                                                                  SHA-512:F14CDB2AF7B6FCAA7A3C675D512871AF019B83764E848B23EA765EB3B702BC36BF56B9D2D9B93898354F893F7819A706798B1EC3229559770159992C8E3F54FD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Q=.0S..0S..0S..O...0S..OQ..0S.Rich.0S.........PE..L....XWg...........!...$.....>...............................................`......._....@.......................................... ..\:...........@...*..............p............................................................................rdata..x...........................@..@.rsrc...\:... ...<..................@..@.............XWg........o................XWg.........................XWg........l................XWg............................................RSDS../.|.zH.?.iDv......C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\Resource.pdb......................GCTL....p....rdata..p........rdata$voltmd............rdata$zzzdbg.... ..`....rsrc$01....`!.......rsrc$02....................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\servicehost.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):926176
                                                                                                                                                                                                                                                  Entropy (8bit):6.441613709559614
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:kt3osXFOyxMZettus7ZuOE0KQsX/N1atFNRGpLSb0+JV/juMxqOAgzhlt21koJJO:kNFgtqntVbuuqOAgzD0yAJ1vo
                                                                                                                                                                                                                                                  MD5:F7C7039D19E16D05B6194D74E128DFE4
                                                                                                                                                                                                                                                  SHA1:177F53976B4C50DAD0046D9CDBAB9DDC8D605302
                                                                                                                                                                                                                                                  SHA-256:B3B36669F7A96042A822BC563BD7D7A45D3F48F2724CB2B3E111ECB188B35ADC
                                                                                                                                                                                                                                                  SHA-512:E0EAE14E0CE552D50C05C63232A2CB687144DE6C14CE56BA417F2A648E7D64B0B543847534543147C4738F17689962ED322EE966EF738EC19FC440AFF3456716
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........i..i..i.....i....'i.....i.7...i.7...i.7...i.....i.....i..i..h.....i...(..i.....i.Rich.i.................PE..d....YWg.........."....$.`..........Pv.........@....................................A.....`.................................................P...........p................I..........`...p.......................(.......@............p.. ...8........................text...L_.......`.................. ..`.rdata...p...p...r...d..............@..@.data............H..................@....pdata..............................@..@.didat..............................@..._RDATA..\...........................@..@.rsrc...p...........................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\settingmanager.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1976248
                                                                                                                                                                                                                                                  Entropy (8bit):6.542602737128031
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:HSvhHKsJFPGimmqxvsH4CYWI4dq9kuuNCykGo9Fcx1KfhEkSwJ2a5BATvEsIkut:YhDFPDmm+NjiuLGo9FxfvnJ2+2TxzQ
                                                                                                                                                                                                                                                  MD5:A22A9096CB688D8C18EAFBEB7C939B3C
                                                                                                                                                                                                                                                  SHA1:4A4F617248784355F03B25C1902655B034426BE9
                                                                                                                                                                                                                                                  SHA-256:9429B653F74FE7B130DBDF9FCBF0604D3A65F46F7DD62EB6A7F819EAE4425C15
                                                                                                                                                                                                                                                  SHA-512:075A2DF44E2DDCE200A6E01AC4A2E8111163541CEF224940E4DE36C79BC6D943DC0D0EB2593773609A6379BD4041B28F82E15FA2248057614E8A8261776C2453
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........B.I.,KI.,KI.,K..)J..,K..(JG.,K../JC.,K../JD.,K..(J_.,K..-JZ.,K..)J%.,K..(J[.,KI.-K2.,K..(JH.,KS.%J..,KS.,JH.,KS..KH.,KS..JH.,KRichI.,K........................PE..d...qYWg.........." ...$.....v.......................................................x....`A........................................."..T...."..........h....p...........m.......$..$...p.......................(....W..@...............P...x!..@....................text...,........................... ..`.rdata..2<.......>..................@..@.data....$...@.......$..............@....pdata.......p......................@..@.didat..0....`......................@..._RDATA..\....p......................@..@.rsrc...h...........................@..@.reloc...$.......&..................@..B................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\taskmanager.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4248888
                                                                                                                                                                                                                                                  Entropy (8bit):6.51552548631765
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:cGy5W9wQakZKTrZICtWT/kCdT++jhpATJHqb2dyyr5certCHev7WYrLw:h2O0ltSdcHqUychCHcY
                                                                                                                                                                                                                                                  MD5:E04ADD7D426AEFD853FEDADAD1B77C81
                                                                                                                                                                                                                                                  SHA1:B2BE74907C18B4595AC59DE8C5FFB26BBEF6C05B
                                                                                                                                                                                                                                                  SHA-256:807A1C4AFAB2337C2E741EF2449C3B273583183B12FC7EC6311D72FB5C49CEF5
                                                                                                                                                                                                                                                  SHA-512:CA579755FD707F0929440D918DA95149B6A8B8BB62F79F58F75BA0120A9D570245374B5F5392C44B5C92F8A434803362A40BD6B579ADD1CA6E355BE9B40A036A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......uU.14..14..14..zL...4...J..!4...J..;4...J..G4.....94..+K..04..zL..<4..zL..*4...A..#4..zL..(4...A..04...A..%4..14...5.....`4..+K...4..+K..04..+Ks.04..+K..04..Rich14..........PE..d....XWg.........." ...$../...........(.......................................C.......A...`A..........................................;.P...P.;.......C.X.....@..P....@.8.....C..t....8.p.....................8.(... Z5.@............./.`.....;......................text...../......./................. ..`.rdata..*0..../..2..../.............@..@.data.........;.......;.............@....pdata...P....@..R...J=.............@..@.didat........B.......?.............@..._RDATA..\.....B.......?.............@..@.rsrc...X.....C.......?.............@..@.reloc...t....C..v....?.............@..B................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\uihost.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):904488
                                                                                                                                                                                                                                                  Entropy (8bit):6.4427020541085485
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:4/fhi2sqy1ccu9jbG5QJ0zJERddh6y/m1Qdg8dvNVll86NH7oWLC3ftPZ+o6MC9Q:gpihoBvjlllNH7oW+vVs4C9thc
                                                                                                                                                                                                                                                  MD5:C75ACD4F363FEC78A32439364E82021C
                                                                                                                                                                                                                                                  SHA1:4ACD52C71D6CE05E42CC92439DF5D3F7BFA7C35B
                                                                                                                                                                                                                                                  SHA-256:40DFF9FE25E79607D897598995FF7127CEF17826B7E55795C1953B6520524C37
                                                                                                                                                                                                                                                  SHA-512:39E9305D4686AC1E5995B0EEC6C40922D428B0732D71763FFD5934A295B498315216D2F55AD0543CB7E604625F01DF9A089A694533C01CD9448A24A7A9B951FE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........i..i..i.....i....8i.....i.(...i.(...i.(...i.....i.....i..i..h.....i...(..i.....i.Rich.i.................PE..d....ZWg.........."....$. ..........._.........@.............................p.......b....`.........................................................@..p...............(I...P..........p.......................(...p...@............0..............................text............ .................. ..`.rdata...h...0...j...$..............@..@.data............F..................@....pdata..............................@..@.didat....... .......f..............@..._RDATA..\....0.......h..............@..@.rsrc...p....@.......j..............@..@.reloc.......P.......n..............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\uimanager.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5846872
                                                                                                                                                                                                                                                  Entropy (8bit):6.5127665295159405
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:vewckSLoQ9RmaHxsLDXuUnnX3qI1JQ72QQqVU:WwckSFbmaRsLDXu0nXa8++qVU
                                                                                                                                                                                                                                                  MD5:198765D6A4572DA3AA27FB5586F983FC
                                                                                                                                                                                                                                                  SHA1:C6585ED626337107F5902CC9BCD790B452C3196D
                                                                                                                                                                                                                                                  SHA-256:3309A24532E7814A46B593D237CD0EDB96FE29F479D38E0C265CE08ED2F81E97
                                                                                                                                                                                                                                                  SHA-512:FFBE8931EAECB7803A36DDB566B1896BB8D2B9C517AEA8E7D642E0FD495E1397EAC307C1A6870073B38AD4ED4A5BDF2B231135E3CC69D193D184A516D609B83F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$..........V....................G.......G.......G.......................$.......................).......'........B........................................,.............Rich....................PE..d....ZWg.........." ...$.xB.........P.8.......................................\......4Z...`A..........................................Q.<...,.R.@.....[.P....@X..^...FX.X.....[......M.p.....................M.(... .I.@.............B.......Q......................text....vB......xB................. ..`.rdata..Z.....B......|B.............@..@.data........@R......"R.............@....pdata...^...@X..`...:T.............@..@.didat..p.....[.......W.............@..._RDATA..\.....[.......W.............@..@.rsrc...P.....[.......W.............@..@.reloc.......[.......W.............@..B........................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\uninstaller.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2998832
                                                                                                                                                                                                                                                  Entropy (8bit):6.549731823097714
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:0b8E4leMHenRm5Xht5Ljzjj5EIGEjwRiNuoWV6Oh0lhSMXlgQtLoUA405SwFzSKH:LE4le9RC5LjzvAEjN7W4bDdGzSKguZbT
                                                                                                                                                                                                                                                  MD5:3AA2D9539FE8D506B25EB3E3122BF191
                                                                                                                                                                                                                                                  SHA1:7A8832272DCE3E8BC37D13B3735F94EAF71DD256
                                                                                                                                                                                                                                                  SHA-256:36CA61C3EEB21785BB61C5C969D638377B6E1EC0898FFF5794AD67999C179B7C
                                                                                                                                                                                                                                                  SHA-512:CE2EF98F134EBC741EC1C4431A9399D46C953F568213BE11037D52F1C1D4D275DF24EE182B1914F71550FE7F570A32CDF2215140B514E7F258976A837E44678D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........aw...$...$...$...%..$...%-..$P..%..$P..%...$P..%...$...%...$...%..$...%..$...$...$>..%...$...$...$...%...$...%...$...$...$...$...$...%...$Rich...$........................PE..d....YWg.........."....$.......................@..........................................`...........................................$.(.....$......p'.8.....%.PW...2-.0....`..h/....!.p.....................!.(...@...@.....................#. ....................text....~.......................... ..`.rdata..............................@..@.data...4....@$......*$.............@....pdata..PW....%..X....$.............@..@.didat.......P'.......&.............@..._RDATA..\....`'.......&.............@..@.rsrc...8....p'.......&.............@..@.reloc..h/...`...0....-.............@..B................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\updater.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2751968
                                                                                                                                                                                                                                                  Entropy (8bit):6.543746013265706
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:mNSSVGmcW/5GNyfDpK8CMjnlQTvvcmkT9zO1XqS9hzKtkdbCn2Go:ehGmmKphCMjnlYvCS99K9nw
                                                                                                                                                                                                                                                  MD5:9A4C26D4AA627CA1C69D40C9091B4A74
                                                                                                                                                                                                                                                  SHA1:686E3ED1EF9910487492EB99F686FB8463FC2F79
                                                                                                                                                                                                                                                  SHA-256:DAB9D341F72C74C9EB35803119C96AFAD4AFAC8F312D84E2A077944CADF1C41F
                                                                                                                                                                                                                                                  SHA-512:1F2ADEC01039FBDD2B80A0001758B3D040C07912CC2BF41701DDB9C0AC49E34BEBD5C21C9EA03865639B1BCF596B3000D26AA033EA0245AF8DD0EA5A66E14773
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......x.m.<p..<p..<p..w...+p..w....p...../p.....0p.....Dp..w....p..w...+p..&....p..<p..=p......op..<p...q..&...Lp..&...=p..&...=p..<p..=p..&...=p..Rich<p..........................PE..d...TWWg.........."....$.l..........@..........@..............................*.....c.*...`...........................................%.$....%.......(......0'..F...v)......p*..)..0:#.p....................;#.(....E!.@...............x...p{%......................text...nk.......l.................. ..`.rdata.../.......0...p..............@..@.data....s....%.......%.............@....pdata...F...0'..H...:&.............@..@.didat........(.......'.............@..._RDATA..\.....(.......'.............@..@.rsrc.........(.......'.............@..@.reloc...)...p*..*...L).............@..B................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\wa-ui-uninstall.js

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9912
                                                                                                                                                                                                                                                  Entropy (8bit):3.922084693018274
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:/QL4RLAq8F9BeGgTcNTRCNPx6RlrC052ic8:P1IX2X8
                                                                                                                                                                                                                                                  MD5:439B5C6870BF60683B2108830F0C0EE8
                                                                                                                                                                                                                                                  SHA1:6D8686ADBBD7EDB119EE26FCAD89C7A33FB73360
                                                                                                                                                                                                                                                  SHA-256:9A17EA1B5BCFC3C587C42A948D492A9BB862592ED557C6AA4208093A102EE84A
                                                                                                                                                                                                                                                  SHA-512:992E9A7991F51AC017F508E03E6F71C94F65BFAEFC47FB5FCDBFE3AEE2DBD6715B88C97623DC7AC1417C6799E2BF7568A56D5013D68508BA0FDCB9A50227BC41
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:/* Uninstaller UI */..(function (wa, $) {.. var ui = wa.UI = wa.UI || {},.. _instrument = wa.Utils.Instrument,.. _lrt = wa.Utils.Lang.ResType,.. _l = wa.Utils.Lang(_lrt.UNINSTALL).get,.. _core = wa.Core,.. _window = _core.Window,.. _webAdvisor = _core.WebAdvisor,.. _productNameHtml = _webAdvisor.getProductNameHtml(),.. _data = _core.data;.... ui.Uninstaller = function () {.. var checkProgressInterval,.. checkUpdaterInterval,.. checkUpdaterNumRetries ,.. buttonOkId = "wa-uninstaller-button-ok",.. buttonCancelId = "wa-uninstaller-button-cancel",.. buttonCancelCss = "wa-button cancel",.. buttonOkCss = "wa-button ok",.. version = _webAdvisor.getVersion(),.. el = {.. $header: $("#wa-uninstaller-header"),.. $content: $("#wa-uninstaller-content"),.. $footer: $("#wa-uninstaller-footer")..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\wa-uninstall.css

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3558
                                                                                                                                                                                                                                                  Entropy (8bit):4.798796773500084
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:UKQqFbbgRjujt6whhzIr3EfygNkd9ZcRx1+zRMJ9NDG4lzDU8:FxFb8Rjujt6wr8r3EqgNkFcRx1+zRMJZ
                                                                                                                                                                                                                                                  MD5:F63DD51791AA934B2F6D65EA309C24CA
                                                                                                                                                                                                                                                  SHA1:ABBD3F7BCA2A16B227DE767B8A2BDFE5BCDBAD3A
                                                                                                                                                                                                                                                  SHA-256:C2E9C443AAB40E56EBBFDC8314C9395B621C400598B636023D39D2856FCBAD27
                                                                                                                                                                                                                                                  SHA-512:067054925488064E54A17E4EC92D45606ED8C41BAF169C6758E94B47CCD2CD33E8CF39B877FF912B1A389AC0483DD9320E99A3C4F8F8E727421F09E510AB2A03
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:body {.. background-color: #ffffff;.. overflow: hidden;..}....#wa-uninstaller {.. width: 600px;.. height: 473px;.. border: 1px solid #BAC6EA;..}....#wa-uninstaller-header {.. height: 48px;.. display: table;.. width: 100%;.. background-color: #F5F6FA;.. border-bottom: 1px solid #BBC7E7;..}.... #wa-uninstaller-header > div {.. display: table-cell;.. }.... #wa-uninstaller-header .title {.. vertical-align: middle;.. }....#wa-uninstaller-header-close {.. float: right;.. position: relative;.. top: 12px;.. right: 12px;.. cursor: pointer;..}......#wa-uninstaller-content {.. margin: 24px 30px 0px 30px;.. color: #404040;.. font-size: 12px;.. height: 67%;..}....#wa-uninstaller-start h3 {.. font-size: 16px;.. font-weight: bold;.. color: #53565A;.. margin-bottom: 5px;..}..#wa-uninstaller-start h5 {.. font-size: 14px;.. font-weight: 400;.. color: #53565A;.. margin: 0px;..}....#wa-uninstaller-st

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\wa-uninstall.html

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1304
                                                                                                                                                                                                                                                  Entropy (8bit):5.275006435536822
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:csYzTEL0GNVMz7jVMz7EVMz7VMz/VMzlLVMCdLG7OLG3LGt1LGzAdpKJz/To:3OTEL0Sv265iCdLG6LG3LGt1LGzArKds
                                                                                                                                                                                                                                                  MD5:FCD0694DAA6D877837A41C6B7990F0F3
                                                                                                                                                                                                                                                  SHA1:D43BB82B88775AAC31939AED1C94880283353AD5
                                                                                                                                                                                                                                                  SHA-256:A9A6391E0C62AE8A4B5B4849D53E1EFD6FA9928AAABBADA99EC64F78545AF4F9
                                                                                                                                                                                                                                                  SHA-512:4CD94146C2A594944A93C25F0128E244196B99895DAF15E5FC2CC40A52C49F779095D364143CB8203816597E704E12CDA955DB72E1A0DEC16FC697C07DA82EFB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.<html>..<head>.. <title>WebAdvisor</title>.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.. <meta http-equiv="X-UA-Compatible" content="IE=11" />.. <link type="text/css" rel="stylesheet" href="wacore:mfw\\packages\\builtin\\wa-common.css" />.. <link type="text/css" rel="stylesheet" href="wacore:wa-uninstall.css" />.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\jquery-1.9.0.min.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-uninstall-#loc#.js"></script>.. <script type="text/javascript" src="wacore:jslang\\wa-res-shared-#loc#.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-utils.js"></script>.. <script type="text/javascript" src="wacore:mfw\\packages\\builtin\\wa-core.js"></script>.. <script type="text/javascript" src="wacore:wa-ui-uninstall.js"></script>..</head>..<body>.. <div id="wa-uninstaller">.. <div id="wa-uninstaller-header

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\webadvisor.ico

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:MS Windows icon resource - 11 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):99892
                                                                                                                                                                                                                                                  Entropy (8bit):3.9749743269785345
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:JLBqG5eVRjB/jZRj0t4kgU1l50AIDP88+2Y:JLBh5eWgU1B8+2Y
                                                                                                                                                                                                                                                  MD5:236FC5ABB597615A608DAB7BE98D5FBC
                                                                                                                                                                                                                                                  SHA1:18D3D1CF56898B264A24DE24DC13E4B9B7EED768
                                                                                                                                                                                                                                                  SHA-256:06ADAB20CB028B5DC61762691E8C8A6157EB1199526F7C773338B9BF51BD63C6
                                                                                                                                                                                                                                                  SHA-512:155766AA5659BB9E298AEDE4064832168002EEDEE836710C2259446FC35437AD70C04454DEF2D9EB40A83A029351EA1726D65ACBDB8FE8217C016FD4986F7F4E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......00......h....... ......................(.......00.............. ......................h...~"........ .n....'........ .(...TC..00.... ..%..|K.. .... .....$q........ .h......(...0...`...........................................................................................................p......................9Yx...................yyy9Y..................yyY.yy57...............s.....y.yy.............y9Y9Y5..9y.w.............9yyy.....................y.9qy....yy5............yyy.yqy.y.Y9yp...........y.xy....9yyY5....yY9.y.9.......yq....p....9yyqqyp......y.yy5.p...YyY9..p.......yy9Y.Y.........p..............p...Yyy.p...............p...99Yw............y9S.0...................yy..p....yY8............yyS.p...y9y.............y1......y.Y8............yYy.p...................y9yyp...................yyY.p...yyy.............y9yq....9Y.w............yyY9p...................y9yYp...................yyY9p...................y9q.....................yyYyp.......................p.............P.....

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.chrome.extension.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):676
                                                                                                                                                                                                                                                  Entropy (8bit):4.824937383394461
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:ShnHvOaKiUlLAjxOw+aJ/0u74odpE5vvi7B4BLpMZhNl/PKqlKuV:ShnPOaKioAjxEaN94MpEJq7SBlMZ79oi
                                                                                                                                                                                                                                                  MD5:D4525EEF75A5ED31DD1463E94E63EE32
                                                                                                                                                                                                                                                  SHA1:9D2B35EF3800BF1CD34F6AFE03EDF1B02F75B7EA
                                                                                                                                                                                                                                                  SHA-256:E8BE10CE45725068D0B6F7B90C1F86C90B0F949B9FB4229CF9EE4A82DF9980E8
                                                                                                                                                                                                                                                  SHA-512:E92548F4F2B49138BEFE5800DD459F0A9DB3062B32661D98BD9E393D2510E9B41822ABCA3FDF179A7EBCA6B8899E0634B668FDDD1D1A1E67D8A5876F11C85D18
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "Chrome Native Messaging API Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/",.. "chrome-extension://klekeajafkkpokaofllcadenjdckhinm/",.. "chrome-extension://enppghjcblldgigemljohkgpcompnjgh/",.. "chrome-extension://mfifoblohohmjoaiclakcbicbeklikgl/",.. "chrome-extension://kanjcmmieblbpbihaafnedamppkhfadn/",.. "chrome-extension://jhnkplodgdopckiblgedcpoidpgcdbfi/",.. "chrome-extension://bgdpakbfhblhpnbhhajplljnioenlpnk/",.. "chrome-extension://hkflippjghmgogabcfmijhamoimhapkh/".. ]..}..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.firefox.extension.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):332
                                                                                                                                                                                                                                                  Entropy (8bit):5.199984426997364
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:3FHWb4FPe8e/ihvqbRVnRUvFFwF1pl8q96DJqHmAf2U2LhGdFm/dwwuEYOi:1Hi7Gv6iK1re/3dwwBi
                                                                                                                                                                                                                                                  MD5:ED06108D883C1FFED6910F55AC4A5A3D
                                                                                                                                                                                                                                                  SHA1:7974E1658801A128A23C0B2737545F2AB5C5F3F2
                                                                                                                                                                                                                                                  SHA-256:B659E0167E9CEBFB8A031F259D840577B3897ABF3E91C2ABBE3E8F947598FF47
                                                                                                                                                                                                                                                  SHA-512:075F93DE9A8065B939BD947D23F2D3F1EA793AFA492CA030B0B24C4FB223F85846A37DF908ED5DD08987AFFA60AB3ECB6ACA512C777F05E9DD7849976868D6E8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "name": "siteadvisor.mcafee.chrome.extension",.. "description": "Firefox Native Messaging Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_extensions": [.. "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}",.. "{DFC8025B-FC38-42B1-9E3A-DFA474F33D93}",.. "{C1DB8E20-28BB-4222-8020-FB40187BA1A6}".. ].. }

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.chrome.extension.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):675
                                                                                                                                                                                                                                                  Entropy (8bit):4.830153549273225
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:JaWhnHvOaKiUlLAjxOw+aJ/0u74odpE5vvi7B4BLpMZhNl/PKqlKuV:JaWhnPOaKioAjxEaN94MpEJq7SBlMZ7R
                                                                                                                                                                                                                                                  MD5:B09DB140B1A6360DC1D7F6BCF9D85B22
                                                                                                                                                                                                                                                  SHA1:09839EFA3B9055D51BFE566E9F5F8B7529B085D2
                                                                                                                                                                                                                                                  SHA-256:395D1298C7E5A9D6A7F45A0A84F89A0652DE890F202812FE3EF0DA830F24A98C
                                                                                                                                                                                                                                                  SHA-512:F1539E728D9F7DB8870CE58D2B4C49431DB288DD4D26D3C3D52374BB1B856001E8BF541650CF77813308060EDC57939E35E0B21D99EE18F0D2681FE052E91145
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "Chrome Native Messaging API Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_origins": [.. "chrome-extension://fheoggkfdfchfphceeifdbepaooicaho/",.. "chrome-extension://klekeajafkkpokaofllcadenjdckhinm/",.. "chrome-extension://enppghjcblldgigemljohkgpcompnjgh/",.. "chrome-extension://mfifoblohohmjoaiclakcbicbeklikgl/",.. "chrome-extension://kanjcmmieblbpbihaafnedamppkhfadn/",.. "chrome-extension://jhnkplodgdopckiblgedcpoidpgcdbfi/",.. "chrome-extension://bgdpakbfhblhpnbhhajplljnioenlpnk/",.. "chrome-extension://hkflippjghmgogabcfmijhamoimhapkh/".. ]..}..

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\webadvisor_v2.mcafee.firefox.extension.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):331
                                                                                                                                                                                                                                                  Entropy (8bit):5.221057694206649
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:3FHWEas4FPe8e/ihvqbRVnRUvFFwF1pl8q96DJqHmAf2U2LhGdFm/dwwuEYOi:1HZaW7Gv6iK1re/3dwwBi
                                                                                                                                                                                                                                                  MD5:49D8FD2B7CDD52D1CD2F2F3F019A597D
                                                                                                                                                                                                                                                  SHA1:62548306CE140C5336570EB02D4AF566121CFC65
                                                                                                                                                                                                                                                  SHA-256:B114F82CBCB910A1F282E823266801468571F3F2DB9802AFFD3C758F933CE9C2
                                                                                                                                                                                                                                                  SHA-512:3F9FA7C2D56A3BA12690D1D2107FC12D66CC6294D0C1A5003221E4B7A6C6481197BFD05CDEFFDE09F2D2AEF55132CE8CBEB40953AD25A96BF40675907FE68B16
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{.. "name": "webadvisor.mcafee.chrome.extension",.. "description": "Firefox Native Messaging Host",.. "path": "BrowserHost.exe",.. "type": "stdio",.. "allowed_extensions": [.. "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}",.. "{DFC8025B-FC38-42B1-9E3A-DFA474F33D93}",.. "{C1DB8E20-28BB-4222-8020-FB40187BA1A6}".. ].. }

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):646112
                                                                                                                                                                                                                                                  Entropy (8bit):6.615158378781579
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:e1btYO+v7ftQNF8XpEB3iePkNEoj+rgSfshPyMjEmjM0ZQ1w:0b3g4oj+pMjEmw0OS
                                                                                                                                                                                                                                                  MD5:E771F356A7E30D21457CDA44836F8DBB
                                                                                                                                                                                                                                                  SHA1:99B8069134AFB4471D42721CD01AE6E430E473B6
                                                                                                                                                                                                                                                  SHA-256:D4C1E8B473B11BE236DFC772A694F1C2B360A844613F7FB2B9FCD5ADD761B056
                                                                                                                                                                                                                                                  SHA-512:90600A4E49097668A5B7C4792FECE1D20584E16BEC0C2950CA8626529CD6F61F6281154B309246C62168805A7AC3B7881F51AC783421B9178218F7487DBEB7D5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......#..~g.-g.-g.-<..,h.-<..,..-V.}-e.-..}-f.-5..,?.-5..,w.-5..,~.-..,f.-<..,..-<..,w.-s..,e.-..,k.-...,h.-g.-B.-..K-b.-.,f.-.,..-...,j.-...,f.-...-f.-...,f.-Richg.-................PE..L...x1.e...........!......................... ......................................e<....@.........................P.......(........p..@................?.......^...A..p...................@C......pB..@............ ...............................text............................... ..`.rdata..V.... ......................@..@.data....Y.......@..................@....rsrc...@....p.......8..............@..@.reloc...^.......`...<..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):804776
                                                                                                                                                                                                                                                  Entropy (8bit):6.352926794265583
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:ESMUeSJFVwoykQGh5YHWSGBjfWeVoNErPgdo:ESbRJFBykQ8YHWvFWeVKErPg
                                                                                                                                                                                                                                                  MD5:25EBD76F4F56BF3791735C1D5E539577
                                                                                                                                                                                                                                                  SHA1:B4A89100A510E9BE58446F74300C34536A9EFD29
                                                                                                                                                                                                                                                  SHA-256:EAD25990DBD86BCDB82A61921DBC19356AE9740E75F9B10767DD99AEB09BCA50
                                                                                                                                                                                                                                                  SHA-512:D416B3FCA1CB7E2D04A5826D2DC2DE0DEC3F4663636C6758AA399FB7E9D26CCAAC3E5F6E19F159695A4AEE02C13B7263818195A51CF6C92785A6364CDDF9474C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.........Wm.9>.9>.9>..:?.9>..<?P.9>...>.9>..<?..9>..=?..9>..:?.9>S.<?.9>..=?..9>..8?..9>..8?.9>V.<?.9>r.<?.9>.8>.9>3].>.9>y.=?.9>y.<?..9>).0?.9>).9?.9>)..>.9>).;?.9>Rich.9>........................PE..d...R1.e.........." ......................................................................`.................................................x........P..@........x.......E...`...... ...p.......................(.......8............0..(............................text............................... ..`.rdata.. ....0......................@..@.data...Tt...@...L..."..............@....pdata...x.......z...n..............@..@_RDATA.......@......................@..@.rsrc...@....P......................@..@.reloc.......`......................@..B........................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\AVG\Antivirus\gaming_mode\dnddetection.dat.ver.ipending.af551dba

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Jn:J
                                                                                                                                                                                                                                                  MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                                                                                                  SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                                                                                                  SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                                                                                                  SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:15

                                                                                                                                                                                                                                                  C:\ProgramData\AVG\Icarus\Logs\event_manager.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):142
                                                                                                                                                                                                                                                  Entropy (8bit):4.6676302000496035
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:RGUKMNDew/B4tTTd2+UVkV4FCvg3IKRHRoWnB6TewtAocv:RDV/OtTPlVLg3IKw6B6Tjy3
                                                                                                                                                                                                                                                  MD5:B2C91AE82FBC9E6A1794B379CE9CECBA
                                                                                                                                                                                                                                                  SHA1:75345C54C746B22CC9A7F176FE3696C1B80C6D5D
                                                                                                                                                                                                                                                  SHA-256:2200B4236F4B111BC15FBBED7235513D478A706A79299F2CB0F2026849AF4930
                                                                                                                                                                                                                                                  SHA-512:2D323532D0EF3B3F70FAB49BDA7EA572190C08A1A6130C41F2CC9DD6C5A9B907E04541F7FC7EED68790A8C006F095927E1A0871A2B50384F87D94719E58D9CDF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.[2024-12-23 18:15:57.253] [info ] [burger ] [ 3872: 5680] [8A4F0A: 55] Storage path was not set so neither stored events are read...

                                                                                                                                                                                                                                                  C:\ProgramData\AVG\Icarus\Logs\icarus.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (608), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):1365009
                                                                                                                                                                                                                                                  Entropy (8bit):5.382107128204218
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:/1X4Bw/bYjNt6jjR4zqX1R+5flKOKZNINXuE2KK0jZ0vmn/SQEtBHoL:DX1AKOKZNIBuE2KK0jZ0vm/SQEtBHY
                                                                                                                                                                                                                                                  MD5:D9EE606D15B91F34A3071CB254CB9259
                                                                                                                                                                                                                                                  SHA1:8B976A756061478822DB66D90A2EA4F0E136FDB0
                                                                                                                                                                                                                                                  SHA-256:72AD85E9A1F5692AD9D2B6C9671E0B52BB80DAD68CA9517D747C4207A9A9DD40
                                                                                                                                                                                                                                                  SHA-512:A848027DE3698D3C3C841371D030EB439AC6AB486E6410E509927B3E9C412865FD6CE59322439D1EFA80C7236AC60EC55B82362231518FD1EB1754DE5FD7D5CC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.[2024-12-23 18:15:34.745] [info ] [entry ] [ 6528: 6504] [231CAF: 39] Icarus has been started...[2024-12-23 18:15:34.745] [debug ] [settings_lt] [ 6528: 6504] [18C22A: 190] generic accessor for scheme registry set..[2024-12-23 18:15:34.745] [debug ] [event_rout ] [ 6528: 6504] [CECE0F: 49] Registering request fallback handler for event_routing.enumerate_handlers. Description: event_routing_enumerate_handlers_handler..[2024-12-23 18:15:34.745] [debug ] [event_rout ] [ 6528: 6504] [CECE0F: 49] Registering request fallback handler for event_routing.enumerate_handlers2. Description: event_routing_enumerate_handlers_handler..[2024-12-23 18:15:34.745] [debug ] [event_rout ] [ 6528: 6504] [CECE0F: 49] Registering event handler for app.settings.PropertyChangedValue...[2024-12-23 18:15:34.745] [debug ] [event_rout ] [ 6528: 6504] [CECE0F: 49] Registering event handler for app.settings.PropertyChanged...[2024-12-23 18:15:34.745] [debug ] [event_rout ] [ 6528: 6504] [CECE0F:

                                                                                                                                                                                                                                                  C:\ProgramData\AVG\Icarus\Logs\sfx.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (1466), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):13866
                                                                                                                                                                                                                                                  Entropy (8bit):5.556486394822311
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:XgZojgY/yOb/w/7mNBTrYrf5ErhrarQrEWrD0:XMocu5DaSNdEzi1+Mh30
                                                                                                                                                                                                                                                  MD5:06311B605CA2EC1C3067A56E8DD18D49
                                                                                                                                                                                                                                                  SHA1:4D3950456C36D0F73B5E38078BA2FC6D50DD4FA3
                                                                                                                                                                                                                                                  SHA-256:CF325F6E030FAEC0ECD50C235ADEBDD5C12220E35700AD53148AC74A44077627
                                                                                                                                                                                                                                                  SHA-512:A92549E8ED36B132459B9E4B564B0B09F5EB0E56E540BA0FB1534EF6B6910A8B80166410CF019E34E707AA54762E7BF47D2B881406339402B4692A118E8B6DF7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.[2024-12-23 18:14:53.965] [info ] [isfx ] [ 2120: 3844] [C7794E: 183] *** Starting SFX (24.12.8365.0), System(Windows 10 (10.0.19045) x64) ***..[2024-12-23 18:14:53.965] [info ] [isfx ] [ 2120: 3844] [C7794E: 184] launched by:'6508-C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe'..[2024-12-23 18:14:54.012] [debug ] [device_id ] [ 2120: 3844] [8A1DA9: 70] Storing the new fingerprint..[2024-12-23 18:14:54.246] [info ] [isfx ] [ 2120: 3844] [2A6F3E: 34] SFX started with command line '/silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492'..[2024-12-23 18:14:54.246] [debug ] [isfx ] [ 2120: 1748] [3A3D94: 62] Sending report data: ({"record":[{"event":{"type":25,"subtype":1,"request_id":"2bd8ecd9-143c-453c-a7e1-61c9cb83fbac","time":17349828434

                                                                                                                                                                                                                                                  C:\ProgramData\AVG\Icarus\avg-av\icarus.ini

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):166
                                                                                                                                                                                                                                                  Entropy (8bit):4.990202766082142
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:tv+p5RVZCoVENjpbrikf6EI8FWv0dIQLoqDv3RIBLICWvv:tmp53FVumkiEI8FW0IDqDvRIBL1W3
                                                                                                                                                                                                                                                  MD5:C043A3BEB23CC43CB3E9ACAE2AD9D8B4
                                                                                                                                                                                                                                                  SHA1:F8A300A14643D9D2EF708839D882FA8FAE274F73
                                                                                                                                                                                                                                                  SHA-256:3DF024F72A0BCDD90A7C140591E224492481EB7F32A940BFB9AF1CDB6472AF9E
                                                                                                                                                                                                                                                  SHA-512:E5BAA81E296B7F06360ED20D9484A137CA49C0505D2C94947B978B09B277F13184E540098E21DAAD0A72D8DDD831A57D6AC0E67C0AA860D87A051B55C3C9FFF2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:...[avg-av]..company-install-path=C:\Program Files\AVG..company-reg-key=SOFTWARE\AVG..product-dir=Antivirus..product-reg-key=Antivirus..program-data-dir=Antivirus..

                                                                                                                                                                                                                                                  C:\ProgramData\AVG\Icarus\settings\temporary_proxy.ini

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):278
                                                                                                                                                                                                                                                  Entropy (8bit):3.4584396735456933
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:Q9oPdKwo/e7nwY0ow+lGUlYlUlulnvm4HflKmaGHfltNv:QCFKwh7CaI/VJNKKHNX
                                                                                                                                                                                                                                                  MD5:B8853A8E6228549B5D3AD97752D173D4
                                                                                                                                                                                                                                                  SHA1:CD471A5D57E0946C19A694A6BE8A3959CEF30341
                                                                                                                                                                                                                                                  SHA-256:8E511706C04E382E58153C274138E99A298E87E29E12548D39B7F3D3442878B9
                                                                                                                                                                                                                                                  SHA-512:CF4EDD9EE238C1E621501F91A4C3338EC0CB07CA2C2DF00AA7C44D3DB7C4F3798BC4137C11C15379D0C71FAB1C5C61F19BE32BA3FC39DC242313D0947461A787
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......[.P.r.o.x.y.S.e.t.t.i.n.g.s.].....A.u.t.h.o.r.i.z.a.t.i.o.n.=.0.....A.u.t.o.m.a.t.i.c.E.n.a.b.l.e.d.=.0.....C.o.n.f.i.g.U.r.l.=.....F.a.l.l.b.a.c.k.=.1.....P.o.r.t.=.8.0.8.0.....P.r.o.x.y.N.a.m.e.=.....P.r.o.x.y.T.y.p.e.=.0.....U.s.e.r.N.a.m.e.=.....U.s.e.r.P.a.s.s.=.....

                                                                                                                                                                                                                                                  C:\ProgramData\McAfee\WebAdvisor\AnalyticsEtw\analytics_wa.etl

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):196608
                                                                                                                                                                                                                                                  Entropy (8bit):5.463459325402859
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:UjZ0cgojppVaomoFAToGqcK1hUonzmcci2PIMMCqtD5FI9xdPwaNKK9pjHJi89rD:2Zj7EToG6VaIbLFIVPrQY/OdMaY1yLe
                                                                                                                                                                                                                                                  MD5:0DC60BD27182DD13C17810E6C9B7923C
                                                                                                                                                                                                                                                  SHA1:B5520CF3D72269DAF1DF650964DFAE2B48C8FEA3
                                                                                                                                                                                                                                                  SHA-256:FC9BB38CA20676C0061DAE7C3DEF7926D67E856C5B803C09246B28B7B83B5232
                                                                                                                                                                                                                                                  SHA-512:8251A6D5D5E3713F908AC147598FF9A652431B414A97ED8D405B96DC22CC34257D994840868FCE4CC55F471CDA6F5B4734444B08D2773D05266DCCA547B282EC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:................................................p...!...........................p.......].7.fU..................eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................O............].7.fU..........M.c.A.f.e.e. .{.7.A.D.6.1.B.2.6.-.D.7.5.1.-.4.8.7.E.-.B.5.5.7.-.6.9.2.6.A.5.5.8.2.D.D.B.}...C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.c.A.f.e.e.\.W.e.b.A.d.v.i.s.o.r.\.A.n.a.l.y.t.i.c.s.E.t.w.\.a.n.a.l.y.t.i.c.s._.w.a...e.t.l.............P.P.p.......].7.fU..............................................................8.B.].7.fU..19041.1.amd64fre.vb_release.191206-1406.......@.].7.fU..q...&.I.._$..M5....C:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\AnalyticsManager.pdb................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\McAfee\WebAdvisor\ServiceHost.exe\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):236
                                                                                                                                                                                                                                                  Entropy (8bit):4.956733904114987
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:rtRhGR1Rbz6RM0Rcz468tRhvPER1Rbz6RM0Rcz46I:ZRhGRbbsZtRhvPERbbsZz
                                                                                                                                                                                                                                                  MD5:E470AAAFC8D3BD6DBC48965175D43E9E
                                                                                                                                                                                                                                                  SHA1:83FF27C2E359D0396D35653FF1125334170338DF
                                                                                                                                                                                                                                                  SHA-256:7916AE13D436FD0D3CCFB06FD513B09F327ED87E5676B3FAD8904D2F255E1A4F
                                                                                                                                                                                                                                                  SHA-512:CE691025E0171A5F4CD06296F100CD290E00C8FA1242619153492C572F7D47E94C3C66DA41F66A5FA9C950475EDFEB3725D9F4F8B1117033B30E619914936072
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:[ERR][20241223 14:42:24.480][wps_utils_scriptable.cpp@58]: Failed to get value of WPS setting ai.audio.opt_in.status..[ERR][20241223 14:42:24.491][wps_utils_scriptable.cpp@58]: Failed to get value of WPS setting ai.audio.opt_in.status..

                                                                                                                                                                                                                                                  C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1362
                                                                                                                                                                                                                                                  Entropy (8bit):4.896605386564538
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:Z9yert5bh9lMrtP9lrt89brtORD9Brt/9rMrt3D9nrti9LrtP9qrtR9ert1p9kdH:Z3ZphwZPPZ8RZORDfZ/+Z3DdZilZPoZX
                                                                                                                                                                                                                                                  MD5:AC9CFB60FBDB15D01ACA2975EF2602F1
                                                                                                                                                                                                                                                  SHA1:62B5F2741B4E7CF354BD5DB58DDE1D8E758B077C
                                                                                                                                                                                                                                                  SHA-256:0E782A71F996883F6E535F4B84CC9E677D8C394800C72A7EC06E0CB407451503
                                                                                                                                                                                                                                                  SHA-512:C90E1FD90770A6C7F6A94017D6FF00328031BE652938AF7FF92B22531ABCAE11AE83D3FAAE2B9B393A36880E731A10E6AD936B6ECBB07ABFDBCDCB5ABC217A1F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:[ERR][20241223 14:42:14.353][ProcessUtils.cpp@186]: Failed to open process with id 0. Error 87..[ERR][20241223 14:42:14.363][ProcessUtils.cpp@186]: Failed to open process with id 4. Error 5..[ERR][20241223 14:42:14.366][ProcessUtils.cpp@186]: Failed to open process with id 92. Error 5..[ERR][20241223 14:42:14.368][ProcessUtils.cpp@186]: Failed to open process with id 324. Error 5..[ERR][20241223 14:42:14.371][ProcessUtils.cpp@186]: Failed to open process with id 408. Error 5..[ERR][20241223 14:42:14.404][ProcessUtils.cpp@186]: Failed to open process with id 484. Error 5..[ERR][20241223 14:42:14.409][ProcessUtils.cpp@186]: Failed to open process with id 492. Error 5..[ERR][20241223 14:42:14.412][ProcessUtils.cpp@186]: Failed to open process with id 620. Error 5..[ERR][20241223 14:42:14.415][ProcessUtils.cpp@186]: Failed to open process with id 1476. Error 5..[ERR][20241223 14:42:14.419][ProcessUtils.cpp@186]: Failed to open process with id 3304. Error 5..[ERR][20241223 14:42:14.424][Pro

                                                                                                                                                                                                                                                  C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_000B005C003C0011001B.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):211
                                                                                                                                                                                                                                                  Entropy (8bit):5.051121448167952
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:rtRhe4y6k2JM0RG0DKhSm0tRhcGJaZVjwOrADGq:ZRhndk2JTDFnRhcGJarjhroZ
                                                                                                                                                                                                                                                  MD5:55E87939C8AAF0A58C2ABE528B97E603
                                                                                                                                                                                                                                                  SHA1:3E05BF160E792910CB4526EC97D090A8E7704817
                                                                                                                                                                                                                                                  SHA-256:1C10D5BFF3466E98FBE2EB11A4A83936336CCC97CAC13F8C646779678723333B
                                                                                                                                                                                                                                                  SHA-512:D3555E63A4F9DA18A6B44B6BDCED60ECBCE2B558D9ADF4250B87009B96A2B279EE3D1B4755FE8CC9902A57BB73D05D4463077CDD63DE38B44DC216D099C3E148
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:[ERR][20241223 14:40:35.071][ProcessUtils.cpp@210]: Failed to get executable filename for process with id 476. Error 31..[ERR][20241223 14:41:10.500][HttpsDownloadFile.cpp@200]: Unable to open HTTP transaction..

                                                                                                                                                                                                                                                  C:\ProgramData\McAfee\WebAdvisor\wa.dat

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3043002, file counter 217, database pages 15, cookie 0x3, schema 4, UTF-16 little endian, version-valid-for 217
                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                  Size (bytes):61440
                                                                                                                                                                                                                                                  Entropy (8bit):4.553801723129843
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:8Du3J1DAIsmWprv33DQOip1R+ws1mYwiqDjVNNXIIsdDBaELi8eCXhXcS7uje6Dp:UIHPsmWprv33DQOip1R+wowiqDjVNNXd
                                                                                                                                                                                                                                                  MD5:DF634434B0B3999787B042F02413089A
                                                                                                                                                                                                                                                  SHA1:5F78121B4637326F2A20BE0ECDD7B0F0579AD2BC
                                                                                                                                                                                                                                                  SHA-256:61BB779F57DF3B3E61C0ED8CFBA9C28FC04112904C893865D48C09E698048423
                                                                                                                                                                                                                                                  SHA-512:5F74BA6B32268D8D847786CFE17C844D4B6D68867C87024E9DB7A79DD2B3ABF287DDF82C447D735FD7BDF75046C62B394B3EC42A464151416F21A71E81DE66A2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................n......._..=.R._......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                                                  Entropy (8bit):1.307370244005989
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrL:KooCEYhgYEL0In
                                                                                                                                                                                                                                                  MD5:55CB0FC13C5CED91A3F0F32593181813
                                                                                                                                                                                                                                                  SHA1:207EE53D00B2571433FBD855435C24AE824F7997
                                                                                                                                                                                                                                                  SHA-256:A01894CAF486D9B3416A8AA6599AED750700196F0D153E023AE6C68431451198
                                                                                                                                                                                                                                                  SHA-512:413F844FDDA7ADF802FD1F8C00B4558DB89A5D0E355E155552C0C0F90A4EC59C20D1388CF6D052A61A6ADD2D097DC471FD06C1B6C6540F19A89D5B65E6169215
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:Extensible storage engine DataBase, version 0x620, checksum 0x8b36b425, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1310720
                                                                                                                                                                                                                                                  Entropy (8bit):0.4221915871796287
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:ZSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Zaza/vMUM2Uvz7DO
                                                                                                                                                                                                                                                  MD5:9997550907B8F8517A7392CC1B5F29B9
                                                                                                                                                                                                                                                  SHA1:C2AB1F87B007D13372BB8985D137A07E6EB1BB22
                                                                                                                                                                                                                                                  SHA-256:29BFA9066E4FC4E1CC2BA568EF1F71DA15493D12424181FA30DF5CA106D26AF0
                                                                                                                                                                                                                                                  SHA-512:58B539DB9D18FB129284E05C900D0CA0D0669A062673DE617D75B9B6BFE01686DB230C88BEA0E4BC0E6DCCF941A4FBEF2DCF43D23BCD65F99D0F6706D59B9BCD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.6.%... .......A.......X\...;...{......................0.!..........{A.9....|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................s...9....|...................).Z9....|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):16384
                                                                                                                                                                                                                                                  Entropy (8bit):0.07752088295003987
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:+9WtKYerjyxlgCjn13a/XqZqlYllcVO/lnlZMxZNQl:CyKzrjy753qXqZqlIOewk
                                                                                                                                                                                                                                                  MD5:0E97E5DF2A588014A32D77B365D8B496
                                                                                                                                                                                                                                                  SHA1:71305A30E8AAE6CD5AB48791DA9BD4534AD3A8FB
                                                                                                                                                                                                                                                  SHA-256:B2C6F57CA85195025CDA1F801729D20D303121CD30BEF4D4D6CE4D12A4E7BBF9
                                                                                                                                                                                                                                                  SHA-512:B8852ACBFAF6EFB62631AA90C1CD91702713F162B25314765C44106F00D296304D82F429E7F586E41664665E55A54610838127B4E6C796219A50232FA9C08686
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.jNX.....................................;...{..9....|.......{A..............{A......{A..........{A].................).Z9....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Violated Heroine_20a7b1d5b636dc70a85b7f815cf778a7a95eea_cb35271f_56f580e1-6aaa-4359-98dc-3a171e5bd2c4\Report.wer

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                  Entropy (8bit):1.3830300497941046
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:wvkQousL0/SFnjiBO3TURKI/dzuiFRZ24IO8i:IkQousY/SFnjPUR7FzuiFRY4IO8i
                                                                                                                                                                                                                                                  MD5:F44F6D27233006E22AA7A26F50B17DB8
                                                                                                                                                                                                                                                  SHA1:6BA6E0BA6B6C09943466AFE192174590DB2494C1
                                                                                                                                                                                                                                                  SHA-256:DB3481A793C70936C319246A0D8847C8E79B0E45653937F881B2E84D94C001E7
                                                                                                                                                                                                                                                  SHA-512:7895254E0D88D0B31A4679EE0F66844C1EC3A551F99CA2E38C1D4B0F6E72D299B636B05549BE2CAECB692D3DC173A2D0D9F8910C0820DCFDACDE2D99C119D5A6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.5.1.3.5.9.0.6.1.6.4.9.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.5.1.3.5.9.7.9.6.0.3.6.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.6.f.5.8.0.e.1.-.6.a.a.a.-.4.3.5.9.-.9.8.d.c.-.3.a.1.7.1.e.5.b.d.2.c.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.c.7.b.8.4.a.5.-.a.f.a.0.-.4.0.c.7.-.9.4.8.8.-.c.9.6.f.d.8.f.0.8.9.f.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.V.i.o.l.a.t.e.d. .H.e.r.o.i.n.e._.9.1.z.b.Z.-.1...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.2.4.-.0.0.0.1.-.0.0.1.4.-.4.d.c.a.-.6.0.6.b.6.6.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.0.7.b.8.b.0.d.9.6.e.9.8.c.a.a.6.d.c.8.d.0.1.9.6.5.9.4.

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Violated Heroine_455396421d85e522d9a44a8f3272866e4743efd_cb35271f_958ab82e-2aa6-4ca0-befb-64251fd75cfe\Report.wer

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):65536
                                                                                                                                                                                                                                                  Entropy (8bit):1.3828339846152964
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:uT4oug30KWpJjjiBO3TURKI/dzuiFRZ24IO8i:04ougEKWpJjjPUR7FzuiFRY4IO8i
                                                                                                                                                                                                                                                  MD5:51C26953841E364AD9E38328995C3F4C
                                                                                                                                                                                                                                                  SHA1:481140D28DF00959A6089FCDFB9EEC8A65C7CBCF
                                                                                                                                                                                                                                                  SHA-256:66F6AF95C0C62DF29A8D1BFD395A0C55CC102C2CBD2830F1DC898A0F22650667
                                                                                                                                                                                                                                                  SHA-512:EEB542DCCC9F24D1F40258E263F2BF825956BA3728C9C8051EB0B72FE42643871C844AF89CB7A79ABDF59F10D632639DD8DB578BD905290C00CA4E50EDE1E3E9
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.5.1.3.0.4.9.7.3.0.9.0.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.5.1.3.0.5.9.2.6.2.0.9.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.5.8.a.b.8.2.e.-.2.a.a.6.-.4.c.a.0.-.b.e.f.b.-.6.4.2.5.1.f.d.7.5.c.f.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.f.e.6.6.2.3.3.-.f.6.a.2.-.4.7.1.6.-.9.4.7.2.-.1.3.6.7.e.9.4.7.3.c.c.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.V.i.o.l.a.t.e.d. .H.e.r.o.i.n.e._.9.1.z.b.Z.-.1...t.m.p.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.2.4.-.0.0.0.1.-.0.0.1.4.-.4.d.c.a.-.6.0.6.b.6.6.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.0.7.b.8.b.0.d.9.6.e.9.8.c.a.a.6.d.c.8.d.0.1.9.6.5.9.4.

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3312.tmp.dmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 18:15:59 2024, 0x1205a4 type
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):119722
                                                                                                                                                                                                                                                  Entropy (8bit):2.2195399549776886
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:x9UaM75MFUAY4sDA4Cmmb1ERcy+O3pJbQEAxB53xv/SNJOOxznZdzngyav0l:xsKQDA4Cmmb1+cKNQ5B5QnX8vU
                                                                                                                                                                                                                                                  MD5:FDA1DF472ADEFA75444C6F47E7BEF0FD
                                                                                                                                                                                                                                                  SHA1:F76F9862E0720CB77C29CBBAF4288068186E9D9B
                                                                                                                                                                                                                                                  SHA-256:E5ED87F17A32DAC40D0CC85734D83CC80C14CA9C5CFDD9C4E3B5499ADA6AAF6E
                                                                                                                                                                                                                                                  SHA-512:AC5FA236B42C8651935AFF48755FD2AC87BE91C4BE1CBF3D98C60CAEB8572485E9D6F9E40526C4CA6EF7E82951662A2DC672F3AF3467C45BEAB888215008B6A6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MDMP..a..... ........ig........................(-.............. 6......4...lh..........`.......8...........T............i...i...........7...........9..............................................................................eJ......H:......GenuineIntel............T.......$..._.ig.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER34E8.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8446
                                                                                                                                                                                                                                                  Entropy (8bit):3.702284276648312
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJ4r6kNmx6Yq86ossgmfpapDZ89b1WsfckrHm:R6lXJU6kNmx6Yh6oXgmfpB11fcki
                                                                                                                                                                                                                                                  MD5:932C2C98BA04A7AF7775B22763B9E391
                                                                                                                                                                                                                                                  SHA1:A32C2533F8F51BE2437BF9DA22FF922E6D1E3D42
                                                                                                                                                                                                                                                  SHA-256:39D7D3F619060851577C4272CF10E5D7DC1BEE9043ACAFA4E00AC033C96ABE56
                                                                                                                                                                                                                                                  SHA-512:484C8896F633845089C57D7D9A99230C68C1EEF878986E58DA82263B207D65E80590A46D2C0EF525893DB7E1AA41F1103A8CDBAB6268DCF0F00882D960EC6D99
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.9.2.<./.P.i.

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3518.tmp.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4799
                                                                                                                                                                                                                                                  Entropy (8bit):4.477404262979811
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zsNJg77aI9ViWpW8VYMYm8M4JWXN+XtFlo+q8TXUXFV6RVvYUd:uIjfnI7Hj7VEJWXwX9okXUX/6RVvYUd
                                                                                                                                                                                                                                                  MD5:48FCCFBD2A0008DFC08FAF0CC5AA72B9
                                                                                                                                                                                                                                                  SHA1:4E2F74311D144ECD2E6033982C347261C9D88FC1
                                                                                                                                                                                                                                                  SHA-256:49E208FE1F52F175FDA6EC80F86C9E36467DBA05B2B8181B1B6DB3FF68A8EAD6
                                                                                                                                                                                                                                                  SHA-512:510F982BAED803D315D3D625FE5969AA73A424A85A295BB032FF0C44380B779975620650C29B8E133580661950A33B549D046A0B814ACC50699C499ED134556A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="644238" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER3527.tmp.csv

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):83144
                                                                                                                                                                                                                                                  Entropy (8bit):3.1093784998915126
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:s2/by7gad+auf3SFmkDosaRLnwsvPMIEjj:s2/by7gad+auf3SFmkDosKLnwsvPMIEv
                                                                                                                                                                                                                                                  MD5:5ED73304CAA9DD1423BEEE3A9DDA42E1
                                                                                                                                                                                                                                                  SHA1:E60B57378F4612BBC88FCB84CB021D7BE8079140
                                                                                                                                                                                                                                                  SHA-256:AC0050FCD32443CDF9DC3E30F36CD261CE6864E09141054379DFB2A9B10C3874
                                                                                                                                                                                                                                                  SHA-512:2F367DA9889AA0DBA826601EBF5A62241C018CCE313EAAFAEC7008BCB069FE9B1029740AA37CCE3DEEFA291B7045F56CA0DE20FB61853041BC83248F82E9643C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER35B5.tmp.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                                                                  Entropy (8bit):2.688943981675996
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:TiZYWyYU4JASYOYlWKHcYEZ3btNixIYE8w6lgvkazXdMZLmIJf3:2ZDywZLGDazXdMZLhJf3
                                                                                                                                                                                                                                                  MD5:114B714AFC14EFDFEACD5E62F79A50EE
                                                                                                                                                                                                                                                  SHA1:6FC430EEDA893BBB0B4E348F935EFD7E0386E96B
                                                                                                                                                                                                                                                  SHA-256:281E5B036191979A32443E9BA38C323D2A672AA0610E9A6F0136D508286DAE00
                                                                                                                                                                                                                                                  SHA-512:E1AA99E743EE24E65B24AC760A20C9ED42372F41A66824D8D6B8E96B3629D14F24B26DCDFEE67791ED736067BF3DA216E86245251D202D6B75CFD64C8648963B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FD4.tmp.dmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 18:15:05 2024, 0x1205a4 type
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):131062
                                                                                                                                                                                                                                                  Entropy (8bit):2.21716623176672
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:GpoX8y4VdZMvDQLeTEmb1ERcyPQYSZI4rb4aAcaC+lkDSRdLV5rCtkv:GlCvDQLeTEmb1+cIgI4rb4aADlkDcF2
                                                                                                                                                                                                                                                  MD5:E4CC994B1A790D5AB6B37D292FB4E649
                                                                                                                                                                                                                                                  SHA1:581A2E324D5B5F087CFE701240048BF895C724D5
                                                                                                                                                                                                                                                  SHA-256:00DDCA0BFBFA715FA27A8E8AA898BFD5068697BE2A5E9DED1A0E1F0D0DEE534F
                                                                                                                                                                                                                                                  SHA-512:C33293DE5C910FB994D6B829145C6B1EB8D4FFFE5325A665B6FE1B518811B7198F6A27D9F7FD4645A3BB96230600F054199156186EF7DAAC42CDE1793ED584B2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MDMP..a..... .........ig........................(-..(...........P6..........hk..........`.......8...........T............k..............7...........9..............................................................................eJ......x:......GenuineIntel............T.......$..._.ig.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER6246.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8440
                                                                                                                                                                                                                                                  Entropy (8bit):3.701303249555545
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:R6l7wVeJ4MA6mtU6YqJ6ossgmft1pr+89b8WsfCj0m:R6lXJU6mtU6Y86oXgmft/81fCV
                                                                                                                                                                                                                                                  MD5:9164971F3C77FE91373B6EA53981AF92
                                                                                                                                                                                                                                                  SHA1:C9A25E3FBEBEEB3F0853DAB8E03AF384AFC0727C
                                                                                                                                                                                                                                                  SHA-256:0A054C951371886F8531B406F843B90BE729983F03F29320DFA2B43B17835283
                                                                                                                                                                                                                                                  SHA-512:3D1952BF2BD08CBE805B96628EFECBBB81224138DE90E573BCFBC57C3EC644C6FB1F3F1E7A87119178D41E45793E30C718DEC79A21755E14DFEFE2EEA18EE1A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.9.2.<./.P.i.

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER6276.tmp.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4799
                                                                                                                                                                                                                                                  Entropy (8bit):4.477563966105559
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cvIwWl8zs4Jg77aI9ViWpW8VYxYm8M4JWXN+XjFk+q8TXUXLV6RVvYUd:uIjf+I7Hj7VJJWXwXakXUXp6RVvYUd
                                                                                                                                                                                                                                                  MD5:44C735F89D95C339C9117626E601ED39
                                                                                                                                                                                                                                                  SHA1:F5E447C7130224FC6874BF246643085973B1B91F
                                                                                                                                                                                                                                                  SHA-256:0E94FD23B429F6CA5F521AE86F4B1C7FF67008D7D022F4BC6515D8ECE1E32F70
                                                                                                                                                                                                                                                  SHA-512:A10370CAB2C713D2277C76A0AFF20DD40DE81A61EB17342F588286D36EA214038CD3EB466DFA52FE9A8083B3C726A0E45A16E5F97B4B34662336429C613ED986
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="644237" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER62A3.tmp.csv

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):81188
                                                                                                                                                                                                                                                  Entropy (8bit):3.111371109139415
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:7uYU6BZqkRPl3JRhz2WJ/FHKmQc2qfjRLnwsv7s:7uYU6BZqkRPl3JRhz2WJ/FHKmQc2qf9Q
                                                                                                                                                                                                                                                  MD5:D14D5ED858AC2C9A3142228E67F6D06F
                                                                                                                                                                                                                                                  SHA1:87B2E79F05024835AC929BB0DEC23F43A96740B0
                                                                                                                                                                                                                                                  SHA-256:9AF55E19981038D9D67451659155AB7FBC1AFDFADDF195367DA710DD09953057
                                                                                                                                                                                                                                                  SHA-512:A37F0E2485675F688C7E5F7336C577B541F18FB5DCEC2F72A256B6DBD680495E615E8FEAA1E98D6EF65B0842DF05B0C1C817B54387F78BC5220D7D4463D63CDD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\WER\Temp\WER6340.tmp.txt

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13340
                                                                                                                                                                                                                                                  Entropy (8bit):2.686907140279881
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:TiZYWhVvuKBnY7YjWFwH2YEZDFtKigIBE9wj+tjlodaPp8gM+fuMRI2J3:2ZDhvc7rgSdaPp8gM+fuMO2J3
                                                                                                                                                                                                                                                  MD5:5CC53D309F120FC9E6F480AD7A84742B
                                                                                                                                                                                                                                                  SHA1:62ADD0E757E63D81AA8DC68EAE1C7C2430E04A93
                                                                                                                                                                                                                                                  SHA-256:62CB7AC34A49D31771A96D94BC647DF7DEABA21675EF36EB623FDB8C6C675928
                                                                                                                                                                                                                                                  SHA-512:47192C55B588F2AD4D33882E84B3AFC88C257464F2D8F813577AF5C96FBFA127F79D8440633F9E6A9D87886B17814FDEF21CC0DBFA34AA77757239ADBE6EBF8E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

                                                                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1398
                                                                                                                                                                                                                                                  Entropy (8bit):7.676048742462893
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:ujsZPSIPSUcnA3/46giyfV4Hxk7P3Gus6acCQ4CXmW5mOgs:ujul2nQ4XfVkk7P3g6dB42mVs
                                                                                                                                                                                                                                                  MD5:E94FB54871208C00DF70F708AC47085B
                                                                                                                                                                                                                                                  SHA1:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
                                                                                                                                                                                                                                                  SHA-256:7B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF86
                                                                                                                                                                                                                                                  SHA-512:2E15B76E16264ABB9F5EF417752A1CBB75F29C11F96AC7D73793172BD0864DB65F2D2B7BE0F16BBBE686068F0C368815525F1E39DB5A0D6CA3AB18BE6923B898
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:0..r0..Z.......vS..uFH....JH:N.0...*.H........0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450...200318000000Z..450318000000Z0S1.0...U....BE1.0...U....GlobalSign nv-sa1)0'..U... GlobalSign Code Signing Root R450.."0...*.H.............0.........-.0.z.=.r.:K..a....g.7..~.....C..E..cW]....%..h.K..K.J...j..a'..D...?".O.....(..].Y.......,.3$.P:A..{.M.X8.........,..C...t...{.3..Yk....Z.{..U......L...u.o.a.tD....t..h.l&>.......0....|U..p\$x %.gg...N4.kp..8...........;.gC....t./.....7=gl.E\.a.A.....w.FGs.....+....X.W..Z..%....r=....;D.&.........E.......Bng~B.qb...`.d....!N+.mh...tsg1z...yn|..~FoM..+."D...7..aW...$..1s..5WG~.:E.-.Q.....7.e...k.w....?.0.o1..@........PvtY..m.2...~...u..J.,....+B..j6..L.............:.c...$d.......B0@0...U...........0...U.......0....0...U.........F...x9...C.VP..;0...*.H.............^+.t.4D_vH(@....n..%.{...=..v...0 ..`.....x.+.2..$.RR......9n....CA}..[.]...&..tr&....=;jR.<../.{.3.E.....

                                                                                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C5C8CC0A7FE31816B4641D0465402560

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):264
                                                                                                                                                                                                                                                  Entropy (8bit):3.0719099268978693
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:kKdL0PWFkYGhipWhliK8al0GQcmqe3KQjMIXIXL/:F4PYkYGIWzyZ3qe3KQjxXIT
                                                                                                                                                                                                                                                  MD5:27302692030FFA223DE1065A3E0E521B
                                                                                                                                                                                                                                                  SHA1:2ED66272C98AF5173A21D2A8AF60B381AD5DE2DA
                                                                                                                                                                                                                                                  SHA-256:AC72C2DE08DDC11326065E3BADC743406E01B14A37B78198ADEB378391D1D2A9
                                                                                                                                                                                                                                                  SHA-512:FF39250E0C7F8D3873186DB2F71E96DCCB5164731D670AEC179A3F136FBC5308E9A92D86222B435AC0BC98148AD68EF712018A64E5147752EDD201014D84AE3E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:p...... ....v.../n<.fU..(....................................................... ...............(.............v...h.t.t.p.:././.s.e.c.u.r.e...g.l.o.b.a.l.s.i.g.n...c.o.m./.c.a.c.e.r.t./.c.o.d.e.s.i.g.n.i.n.g.r.o.o.t.r.4.5...c.r.t...".6.2.f.a.4.8.4.5.-.5.7.6."...

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1128
                                                                                                                                                                                                                                                  Entropy (8bit):3.870299244868355
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:V98uCfUKqO3l/xsaFw+U+2MPhN9XhQOFQwbvzjPAPP98C68ybRgpFsn:V98uuqIjFw+fLNfDfPGP98JnRgYn
                                                                                                                                                                                                                                                  MD5:2786BA2AE39DB30286D9A2A4571031FD
                                                                                                                                                                                                                                                  SHA1:DEBBDE1D7C9A56B41DE88DAF1C49A47AADB34AFB
                                                                                                                                                                                                                                                  SHA-256:9371130266BF982191ACFA5E28DBB93448B0A19CD86D543C1DB9E33246BC92FE
                                                                                                                                                                                                                                                  SHA-512:D99FFD7D3F2F101289E89DD959938E3E2FCDA151D41B65D0D7957AF0510D2F1F948BC7156E3C4CE81E6A4FE7647CF2BEF8271EE0261D68E4AA8C2EFDEB04B189
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.6.g.b.m.w.W.1.+.G.E.6.t.g.O.K.E./.x.v.C.J.w.Q.A.A.A.A.C.A.A.A.A.A.A.A.Q.Z.g.A.A.A.A.E.A.A.C.A.A.A.A.B.r.F.j.p.1.5.V.7.Y.p.h.f.r.H./.K.J.X.Q.T.L.a.c.P.c.f.v.d.T.q.E.3.B.8.D.W.E.T.x.f.m.C.A.A.A.A.A.A.O.g.A.A.A.A.A.I.A.A.C.A.A.A.A.D.y.9.1.D.y.v.0.t.A.A.d.O.e.d.C.2.Z.f.Q.e.1.3.4.v.H.+.t.a.M.d.0.P.4.x.Q.T.P.R.e.s.D.y.N.A.A.A.A.D.H.c.U.P./.U.Q.s.T.7.x.M.n.y.n.p.5.4.Y.w.i.+.G.M.4.o.0.E.0./.l.J.E.H.k.I.r.S.F.i.q.D.l./.n.R.C.x.j.v.D.r.h.S.B.q.X.B.b./.w.u.g.9.T.a.3.C.C.t.N.J.C.z.d.S.L.2.U.3.8.P.u.n.u.O.V.1.P.g.h.q.P.b.Q.j.N.Q.+.O.8.I.v.F.S.c.9.b.O.j.S.h.9.M.F.E.m.Z.V.x.x.s.N.2.Y.e.M.U.x.v.L.i.L.r.8.6./.K.R.1.F.l.D.D.V.2.k.a.U.h.+.W.t.8.x.i.y.h.A.7.s.2.H.o.A.6.+.+.Q.D.A.Z.g.w.S.a.e.2.w.E.L.f.e.j.Y.Y.O.c.y.U.p.E.J.+.Y.Z.D.6.y.t.2.h.y.i.3.l.h.6.M.i.V.F.N.S.g.W.U.0.p.Z.D.B.b.p.D.x.L.K.C.C.y.C.g.q.W.n.+.A.1.a.U.U.b.r.h.r.K.r.Y.3.8.m.X.F.b.x.O.1.Z.S.S.D.2.G.l.E.u.F.K.W.p.g.A.+.p.V.l.Q.A.A.A.A.E.G.3.W.D.j.C.X.f.6.0.9.t.E.g.k.c.K.f.x.g.c.B.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):64
                                                                                                                                                                                                                                                  Entropy (8bit):2.8262591331443163
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:hlglPkcmL7yROG+VlTOlAl:h6ltmHyIG+S2l
                                                                                                                                                                                                                                                  MD5:7107A9C9A017A5CA07097FD3679D7893
                                                                                                                                                                                                                                                  SHA1:D71C24BC92A29B8DB9983F340EE8EA22C4104B1E
                                                                                                                                                                                                                                                  SHA-256:E583617CFA280E1CDEEB547171B1F20883D4FD3F1F3051AF164A31B82B2A0539
                                                                                                                                                                                                                                                  SHA-512:D3929D5C4EF0F33C2B8C7DB476B9FFB97FC92732142906A4E64A270DB678196FFB5BB22918B61BEC2B984BDEF7B7B09DDDCB88AF4CFCA1B9014414EA1EE901B1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:5.1.E.0.7.F.B.1.C.4.1.E.9.6.4.F.1.9.5.0.6.1.F.D.2.7.2.B.7.2.3.F.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):72
                                                                                                                                                                                                                                                  Entropy (8bit):2.8608102022848
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:WlRlPhlDTSlR1cSG2KSWl:irhlKlQSG2KSC
                                                                                                                                                                                                                                                  MD5:006B21D1ECE3C3A764D5B12C7598ED5C
                                                                                                                                                                                                                                                  SHA1:CF8AAFBECC9AD3D2B232EC90634BCCF146CA0EA6
                                                                                                                                                                                                                                                  SHA-256:81908F10B92CFFAA85A10C0A8E117060B12DAF0284AD3B9E27AF7E4E7370DE1F
                                                                                                                                                                                                                                                  SHA-512:B62A51DFF81C5F909516761F06B5FA6421BF29A48290B12981E282A0A1E00E8D4A9BBD665725BBE5027C0D1B424051EF8E408EF024B8946FCCBFE1DB5AFC99CF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:c.2.2.d.8.9.6.b.-.e.a.4.6.-.4.6.f.9.-.9.d.e.5.-.1.a.e.9.c.f.7.2.c.f.a.9.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\AVG_AV.png (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):53151
                                                                                                                                                                                                                                                  Entropy (8bit):7.982330941208071
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
                                                                                                                                                                                                                                                  MD5:AEE8E80B35DCB3CF2A5733BA99231560
                                                                                                                                                                                                                                                  SHA1:7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
                                                                                                                                                                                                                                                  SHA-256:35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
                                                                                                                                                                                                                                                  SHA-512:DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.|..'...?/..#;.z&....T.M4.w.."....7W....

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\AVG_BRW.png (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):47501
                                                                                                                                                                                                                                                  Entropy (8bit):7.9807583617034075
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:ymnQh4I8TZIyg23yWlcrF+Dx3hmI7IFrVVzEUxeeizfxEO7Ncc1qB:ymnQCHRg23yQWFyx57IFRVrseizfGEOx
                                                                                                                                                                                                                                                  MD5:1CD4A2B4A992ACC9235D9FACD510E236
                                                                                                                                                                                                                                                  SHA1:A6F6331879CC8CF0A6F091CC3C66EA95D1425A57
                                                                                                                                                                                                                                                  SHA-256:57F2E86B2C8D9C695073CBAED29C674EF748734460A33ED04AC6888B69288B1F
                                                                                                                                                                                                                                                  SHA-512:AE2C4AE9E3B46C252D6BB5A9654AB25431D7239D10EF78889452E9292A8B46283AF4319749A7233D08D836B8799CF7A5C0E5AA715A4D7836E4B83167B20F6595
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a...."IDATx.......u&.....h..;.P(P.!..Q.b-hH..e..H.=...+y<.fc..l....7.....w.y......,z>..[..%...-J2..)...4H......^....q.NEe.......%23.....9'".<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<f..Rd....z..^.UH.Xf.=W-')M....g...=<<<<<..hA....'...^.-.....u...MWo9n:..%....mR...*...}.hLf...xxxxx.;@P.J...B.t[*.w..6.4:L.[..n~]~R..:.4n....62......1O &.J.T...;w....>s.{7]...<I..N.I...>)_.P...E.u.......!.4q.g]g...J..........(.f...0!..>)..W.:L..p}.t...TfR...%.R..>;yK.U.v...,#<...2...|....\. ..;..C.......1...(_...z.C|.....1...f.;.}......Cx<....qW8tC.r.G.\.... n......<<<<<..J...;.....|.;.... ^.X.9\......^......[NI.:,....:.SvF.Y.h...u......#GC......4!.n......P0q.k.A.(.n..i}td.PX......8.$!a...qEI................O......A.O(...@<.iL ....$.Y.f....U.p.c.:.....@...T..4.."n.M.....G:..o(mB.SO=%e..H....&...0\K.x|.p.....:.<ukHf.L..HDD.a..m....I.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\WebAdvisor.png (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):34091
                                                                                                                                                                                                                                                  Entropy (8bit):7.93533045608607
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:ZH5cQCJvj3+2/C0clMzHBtHlRX6DVL8dT1DKSd:ZZPCJvj3rVcyzHBdls987DBd
                                                                                                                                                                                                                                                  MD5:DB6C259CD7B58F2F7A3CCA0C38834D0E
                                                                                                                                                                                                                                                  SHA1:046FD119FE163298324DDCD47DF62FA8ABCAE169
                                                                                                                                                                                                                                                  SHA-256:494169CDD9C79EB4668378F770BFA55D4B140F23A682FF424441427DFAB0CED2
                                                                                                                                                                                                                                                  SHA-512:A5E8BB6DC4CAE51D4EBBE5454D1B11BC511C69031DB64EFF089FB2F8F68665F4004F0F215B503F7630A56C995BBE9CF72E8744177E92447901773CC7E2D9FDBB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a.....IDATx.....$.u....g...Q.C$%b:..!A...D.D..c.$........y......}W..f?_.....Y....5...^?.G..ZZ.]..zX..AI.I...<.4I..|...t...8........}_vWfD.8.>....(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(.R.......w._..q..v.+..=.K{1..o...:...^..p..g....9.<@..k.~.3.!aZF.tPy...Uy.../=..g..<v..V....R..P..e....c.....?..g...h..!?.x.....T.......?^...|....._....'>.c..|...../.......z....<~....k.o...j..Cs...>.........y............._.e...`...~.d..q.0..a......0..=tc....&....;.%._...Q[......f.M.......e:.T....jW.}1Fl...<.O...j.(.-L..b..?X....'.{..;r.'6.db.E.}..~.....OXC.k.....`.~w^.^.w....K[.9r.1!.....;^...~.S_..i.D.~..@.v.=..f...'._..Q../Z#...R.....s.~....r....?>....v1D....[S.E.a.p\..F.4bn..t..5.rfo.(..(S.#.R...v.?s.s...v..o~..G.....o{.7...~......w..d/}.&..p.l...?4.#]............A...

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6144
                                                                                                                                                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\error.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2444
                                                                                                                                                                                                                                                  Entropy (8bit):7.881258656866732
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:/Cw1dpDYxwCWOVhQJqdZq4Q3TGaTmdTBZB31HqucFOpZ:/Cw1fk+OVhQqdZvQ3TGBjlH/
                                                                                                                                                                                                                                                  MD5:8303E7651CBD01CC413B0026ED537E6F
                                                                                                                                                                                                                                                  SHA1:85542365101CB85656F018CA63C894C3C56F1C01
                                                                                                                                                                                                                                                  SHA-256:696782A8DA306783593128B669F9E2C709030FDE555BB2703244E81CE17A31AD
                                                                                                                                                                                                                                                  SHA-512:11A3D9EAF8413600AC2636A1B18DCDFBF8BAA05ED7DE60AF300BC34B709DECB78D87C51F3C35484FCE7A803F7370CA45C105C0FC3066A6D6BFE702F253C36228
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d...!IDATx^..pTW....]6..l~..._..e.........X..Ic[.v......FTH;4.......A..*..8)..:B:.3.D.8L..SB6.&l.d.l.]...dM......m>3.{.y.~.;..s.}O.%..[..{^~.X?4t..._..}V....O.....(.Q.|.........N..ii...S...././.h..;...+WVJ...R .e....R.$..$.%`0..(-m.nk....9......z......]....!~3j2.b..u.5!.v./7..o..Q...&.....G...t&.....1o.!...i..6..c.[.+..?.3/....>..P...}...>.P_../.t.?k......l....13j...>.{.F<..P..nl.....))1.Z.M.....Mc.i...Fu...-*15.oaa.......iz#..|V.#..n.[......W..dSj .p.hN...(....x.u..Gk....../e.>....!..M.zT..R..............y...nz..j.......!M`.....|z..&.D.+...8...vZ%9Z.M..s).&@....s...s{...11Z..j:r..o.9?...lR.k$#.|..jR........|.F....a6'.....^Wy.wq....`g.A..@.y....p.jJK.?^.....Iy.b...4...3.../..w~3..E].]w....N .<#fs..zB0.h1.........i..w(3.!..[..78.....'....UFv.-c.+9* ..e...&..'..5..VE.9.b....;.8.D.@ZI3..l..+..j....O.R\.3....*D.q6E..^...\....0..%\..h.5.......S.h.;0.....wu.|v{5"........

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\finish.png

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2298
                                                                                                                                                                                                                                                  Entropy (8bit):7.901998893489053
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:KqqJYpZPlBqNTopskOg2btpLDCxGBVUQJCEVgvt4E5JUl2uW6:Kq6Y7t8GCPg2f9V/kJa2u
                                                                                                                                                                                                                                                  MD5:1BDB17B59DD0FC8360B30C5CE46762A0
                                                                                                                                                                                                                                                  SHA1:70CD6AD40F2BB14822FF1DCA766BCE6B02AAA8D8
                                                                                                                                                                                                                                                  SHA-256:49911E40F4E80C8342524034A6A96907703EF9EF4ABDB6175AD6F93824DF6CBE
                                                                                                                                                                                                                                                  SHA-512:2684FE9F5DF2AC2783B6413572715E4BCCBC771590686E75FCCC80733990E68FBE468E0FB0AF78B03DB4CCD6277028564CC8CCF91DB5E65122F06FF80F20432E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...@...@......iq.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[.l.W..{vm.v;/I..v..MT....UiK..U.I..GD.1i].!4.4..&.?..J5m0..MB.$..!..nJ...*&.5......n.Y.......l...;..W.}.....}.{..{....T....}.g..-.....S.......:..B..r..j.i.]B....!..7..........m..,W.T...N...W.....W....D.y....[(.!.TU=.R........FU..6...X.=.N|]7.{u.e'Q.2G.P.>..7..^...z+.jS..>...Y....9.G...Z..W..`.ea.O./'.?m..A.B.........p.....-.2...l=.Cw.n^....I...d..........d...ei.x.[..5.x2.M.....@{)...p..x.G...;Wo.%q...6..-.J]..)...u.+..~.V..N.7.c.q8.^z.....#...wD.,..3...;..m4..^..v.r....a..<.M%.......7A...pt.y.7./.p.....I[.lQpFM...2-.X#.[u...H.9$-....>....>.F......Xl.`....."...x...6...2.X...m#-r..\,]N.g.a......xj..0Z..}......k.7P.#..:..X.'.!j.$3.o&...M.N!Y.-.bq<..t.'\..|..jx.L9..g..0....~.'9......Q...Ly;.VjF2....z.U-& ...w.^..n.^..: cW.q..f$3...LY..`.... ....._..[n....I..bL. E..u..q=...=X.>..8..~......xQ...C..c..*..=....1y.:1.R.c.GROf.....e>=?..e..&..|i...Q.........Kn..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\is-0J1TM.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):47501
                                                                                                                                                                                                                                                  Entropy (8bit):7.9807583617034075
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:ymnQh4I8TZIyg23yWlcrF+Dx3hmI7IFrVVzEUxeeizfxEO7Ncc1qB:ymnQCHRg23yQWFyx57IFRVrseizfGEOx
                                                                                                                                                                                                                                                  MD5:1CD4A2B4A992ACC9235D9FACD510E236
                                                                                                                                                                                                                                                  SHA1:A6F6331879CC8CF0A6F091CC3C66EA95D1425A57
                                                                                                                                                                                                                                                  SHA-256:57F2E86B2C8D9C695073CBAED29C674EF748734460A33ED04AC6888B69288B1F
                                                                                                                                                                                                                                                  SHA-512:AE2C4AE9E3B46C252D6BB5A9654AB25431D7239D10EF78889452E9292A8B46283AF4319749A7233D08D836B8799CF7A5C0E5AA715A4D7836E4B83167B20F6595
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a...."IDATx.......u&.....h..;.P(P.!..Q.b-hH..e..H.=...+y<.fc..l....7.....w.y......,z>..[..%...-J2..)...4H......^....q.NEe.......%23.....9'".<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<f..Rd....z..^.UH.Xf.=W-')M....g...=<<<<<..hA....'...^.-.....u...MWo9n:..%....mR...*...}.hLf...xxxxx.;@P.J...B.t[*.w..6.4:L.[..n~]~R..:.4n....62......1O &.J.T...;w....>s.{7]...<I..N.I...>)_.P...E.u.......!.4q.g]g...J..........(.f...0!..>)..W.:L..p}.t...TfR...%.R..>;yK.U.v...,#<...2...|....\. ..;..C.......1...(_...z.C|.....1...f.;.}......Cx<....qW8tC.r.G.\.... n......<<<<<..J...;.....|.;.... ^.X.9\......^......[NI.:,....:.SvF.Y.h...u......#GC......4!.n......P0q.k.A.(.n..i}td.PX......8.$!a...qEI................O......A.O(...@<.iL ....$.Y.f....U.p.c.:.....@...T..4.."n.M.....G:..o(mB.SO=%e..H....&...0\K.x|.p.....:.<ukHf.L..HDD.a..m....I.

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\is-3TP34.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5627506
                                                                                                                                                                                                                                                  Entropy (8bit):7.999949928735462
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                                                                                  MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                                                                                  SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                                                                                  SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                                                                                  SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\is-8CEVH.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):34091
                                                                                                                                                                                                                                                  Entropy (8bit):7.93533045608607
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:ZH5cQCJvj3+2/C0clMzHBtHlRX6DVL8dT1DKSd:ZZPCJvj3rVcyzHBdls987DBd
                                                                                                                                                                                                                                                  MD5:DB6C259CD7B58F2F7A3CCA0C38834D0E
                                                                                                                                                                                                                                                  SHA1:046FD119FE163298324DDCD47DF62FA8ABCAE169
                                                                                                                                                                                                                                                  SHA-256:494169CDD9C79EB4668378F770BFA55D4B140F23A682FF424441427DFAB0CED2
                                                                                                                                                                                                                                                  SHA-512:A5E8BB6DC4CAE51D4EBBE5454D1B11BC511C69031DB64EFF089FB2F8F68665F4004F0F215B503F7630A56C995BBE9CF72E8744177E92447901773CC7E2D9FDBB
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a.....IDATx.....$.u....g...Q.C$%b:..!A...D.D..c.$........y......}W..f?_.....Y....5...^?.G..ZZ.]..zX..AI.I...<.4I..|...t...8........}_vWfD.8.>....(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(..(.R.......w._..q..v.+..=.K{1..o...:...^..p..g....9.<@..k.~.3.!aZF.tPy...Uy.../=..g..<v..V....R..P..e....c.....?..g...h..!?.x.....T.......?^...|....._....'>.c..|...../.......z....<~....k.o...j..Cs...>.........y............._.e...`...~.d..q.0..a......0..=tc....&....;.%._...Q[......f.M.......e:.T....jW.}1Fl...<.O...j.(.-L..b..?X....'.{..;r.'6.db.E.}..~.....OXC.k.....`.~w^.^.w....K[.9r.1!.....;^...~.S_..i.D.~..@.v.=..f...'._..Q../Z#...R.....s.~....r....?>....v1D....[S.E.a.p\..F.4bn..t..5.rfo.(..(S.#.R...v.?s.s...v..o~..G.....o{.7...~......w..d/}.&..p.l...?4.#]............A...

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\is-C042S.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):125405
                                                                                                                                                                                                                                                  Entropy (8bit):7.996684823256823
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                                                                                  MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                                                                                  SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                                                                                  SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                                                                                  SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\is-IHGPM.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):527389
                                                                                                                                                                                                                                                  Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                                                  MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                                                  SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                                                  SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                                                  SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\is-NN97B.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PNG image data, 547 x 280, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):53151
                                                                                                                                                                                                                                                  Entropy (8bit):7.982330941208071
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:GcHlp3vMusTtWEgKqx8zHom+GChNPDViFKWUyG:Ggz3kTNgKq66VcFKW9G
                                                                                                                                                                                                                                                  MD5:AEE8E80B35DCB3CF2A5733BA99231560
                                                                                                                                                                                                                                                  SHA1:7BCF9FEB3094B7D79D080597B56A18DA5144CA7B
                                                                                                                                                                                                                                                  SHA-256:35BBD8F390865173D65BA2F38320A04755541A0783E9F825FDB9862F80D97AA9
                                                                                                                                                                                                                                                  SHA-512:DCD84221571BF809107F7AEAF94BAB2F494EA0431B9DADB97FEED63074322D1CF0446DBD52429A70186D3ECD631FB409102AFCF7E11713E9C1041CAACDB8B976
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.PNG........IHDR...#............B....pHYs.................sRGB.........gAMA......a....4IDATx.......y...u.}...W."..(s ........p.........Q...?ql=...'.8....E.l...Y.-ah..FP.w.......__uUwuw.r.3X.z..........jcppph........O.appp..........n ..qph..88.......pd...y...!..888.##...._..C.8....Cn82...,.8...40....!7..qph..GF.2.........C.h....q#.........!7..qph.O..../_..p......B....K...`.XF.n}........S/b.._..?.XH.2q...i.}..y....c...8..b|~:WY...8....a......o...v..!.~.+8z...P.....y......2y^....!.w..C.=..'.J]..v. ..}./o..q....M...........<$.X.<)..g.gp......'.Y.I...'.x......D.(..C...m.. .:.#....$. .LdD.E...*..a..}..eih.A.....AyR...7a..2..N##DD^....Tg...;>$..tZo.....m......3.A..p....$MM.".hF.......qpX....7..F.=.k..e".G/...G~E.........4..kA.{....yN.dH)~.s...........#.W...lD.:..W}...#...kP.&...;....n......?..d....oH.....#..'a..s..D.....<.......h...y.....D..!.^...G....4.........c .;?$..6...@.....O c.......~.u...1.7......c.|..'...?/..#;.z&....T.M4.w.."....7W....

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0 (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):527389
                                                                                                                                                                                                                                                  Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                                                  MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                                                  SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                                                  SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                                                  SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0.zip (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):527389
                                                                                                                                                                                                                                                  Entropy (8bit):7.995975187354872
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:12288:ib5kasT/hWZEu58IbccPqwozk/2rYJb69+J2W:M5kzT/hWZjfbccPOzk/aIb3J2W
                                                                                                                                                                                                                                                  MD5:F68008B70822BD28C82D13A289DEB418
                                                                                                                                                                                                                                                  SHA1:06ABBE109BA6DFD4153D76CD65BFFFAE129C41D8
                                                                                                                                                                                                                                                  SHA-256:CC6F4FAF4E8A9F4D2269D1D69A69EA326F789620FB98078CC98597F3CB998589
                                                                                                                                                                                                                                                  SHA-512:FA482942E32E14011AE3C6762C638CCB0A0E8EC0055D2327C3ACC381DDDF1400DE79E4E9321A39A418800D072E59C36B94B13B7EB62751D3AEC990FB38CE9253
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:PK.........\zX...............saBSI.exe.Z.pT.u.+i..eW c....&....l.....Y[...-@`....e.....;r.T...MJ3.a.]..h:.VF?.u...T...+..()..;...v..[v...........]....s......[..!.....A!?N..?%&!.....1...}AS...U)._t4.;z........9r....A..G...86l}.....EVk.J......t.[E....w...x..+Wx...gg.Qz>...f...8.q^.?..)~..o..B.!z...)....m.{7..F...w....O.+.l*z..].......I.......v..=....S.i.=.r..J.....!.xI2D...!.5..S..r...Rz..@`......Ol....]4..(......]..K..%.I,.8?]"..Y..k|...%.W.#.p....5.li....r.A.5-......X....B.e.J.s.9...s."..S.NE.Fq...D\...0!....v..../..{....sL(6l.E8g...G...!V......^..|.Dp.k....W-B9.."B-.-...h.(..4.9>..&.3.2<.V.x.|T...Ke}.b.G.&1...!..>..P(..2~....~...S....B.d.$......,...O..B9.`.....X}B......B9.`a.8..0....l..B......|..0.b....N...0....%.^.`..0....{...MY.....4..H.'......Il....(..&.e.:&.X=$...+..P..na...C.~]...n...2..n..a0.U...>.0..2.....`..4...<.0.e..a._f0...[.....2..i._c0..i.^....(.).G.|.....$....^.YR..R...<.`..*...l'@..2...V[..0..B*.s......2x...........`'.(.Y...\.`..$

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):23918680
                                                                                                                                                                                                                                                  Entropy (8bit):7.990645224140664
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:393216:PyviTGPqMd2s5jqwcJFOM75FbVgmaccebfTBRL7WIJDFX6ZeplPVGUI4uK:aaAv5jq9O657x9+IJZ22PRI4uK
                                                                                                                                                                                                                                                  MD5:7DD0FAA9C00391333B2A12D21CA028BF
                                                                                                                                                                                                                                                  SHA1:2987248DB6382971D36F80EA45C0EE654C672CD4
                                                                                                                                                                                                                                                  SHA-256:E4B5817742A53DCCC24CD2A266223045D03DA537B815CB03B782D4E6BAED5020
                                                                                                                                                                                                                                                  SHA-512:CE700D9F59800C5A440D6DAFB1844F60B793B254A2186CC3B39654C9341AC7EAAC31D4A3F97B202AD40D17AAB21D6B3F277E38179237996D617A8968DCD164C4
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.K=0.%n0.%n0.%nk.&o:.%nk.!o".%nk. o..%nb.!o .%nb.&o:.%nb. oj.%nk.$o5.%n0.$n..%n..,o<.%n...n1.%n..'o1.%nRich0.%n........................PE..d...^2.f.........."...........f................@..............................j.......m...`..................................................$..(........'d.....|2....i.XX....j.....p...p.......................(.......8...............p...."..`....................text............................... ..`.rdata..V...........................@..@.data....1...@......................@....pdata..|2.......4...6..............@..@_RDATA...............j..............@..@.rsrc....'d......(d..l..............@..@.reloc........j.......i.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1184128
                                                                                                                                                                                                                                                  Entropy (8bit):6.623147525519113
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:WF66IUpqM/XAl0drYaL6NFEXXN6abiklqOYadJ0CbmpV4CsCa0wDisO4qG:k/M0drYaIaXXOAqOYadJ0Cbmrhq0wTb5
                                                                                                                                                                                                                                                  MD5:143255618462A577DE27286A272584E1
                                                                                                                                                                                                                                                  SHA1:EFC032A6822BC57BCD0C9662A6A062BE45F11ACB
                                                                                                                                                                                                                                                  SHA-256:F5AA950381FBCEA7D730AA794974CA9E3310384A95D6CF4D015FBDBD9797B3E4
                                                                                                                                                                                                                                                  SHA-512:C0A084D5C0B645E6A6479B234FA73C405F56310119DD7C8B061334544C47622FDD5139DB9781B339BB3D3E17AC59FDDB7D7860834ECFE8AAD6D2AE8C869E1CB9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......2..}vn..vn..vn..-../xn..-../.n..$../bn..$../on..G2r.tn..$../.n..-../on..-../wn..-../yn...../wn...../~n...../Zn..vn..=o...../{n...../hn....p.wn...../wn..Richvn..................PE..L...V..e.....................h...... .............@..................................1....@.............................................p...............................p...................@.......X...@...............0....... ....................text............................... ..`.rdata..............................@..@.data..............................@....didat...............T..............@....rsrc...p............V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1 (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):125405
                                                                                                                                                                                                                                                  Entropy (8bit):7.996684823256823
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                                                                                  MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                                                                                  SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                                                                                  SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                                                                                  SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1.zip (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):125405
                                                                                                                                                                                                                                                  Entropy (8bit):7.996684823256823
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:3072:U7Uc8cJ1YuWatSIyY6NCW23L2XEYL02BmusGPCeoDhL8oLvoLH:WJ1zWuSNYJWCGEK9BmPCkhfL4
                                                                                                                                                                                                                                                  MD5:56B0D3E1B154AE65682C167D25EC94A6
                                                                                                                                                                                                                                                  SHA1:44439842B756C6FF14DF658BEFCCB7A294A8EA88
                                                                                                                                                                                                                                                  SHA-256:434BFC9E005A7C8EE249B62F176979F1B4CDE69484DB1683EA07A63E6C1E93DE
                                                                                                                                                                                                                                                  SHA-512:6F7211546C6360D4BE8C3BB38F1E5B1B4A136AA1E15EC5AE57C9670215680B27FF336C4947BD6D736115FA4DEDEA10AACF558B6988196F583B324B50D4ECA172
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:PK.........XQW.a..............avg_antivirus_free_setup.exe.].|TG........Mj.RH-V..6.@.....Z.....%@-....;@K(..,..STPT.T.GT...H.%..*BBQ.6Z.&...4.wf.......OZ..........}.}l..,I...#.I........4I....GK.7...Z..........~...Og>..g>.Y_...,..&...HA.?....F..9...>.|.\sJ.....N.L~.OY.......)5.......;...,~7.&...LJ6?... ....w~.|.7.>..Kx..d.{J*./....j..>....."i...6..%..t.i.M.H...&...~.oV.qO...!Qy.)......&.8......I..../&I.83Y......%K%. .'Y..+I%?H.J."...g.&/)A...^...I.]..}.'6..l.%.../.?..W..1.cH.1..}<...'...G`..t"..#.<|.\...$x.9....\.....q..'6.U..Wi..u..`.X.+i..K./...O..p.............s.G........3y.Hz.V...=-.I..\)..}.S.WW$}.\I....n.H.IR.E.{...C0...s..X'.z...W.J.iL..........i...l..$..........A$=.2=...4[J6.(..l$....f....y.g...o..:m.B...$....&...".}.r{......n&./.xdBA~d.D.....5p....g..... _Z..-b...jg.o.wMA$.2...=..5.&x.....,?..MF...2QVO,V.N..........R.^..o..o..4.hd.H..LE.SBE,.8|Eo&d..D.Vq..NK.[.[.g.K.v..D".....og.m1....x..C....b..`?2...L...t..O.t.U..l..02.v.A.G2

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):234936
                                                                                                                                                                                                                                                  Entropy (8bit):6.580764795165994
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:y2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhh3K0Ko:y0KgGwHqwOOELha+sm2D2+UhngNdK4d
                                                                                                                                                                                                                                                  MD5:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                                                                                                  SHA1:6CA3FE45B3CCD41B25D02179B6529FAEDEF7884A
                                                                                                                                                                                                                                                  SHA-256:2025C8C2ACC5537366E84809CB112589DDC9E16630A81C301D24C887E2D25F45
                                                                                                                                                                                                                                                  SHA-512:2426E54F598E3A4A6D2242AB668CE593D8947F5DDB36ADED7356BE99134CBC2F37323E1D36DB95703A629EF712FAB65F1285D9F9433B1E1AF0123FD1773D0384
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......v jU2A..2A..2A......9A......LA......*A..`).. A..`)..'A...(..0A..`)...A..;9..3A..;9..?A..2A...A..;9..3A...(..?A...(..3A..2A..0A...(..3A..Rich2A..................PE..L....m6d.........."..........\...... ........0....@.................................V.....@........................................................Hl..p)..........p...p..........................`M..@............0......T........................text............................... ..`.rdata..`....0......................@..@.data...............................@....didat..L...........................@....rsrc...............................@..@.reloc...............N..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2 (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5627506
                                                                                                                                                                                                                                                  Entropy (8bit):7.999949928735462
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                                                                                  MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                                                                                  SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                                                                                  SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                                                                                  SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2.zip (copy)

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5627506
                                                                                                                                                                                                                                                  Entropy (8bit):7.999949928735462
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:98304:17QO8oAkidb1l/NN3J58UTHPkAbWD56mv9Pb:17Q6A33P8AckWDogJb
                                                                                                                                                                                                                                                  MD5:C0EB1D6C28DAD5E8C4C84EDE4284A15A
                                                                                                                                                                                                                                                  SHA1:6E7F65E911B9FAB22509F4FCBA000DB0D171A5F3
                                                                                                                                                                                                                                                  SHA-256:93BDE5F9A327F6148A48EA1E937D17BCD2A585486CB3D3EA4D69DCAC0F638CBB
                                                                                                                                                                                                                                                  SHA-512:E09BE287D71C1D6B84E69EB0234B3D94A6BB64041DDFFAB09B0F9E1F861B0CF4FD82E19C7D36463722C783976A0E992ACA571A10A0BF9EAB6EF80306637A6640
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:PK...........X....U..dW.....norton_secure_browser_setup.exe.\.|S.....6iRH.@...2......b......L.nJ..Cx..QiM...qns.nn.v?..&..Th.i.:.a.lVez.T...".o.soR......Vxy..=..s.=..s_.'.,.$Y...$..O...]x...u..g..S...??ee..M%.6~...?...?y.SK>..d.vk...,.6P....~..S.n.......3..uc..x8t...s......._.{NP>.....#T>....&......LZ..2.$)..L.$.%.Y...O........8....9<R.............gE....i..g.G...!......8.1...9..-*..).P83...%.t..7}R..$..K..G..r>..#.I.,.tg.)w.C..9.....$i....N.6n.x#..';.b.Z.........?.....}k....Z.......e.n...ER|.U64..9..n.....L....+..../$..dE..Hq.#.?#.J..7.G..Kz..M.K..z..:.c....z..-.e.G;,..........G~..\...w=Z.,..o...+..=].]....H.x..z.=.+....CF..t...[.~.L....3...y..Q?.V52......P...+..U..kG..^ot(.P.....N?..g,X....U!.@n.m.......#%('+F...EH-h.=:......JZ..nmy..G..%}y..u;....|..-.C.J.}..Y.6q....V.@..E.oo>B..%&.n..0......Vu.~.....$...pk.....f*.1^Xc......Y....V..:............G,gC..a.P...2..U..5.t.x..[..X.........Xd.].G.b..}...U.1..S-..x....N!2.Q.z.......

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5727368
                                                                                                                                                                                                                                                  Entropy (8bit):7.987929042344586
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:BiykuiGAGbjNHbd5lbDK4pdfAstezXYCvzV:BiyKGBZhKEmyezIUR
                                                                                                                                                                                                                                                  MD5:F269C5140CBC0E376CC7354A801DDD16
                                                                                                                                                                                                                                                  SHA1:BBCEEF9812A3E09D8952E2FE493F156E613837B2
                                                                                                                                                                                                                                                  SHA-256:5AE1ACF84F0A59FA3F54284B066E90C8432071ACE514ACCB6303261D92C6A910
                                                                                                                                                                                                                                                  SHA-512:BA271257C0DBFBFD63685449A5FA5EA876B31C4F1898F85AA1BE807F1E31846D12F2162F715FC320FB014D31C15501EA71FE73B3C981E201BFA1A448FF54745C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........18..PV..PV..PV.*_...PV..PW.MPV.*_...PV.sf..PV..VP..PV.Rich.PV.........PE..L......].................f...*.......5............@.................................$.X...@..............................................(...........;W..(...........................................................................................text...{d.......f.................. ..`.rdata...............j..............@..@.data...X............~..............@....ndata...................................rsrc....(.......*..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):23891968
                                                                                                                                                                                                                                                  Entropy (8bit):7.236497962515903
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:393216:NKsbm0ApvEqrGtYHviInnmC0dGpZFE6ZFERnsW4j2SDXdfD5X3vcMiWqMDi49QLu:hqr8NInmCgltTSDX59RidMm4uu
                                                                                                                                                                                                                                                  MD5:22A34900ADA67EAD7E634EB693BD3095
                                                                                                                                                                                                                                                  SHA1:2913C78BCAAA6F4EE22B0977BE72333D2077191D
                                                                                                                                                                                                                                                  SHA-256:3CEC1E40E8116A35AAC6DF3DA0356864E5D14BC7687C502C7936EE9B7C1B9C58
                                                                                                                                                                                                                                                  SHA-512:88D90646F047F86ADF3D9FC5C04D97649B0E01BAC3C973B2477BB0E9A02E97F56665B7EDE1800B68EDD87115AED6559412C48A79942A8C2A656DFAE519E2C36F
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......p.<%4.Rv4.Rv4.RvG.Qw..RvG.Ww.RvG.Vw..Rvf.Qw*.Rvf.Ww..Rvf.Vw..RvG.Tw2.Rv4.Rv!.RvG.Sw..Rv4.Sv..Rv..[w.Rv..v5.Rv4..v5.Rv..Pw5.RvRich4.Rv................PE..L...Dx:b.................t.......... g............@...........................n...........@...................................Y...... d..V....................f.....pzN.T...................h{N......zN.@............................................text....s.......t.................. ..`.rdata...p.......r...x..............@..@.data.........Z..j....Y.............@....qtmetadv.... _......T].............@..P.qtmimed.....0_......Z].............@..P.rsrc....V... d..V...Hb.............@..@.reloc........f.......d.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\zbShieldUtils.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2060288
                                                                                                                                                                                                                                                  Entropy (8bit):6.6115241916592735
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:ewyBp/wFOX9xRo3HVCEd2ynjsfAXBpAK0A8BFuXJFotKLCs:eRDwIN3o3UEd2ynjsoRpAK58BFuXE
                                                                                                                                                                                                                                                  MD5:59D3C3A9180BA792AE2DAD18B6903CDE
                                                                                                                                                                                                                                                  SHA1:C8CD105D3A0E99A54D1D16F0D1F60000FA3DCA8A
                                                                                                                                                                                                                                                  SHA-256:DD01EDBD4368EF227693723C5E427A48B264CB57BBD07D81210D6E633E0B1B2E
                                                                                                                                                                                                                                                  SHA-512:D6B6358E5108654931FCB3B7920DF65C4AE65D48F9EA012C3F821BB571F821E815D86FEAB85CD55A8CE767F2F7342A512E55D03EE4041AC0BAF4FF13AD238699
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./}..A...A...A...B/..A...F/..A...E/..A...D//.A...G/..A...@/..A...@...A...E/..A...B/..A...D/..A.%.H/..A.%.A/..A.%.....A.......A.%.C/..A.Rich..A.........PE..L...+o\f...........!.....f...N............................................................@.........................@..........T........A..............................p...............................@............................................text....e.......f.................. ..`.rdata..NL.......N...j..............@..@.data............Z..................@....rsrc....A.......B..................@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3025328
                                                                                                                                                                                                                                                  Entropy (8bit):6.402833519549322
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:9LJwSihjOb6GLb4SKEs3DyOMC2DlUt0+yO3A32ASNTvf9:jwSi0b67zeCzt0+yO3kSn
                                                                                                                                                                                                                                                  MD5:B1F49F39D06B2CFDF18C9C19DAAA4C4F
                                                                                                                                                                                                                                                  SHA1:109E6357F3496D5154988B6342EA507C0D794C23
                                                                                                                                                                                                                                                  SHA-256:9DE623B5AA1F083A1B86983A088BEC40F204A1FAD0230B418B9AE139CDCEE5CA
                                                                                                                                                                                                                                                  SHA-512:CE10F09E5EB278B4CA049D7AF198E67051260AA8636BC612F2B1A0D5CEBAA74A55205DEBCB56143C66F54C02F56547C18F691918FD0BEEC53FDB293D1F4EAED1
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...p.._.................$,.........P6,......@,...@..................................g....@......@....................-......`-.49....-.p.............-..+....................................-......................i-.......-......................text...P.+.......+................. ..`.itext..t(....,..*....+............. ..`.data.......@,......(,.............@....bss.....x....,..........................idata..49...`-..:....,.............@....didata.......-.......,.............@....edata........-.......-.............@..@.tls....L.....-..........................rdata..].....-.......-.............@..@.rsrc...p.....-.......-.............@..@......................-.............@..@........................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\mwa4EA9.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):164864
                                                                                                                                                                                                                                                  Entropy (8bit):6.201995701481623
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:q3CSE9n0WjsAGX5Gn39yf19leo13plmJXTD:qM90WoAGJqe1neceJj
                                                                                                                                                                                                                                                  MD5:662DE59677AECAC08C7F75F978C399DA
                                                                                                                                                                                                                                                  SHA1:1F85D6BE1FA846E4BC90F7A29540466CF3422D24
                                                                                                                                                                                                                                                  SHA-256:1F5A798DDE9E1B02979767E35F120D0C669064B9460C267FB5F007C290E3DCEB
                                                                                                                                                                                                                                                  SHA-512:E1186C3B3862D897D9B368DA1B2964DBA24A3A8C41DE8BB5F86C503A0717DF75A1C89651C5157252C94E2AB47CE1841183F5DDE4C3A1E5F96CB471BF20B3FDD0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>..dm..dm..dm..gl..dm..alj.dm..`l..dm..`l..dm..gl..dm..al..dm..el..dm..em..dm+.ml..dm+.dl..dm+..m..dm+.fl..dmRich..dm........PE..d.....3f.........." .................S....................................................`..........................................^......._..x...............@....................;..p............................;..8............................................text............................... ..`.rdata..............................@..@.data........p.......T..............@....pdata..@............`..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............|..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nse2983.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):18749398
                                                                                                                                                                                                                                                  Entropy (8bit):5.540150296150122
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:196608:pP8TvkTLVTAudcoJheBnknfFrqNVMuEdpucFwL9z2a7deJfRc6cWljaF9IU+Js:zXBAudcoJ59rqNVMy2G6TS9I1J
                                                                                                                                                                                                                                                  MD5:78904B99D2C9AC6CA1B032CDEDED3816
                                                                                                                                                                                                                                                  SHA1:18E5A79B33D5A47536CFC21DE500949530B5A060
                                                                                                                                                                                                                                                  SHA-256:4043AF6E29B8C64380A471B6D4F74462421925DC3501FF26C1A629B3753B091C
                                                                                                                                                                                                                                                  SHA-512:0F35D1C96E672CEC9F8479F65616B061A07A52FC9333C4457CDE80EE67C133D871D38636EB7ED39931D6E6050A540767B74F957D0016220D213797EA92980BB6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.vs.....,....................{....a......Cs.,....vs..............................................................i...o..{o...o..............................................................................................................................................................................x...j...............................................................................................................................G.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsp3934.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):700
                                                                                                                                                                                                                                                  Entropy (8bit):4.727166525039482
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:YWLSHkawuhTpOPWJn9wuhzVuPWJe9zwuhkPWJECwuhD7PWJGwuhzPWGk+c94GniX:YWLSHk/DOJeQVuOJe9cnOJAs7OJ7oOGn
                                                                                                                                                                                                                                                  MD5:359CCE9C2DF62868BF4096E887993CB7
                                                                                                                                                                                                                                                  SHA1:F3683EE9E7ED5CFC3570D9AAF769EEF6F4FA3A95
                                                                                                                                                                                                                                                  SHA-256:FCD6CEBFE6E9D8BDDF1C4B09771D7D849F2FDC105F991337E45D6AA82F33B627
                                                                                                                                                                                                                                                  SHA-512:A5E99FA8AA18E6A7CEB7CFB0C99DC99B606567AD1DDC3BF5AB81D18502F513A9D96D264552F81508317778216B4A4360D87E96AFF302CC7F7FE1DF92C59A6737
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{"version":9,"engines":[{"id":"google@search.mozilla.orgdefault","_name":"Google","_isAppProvided":true,"_metaData":{}},{"id":"amazondotcom@search.mozilla.orgdefault","_name":"Amazon.com","_isAppProvided":true,"_metaData":{}},{"id":"wikipedia@search.mozilla.orgdefault","_name":"Wikipedia (en)","_isAppProvided":true,"_metaData":{}},{"id":"bing@search.mozilla.orgdefault","_name":"Bing","_isAppProvided":true,"_metaData":{}},{"id":"ddg@search.mozilla.orgdefault","_name":"DuckDuckGo","_isAppProvided":true,"_metaData":{}}],"metaData":{"useSavedOrder":false,"locale":"en-US","region":"default","channel":"release","experiment":"","distroID":"","appDefaultEngineId":"google@search.mozilla.orgdefault"}}

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\AccessControl.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26848
                                                                                                                                                                                                                                                  Entropy (8bit):6.652871453473559
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:qflzhxZBcukmxQN2NMBMLh2ES+9DlJshjJy0swiEVAM+o/8E9VF0Ny29:8lvcu7x7uB2R9pih1y06EVAMxkE
                                                                                                                                                                                                                                                  MD5:39B6A146E9DAAE870A394530B5723E96
                                                                                                                                                                                                                                                  SHA1:2E62DBE3A1BD65BFA245E38021F8BAEB24EA3291
                                                                                                                                                                                                                                                  SHA-256:2A3C3830996953E592FDC67B1F4B4F3B4194F5CA28929E577297A72A58C84A84
                                                                                                                                                                                                                                                  SHA-512:5C27896FAC5B37A0856379323EDA80F52154F1335DA86A966E62E28366D613687C193B6A8E37DF9C6285B1AD8137D9F4F01A550D02E74A5C4847310FAB482354
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9[..X5.X5.X5. ..X5.X4..X5.?1<.X5.?15.X5.?1..X5.?17.X5.Rich.X5.........PE..L...BcL^...........!......... .......*.......0......................................S.....@.........................p<......|@..P....`..............H@...(...p.......<..T............................................0...............................text...I........................... ..`.rdata.......0....... ..............@..@.data...L....P.......6..............@....rsrc........`.......8..............@..@.reloc.......p.......<..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\CR.History.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):126976
                                                                                                                                                                                                                                                  Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                                                                  MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                                                                  SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                                                                  SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                                                                  SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\FF.places.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5242880
                                                                                                                                                                                                                                                  Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                                                  MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                                                  SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                                                  SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                                                  SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\JsisPlugins.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2160856
                                                                                                                                                                                                                                                  Entropy (8bit):6.779350356047654
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:SdpuUEAFwL9cgRCbajymTn920aBa7deTlfRXAF3bHQpobMAjY5kH:SdpucFwL9zymTn920aBa7deJfRgbHQu1
                                                                                                                                                                                                                                                  MD5:916F3D54B2714E4129A786CE128DBE0B
                                                                                                                                                                                                                                                  SHA1:B2914CADC19CD87F1FA005D9216F6AD437FE73AD
                                                                                                                                                                                                                                                  SHA-256:9B2FB069FAD6A9422808C1526328A1D6305573BE9EBCC3AEAB7A38664D02AC6D
                                                                                                                                                                                                                                                  SHA-512:8C05F71E55D6B5F1DD797DEE852183BDBD7D7EB8D36B760C5C7413BC79D5F2C8300C41AC3DEB76F2AA497D8C86434F04F3A7DD17EA65D0E44CA5FB8E59F62416
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.............e...e...e..xf...e..x`.m.e.ka...e.kf...e.k`...e..B....e..xa...e..j`...e..xc...e..xd...e...d...e.ka...e.k`...e.ke...e.k....e.......e.kg...e.Rich..e.........PE..L....5.d...........!.........*.......s....................................... !......S!...@.........................................................H. ..(.... ......G..T....................H.......H..@............................................text............................... ..`.rdata..............................@..@.data...(...........................@....rsrc...............................@..@.reloc........ .....................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\Midex.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):129760
                                                                                                                                                                                                                                                  Entropy (8bit):6.686100620416484
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:wACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazG+k:wACUTz1JlopG5K4OZgeC9
                                                                                                                                                                                                                                                  MD5:18198BAE7294424D3607F776F5EF7B0F
                                                                                                                                                                                                                                                  SHA1:5EBC82D4C91ED2736F98AED57EB8578F0F225C33
                                                                                                                                                                                                                                                  SHA-256:6078F5FDCC332F617773AAE89AC3DB0888A0360A32BB6D9431D716471D1C480F
                                                                                                                                                                                                                                                  SHA-512:507D625C0643165B12A2C0EA01765445AD632136DA0A40B14EC36B0E1794D3ECE43CE482B5E4C9281565AE3BF226C60FBA5A25C085430EC5F1D17B7563CAA4A8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................\P5.....\P7....\P6........................W............r.......r.......r.;.......S.....r.......Rich....................PE..L....lL^...........!.....:...........E.......P............................... ......"-....@.........................0...D...t...<...................H....(.......... ...T...........................x...@............P..L............................text....9.......:.................. ..`.rdata...p...P...r...>..............@..@.data...t...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1910576
                                                                                                                                                                                                                                                  Entropy (8bit):7.58137479903026
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:hbGcPcWSOwiGJ+aKznZOqbU3tFKU+9wOKXd9AVjrr:xGGcWSYGJ+94iU3tIU+qOs
                                                                                                                                                                                                                                                  MD5:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                                                                  SHA1:EBD3E4A1A58B03BFD217296D170C969098EB2736
                                                                                                                                                                                                                                                  SHA-256:2A97CB822D69290DF39EBAA2F195512871150F0F8AFF7783FEA0B1E578BBB0BA
                                                                                                                                                                                                                                                  SHA-512:1B204322ACA2A66AEDF4BE9B2000A9C1EB063806E3648DBAB3AF8E42C93CA0C35E37A627802CD14272273F3F2E9BC55847DFA49FC6E8FFB58F39683E2446E942
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].T...:...:...:...9...:...?...:...>...:.K.>...:.K.9...:.K.?.).:.A.3...:...;...:...;.n.:.A....:......:.A.8...:.Rich..:.................PE..L...]..d.................n...J.......R............@.................................u.....@.....................................x.... ..|...........H....j..............T...........................@...@............................................text....m.......n.................. ..`.rdata..Fr.......t...r..............@..@.data...............................@....rsrc...|.... ......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\StdUtils.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):200416
                                                                                                                                                                                                                                                  Entropy (8bit):6.688698057656482
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:sRXOjZpSOAPrzjyfvwyYUDBftoJiEqNuozAsWFFowXV8xBY90JZx4INb54UVuH7d:OOdpSOGvWjbLtBwF8TJL4IxVuH7xlh
                                                                                                                                                                                                                                                  MD5:F2AAC54C495BD4566228E5CC2CBBFE97
                                                                                                                                                                                                                                                  SHA1:3DBFCA2AB60C17B1A0FCF3E6B8EE7AD18173FED7
                                                                                                                                                                                                                                                  SHA-256:22AE097B02F02A7C2151B113DD5756965D3857A148DF19C745D4DA2A4887B292
                                                                                                                                                                                                                                                  SHA-512:FEFFFD62B4735D7AF459A771FFB73AF8AB0BE8CD08C1BA6B009D28CF9F97AD138976F628AE28600CCA0FF10B7FFFA63B94E34EF4328623A28F8088F028597BFA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........f.................................x...g,.....,.......,.................a..........,......e......e.......e...............e.......Rich....................PE..L.....l^...........!................\........0............................... ............@............................T...$.......................H....(..........0...T...................,...........@............0...............................text...8........................... ..`.rdata.......0......................@..@.data...............................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\inetc.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):38112
                                                                                                                                                                                                                                                  Entropy (8bit):6.31022202046075
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:sEE9m7Lbg4nqAYYDqAvELv5TGjgy06EqAMxkE:sEJnbpnBDBED5TjxIx
                                                                                                                                                                                                                                                  MD5:5FDB8BD2FE89ED7B03F2DBE64D5F51EC
                                                                                                                                                                                                                                                  SHA1:355AF194C6C003ADD61808F7D65C104C3B221AC5
                                                                                                                                                                                                                                                  SHA-256:4A926AAD3FD97366E164E92CC0D37F76E6ED348757F72EDA499C3DE19671BCE3
                                                                                                                                                                                                                                                  SHA-512:FA177B5710E2479C59E7E0A6047D69C09D565905105D08F983840B0E77209DB0B8DF6646FE9827997619015888B536F7CC0B1654F6AAD383B2A571C4694274E1
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.q,z.q,z.q,...,s.q,z.p,/.q,..t-x.q,..u-{.q,..q-{.q,...,{.q,..s-{.q,Richz.q,........................PE..L...B.b^...........!.....6...|.......2.......P............................................@..........................W..l...xY..d...................Hl...(......p...PW..T............................................P..p............................text....4.......6.................. ..`.rdata.......P.......:..............@..@.data....V...p.......L..............@....rsrc................Z..............@..@.reloc..p............d..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\jsis.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):130784
                                                                                                                                                                                                                                                  Entropy (8bit):6.313676957875236
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3072:33Zk9fOAewM0+W8NVH28fB948igEWo8P+fidx:33qNOApM1G8fBpidWZ
                                                                                                                                                                                                                                                  MD5:4A98ACC5AD0E701E3289231FDB253A5D
                                                                                                                                                                                                                                                  SHA1:A8E7452658EA0777CF838FEE2ABEC806B147E832
                                                                                                                                                                                                                                                  SHA-256:E9B0AF410098EFA3848CCCA171C6933C70FF06B241F3806FD3816EAB5757BEB6
                                                                                                                                                                                                                                                  SHA-512:1213061966D9858467CEEA746EEE2A00CA381CC693457E347D58BEF7996DAD4F5EE7412FCC2A4E48F96256445D966141F2BCA993132FCE4402142A57114D8AB3
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.Q.'.?.'.?.'.?.....4.?.'.>...?...;.2.?...?.&.?.....&.?...=.&.?.Rich'.?.................PE..L...^<.e...........!......................... ............................... ............@......................... #......`6......................H....(..........."..T............................................ ...............................text............................... ..`.rdata..@%... ...&..................@..@.data........P.......8..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\jsisdl.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):25816
                                                                                                                                                                                                                                                  Entropy (8bit):6.714415723163507
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:Ej42b45gg3PClGaGU8D1sNy06EdAMxkE6:Ej42bggA6bg1yx1xW
                                                                                                                                                                                                                                                  MD5:E149A8BCD017059151E37881A442ECBE
                                                                                                                                                                                                                                                  SHA1:53AFEE6CC4B8098BE98B199D6B2148B0B48D247A
                                                                                                                                                                                                                                                  SHA-256:2AA66C5745BBF99412C735C601B9592DCE1EF6C888D76EC0FD817D580EB0CB07
                                                                                                                                                                                                                                                  SHA-512:8F8340678C78F2BA1C4D18F6A108B97F0516A32EF379735C7DAC5B23595B809DEC3FCA87551B107E33637B56107540293166729325BC6EF131C0F968278A61C2
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9]..X3.X3.X3. ..X3.X2.X3.?1;.X3.?13.X3.?1..X3.?11.X3.Rich.X3.........PE..L.....b^...........!.........R.......%.......0.......................................f....@..........................0..d....2..P...................H<...(...........0..T............................................0...............................text............................... ..`.rdata.......0......."..............@..@.data....D...@.......(..............@....rsrc................4..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\nsJSON.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):37600
                                                                                                                                                                                                                                                  Entropy (8bit):6.707926977853279
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:K1vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpqy06EHAMxkEk:K1bYPHqu7EUhL27bT8xnxw
                                                                                                                                                                                                                                                  MD5:52B19EAA9500F892FD83F8012D705701
                                                                                                                                                                                                                                                  SHA1:FB06D3004A4AC2C937E878A0AC3285ECE4E305FE
                                                                                                                                                                                                                                                  SHA-256:081F0B9830921894DF2D8920AF6D7069C8F2298622AFC954731A58C4E2423391
                                                                                                                                                                                                                                                  SHA-512:82632417A41D9F593C62B8E850E824749BABCF3480C5663767477097B27C680A72CAECBCB7C9F88061FA2C998A99FB3DAFB5A5796CAB464DF4E945FA93D267B6
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>E..P...P...P.......P...Q...P...X...P...P...P.......P...R...P.Rich..P.................PE..L....6.a...........!.....H...........*.......`............................................@.........................pi..H....l..d...................Hj...(...........i..T............................................`...............................text...AF.......H.................. ..`.rdata.......`.......L..............@..@.data...$............^..............@....rsrc................`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\reboot.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):26840
                                                                                                                                                                                                                                                  Entropy (8bit):6.837130188655359
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:NimyF0m1ZSB69hT0JLbQjCPR28t5zKIBPUJy0swiEv9AM+o/8E9VF0NyTP2:Nil2EOPQATrRBcy06Ev9AMxkE92
                                                                                                                                                                                                                                                  MD5:B951C5DE3420EA1B7FC980DE0F16A606
                                                                                                                                                                                                                                                  SHA1:47729AD26FBDDEE96DD5D29E161852CEA5B94A25
                                                                                                                                                                                                                                                  SHA-256:7CD1263FAE809FF7BD3F359008661314C9D35C1F6062AF9C81C3130F562BC2AE
                                                                                                                                                                                                                                                  SHA-512:D3C5D890A550B884C81A5C2A2A19E25E7A6BAEA9E2C13AD5A8D5B624D21FF5865253354D1AE60F7CA1D088AC2035EB4D4585A9AF16C549AF89DC0D7FFCF2CB74
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.0.>f^.>f^.>f^.7...7f^.>f_. f^...Z.8f^...^.?f^.....?f^...\.?f^.Rich>f^.........PE..L...c.b^...........!.....*...........4.......@............................................@..........................@..`....B..d....`..............H@...(...p.. ....@..T............................................@...............................text....(.......*.................. ..`.rdata.......@......................@..@.data...0....P.......4..............@....rsrc........`.......8..............@..@.reloc.. ....p.......<..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\remoteResponse.json

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):763
                                                                                                                                                                                                                                                  Entropy (8bit):4.763873824695284
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:YiKwpqL1sjhSG2qwpHgZaJzjy+BrwTSJ0GddZaExdcuevifHZA1DG:YiKwkHgI5e+Bu6BdKEXe6vZUDG
                                                                                                                                                                                                                                                  MD5:09A81B85E1C4D585CB785F1AD0EB7FA9
                                                                                                                                                                                                                                                  SHA1:B26E218182160CA89CB47E119EBA4D9845217B5A
                                                                                                                                                                                                                                                  SHA-256:AD7F8FDA3921F6240B63E3D61B2CDA4838DC43E387A308D978F187A68CF1CE22
                                                                                                                                                                                                                                                  SHA-512:E84231B4CE690ECB967589D90A338CAA0EB9F5EC299DD764FDA897FDB00878DC57B2433491BE34ECA34A90769EE1AC4986B53845D4D6379A2B73B7C60305EDF0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{"av_extensions_native":"lhnnoklckomcfdlknmjaenoodlpfdclc,dmfdacibleoapmpfdgonigdfinmekhgp","campaign_group_id":"2911","campaign_id":"29239","country_code":"US","register_install":1,"remote_disable":"0","request_uuid":"c7de38b924bf485394f30826245f2832","search_provider":"yahoo.com","search_provider_google_client_id":"NULL","setting_enable_bankmode":1,"setting_force_default_win10":"1","setting_heartbeat_install":1,"setting_import_cookies":"1","setting_import_settings":"2","setting_install_background":"0","setting_launch_install":"1","setting_launch_logon":"1","setting_popular_shortcuts_v2":"0","setting_shortcut_desktop":"1","setting_shortcut_startmenu":"1","setting_shortcut_taskbar":"1","update_retries":2,"utc_date":"20241223","utc_timestamp":1734977698}

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\sciterui.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):6398680
                                                                                                                                                                                                                                                  Entropy (8bit):6.757721296323737
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:yTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwL9BlK5p:yTvkTLVTAudcoJheBnknfFrqNVMu
                                                                                                                                                                                                                                                  MD5:269EDAF14B5B99A0869A5480DEC9D9D2
                                                                                                                                                                                                                                                  SHA1:B9F8CE759CADA0874EA2181751E05899658E34BC
                                                                                                                                                                                                                                                  SHA-256:9752FAB0F93CF571407A4954ED46C0D5F5B1A858BEBD551231D2D21C707BEF70
                                                                                                                                                                                                                                                  SHA-512:682AE7AE6B4A03DC0EE447E35DA73EF0CFC488984047FD6551D89634382A10F18F84A84B9868484CF1586AEF35634C00F5D3CA083954954127DC59992C33E2DD
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h..............|~..............|......Rich............PE..L...3I.e...........!.........xa...............................................a.......a...@.......................................... ..8ta.........Hza..(..............T............................................................................rdata..............................@..@.rsrc...8ta.. ...va.................@..@....3I.e........_...T...T.......3I.e........................3I.e........T...........RSDS..i....E../'.K......D:\work\d58bb94b48143cdc\Contrib\build\out\x86\MinSizeRel\sciterui.pdb..............................T....rdata..T........rdata$zzzdbg.... ..P....rsrc$01....P!...ra..rsrc$02................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\thirdparty.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):95968
                                                                                                                                                                                                                                                  Entropy (8bit):6.540971049765208
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:uqNkPugFq0hRqcS+rYS0wreCmbsWmXKcdCbAKPz7VPxzxm:uqN0u8q0hRqhcelwXLyAKPz79W
                                                                                                                                                                                                                                                  MD5:5D1F1A9575A20E6273D3F1553378DA7C
                                                                                                                                                                                                                                                  SHA1:97E28C80F8C4DED7F91198B677A02491158F85EE
                                                                                                                                                                                                                                                  SHA-256:DD9B241E2F8CDC6C9A098AF68EC462850EBBC4391ED57967B37A4CCBC0100A27
                                                                                                                                                                                                                                                  SHA-512:14BD97CBD1328010E9D613EE1CEC13A9C7008F7C26739C5B054B77D6BF2A41FE8B73FD6D9438228DAE70632838AF898AF26B5A0A73A1387E8E4F5FB7A3CD8AC5
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f......................................................,.......,......,.......................................Rich............PE..L....d._...........!.................g...............................................c....@......................... >..|....?......................HN...(......`....6..T...........................(7..@...............t............................text............................... ..`.rdata...g.......h..................@..@.data....2...P.......0..............@....rsrc................8..............@..@.reloc..`............<..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\{D7DA69EE-8493-43EF-962E-703A105C1C7B}-NortonBrowserInstaller.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):65448944
                                                                                                                                                                                                                                                  Entropy (8bit):7.999991284933744
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:1572864:GlV0WspelqAu2ccTxIWf/Gh6QCxCm+bOGyG:wSWmecAdn/GsRG
                                                                                                                                                                                                                                                  MD5:02FF6DC897DF3D84D148C554D3780542
                                                                                                                                                                                                                                                  SHA1:49E0393F83552FF57187D43C9EA3BB1D546F9BD6
                                                                                                                                                                                                                                                  SHA-256:946C89860ABC8608FF4B01FF24C03B9D858A44C77C0215FF626D56B232671352
                                                                                                                                                                                                                                                  SHA-512:41EF98ECC8F4412D7F860A94C6F47AB1ECD77220F2C217909FA705D18B5D42E23329043F472B84350DFEAFE7E640F9E8F1BD054C9EDCAE24BAB43323151F0234
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....Qg.........."......0....x................@..............................y.....%=....`.................................................PG..P.......p.x..p......H2y.......y.$....F...............................@..@...........pI...............................text............0.................. ..`.rdata.......@.......4..............@..@.data........`.......F..............@....pdata.......p.......H..............@..@.retplne.............L...................rsrc...p.x.......x..N..............@..@.reloc..$.....y......0y.............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\qBittorrent\logs\qbittorrent.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):148
                                                                                                                                                                                                                                                  Entropy (8bit):5.021245782841669
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:wVXR5g5ScXOFdfXRky5sR5g5SN5D7WtdFGWKP8XnsKEx2PnjXOov:gB5g5PXOFdfmr5g5s7mdfbsKEQPnjXOy
                                                                                                                                                                                                                                                  MD5:C570901999198A6F581D7720C34E0C55
                                                                                                                                                                                                                                                  SHA1:7EDB4486D6F317C8BC81FCB4098DFB92CF2689B5
                                                                                                                                                                                                                                                  SHA-256:1360A9C6CD66C67892B19D9CE2985C4E0BF876E76A0D25E238181FD2066B9443
                                                                                                                                                                                                                                                  SHA-512:3504F5F77EEE3D9847D643CE006CE0FD2E8158124A778AC2E7D15C7C6D61DE2374E71075B4B25F9C659B309DB742999C4C900D0A8300F028C1F9BA7B3ADA7C5A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:(N) 2024-12-23T13:14:57 - qBittorrent v4.4.2 started..(N) 2024-12-23T13:14:57 - Using config directory: C:/Users/user/AppData/Roaming/qBittorrent..

                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\{F9F84341-2470-41EA-B6B1-606ADB85BB2D}

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):372
                                                                                                                                                                                                                                                  Entropy (8bit):5.477080087772333
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:hxuJzhqIzyYk+qRU4zEdxXZiqNpGeNEYEQQpFMq8hJg9O/UKUPUrhlUu9MK34QL:hYXc4xXgqmeNs3Mq8M0/hUcrHd9LIQL
                                                                                                                                                                                                                                                  MD5:B7009711580178EB3A5943C095E555E3
                                                                                                                                                                                                                                                  SHA1:F9B12D94A852C70973F1598E6E766E5C0BEE6170
                                                                                                                                                                                                                                                  SHA-256:76F2AF3F7033B55C399109D96541D76A91A00A51F3CDA7422F4A073D10A9E7C9
                                                                                                                                                                                                                                                  SHA-512:11C7E024A0616219BC7214071F66B7E8A930E60F22EF90F3619CE7B08497B95316FD23D2AFEB6EFD22DA92FC3DDCFE48AB3D831338D7D58403FE7AC7B4FB5105
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<!DOCTYPE html>.<html lang="en">.<head>.<meta charset="utf-8">.<title>Error</title>.</head>.<body>.<pre>Cannot GET /service/check2&amp;appid=%7B5837B1A5-B72A-456A-B09F-F680E9AB5E02%7D&amp;appversion=1.8.1649.5&amp;applang=&amp;machine=1&amp;version=1.8.1649.5&amp;userid=%7B0E196050-DA70-4D2F-82A5-B1AF29DC64EF%7D&amp;osversion=10.0&amp;servicepack=</pre>.</body>.</html>.

                                                                                                                                                                                                                                                  C:\Windows\Installer\527688.msi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):3.710330368678027
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                                                                  MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                                                                  SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                                                                  SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                                                                  SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\52768b.msi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Norton Update Helper, Author: Norton LifeLock, Keywords: Installer, Comments: (c) 2022 Norton LifeLock, Template: Intel;1033, Revision Number: {F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}, Create Time/Date: Thu Jun 8 11:50:54 2023, Last Saved Time/Date: Thu Jun 8 11:50:54 2023, Number of Pages: 300, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.11.1.2318), Security: 2
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):3.710330368678027
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:gPeAETBOSI7Ley3M5ICNsSSAoHx5Pey3M5IC0ioXh:SMBOS8eWMmCNsjeWMmCE
                                                                                                                                                                                                                                                  MD5:079852B401B4C83A1982255DCFD795B3
                                                                                                                                                                                                                                                  SHA1:4C54232099461DECAD52F45F827503B7C40C8BD0
                                                                                                                                                                                                                                                  SHA-256:1F0CBF6DE9A292E02474D32763D54F22108FB15226BD4D2D5B8113C3207A1248
                                                                                                                                                                                                                                                  SHA-512:1F07204FCD763FBFDA6D535F9CF4C9971045CBFF3127A2464E46529A8E59FF5269490ED5AB74F71FD957F0ABF3B42D2CF8258F12738D543097EC0DF89E8FFB2C
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI77F0.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1629
                                                                                                                                                                                                                                                  Entropy (8bit):5.663439119495741
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:YEV9KJnuEyYGoYD8SFoeUlcnIV9aXuqguEVltWJcXhV9oRXVM:YpGyw2etyMEPgFk
                                                                                                                                                                                                                                                  MD5:8AB1D5124E49EBF82D067917CA529E1C
                                                                                                                                                                                                                                                  SHA1:2A47CF1436B96C8475F443552F83BF4550C68D1F
                                                                                                                                                                                                                                                  SHA-256:5AF0EA50461BDAC9AC1550F99054852D0E8DA932D7CDD58B4F8E7101597E1478
                                                                                                                                                                                                                                                  SHA-512:6C61EDBD046B8575C9EF08038039DE2BDBA75D8C99990CDC8364AE4319F5E092876ACBF229422D3A693E54D7EE282B4878383A537F5F40B003EC422956F7CCD7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.i.Y.@.....@.....@.....@.....@.....@......&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..Norton Update Helper..NortonBrowserUpdateHelper.msi.@.....@q....@.....@........&.{F1F27AB3-30CC-48BD-90B4-7AA3CF80EB1F}.....@.....@.....@.....@.......@.....@.....@.......@......Norton Update Helper......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{717B7059-A988-492F-AF1B-DCF70BE809AB}-.02:\SOFTWARE\Norton\Browser\Update\MsiStubRun.@.......@.....@.....@........WriteRegistryValues..Writing system registry values..Key: [1], Name: [2], Value: [3]...@.....@.....@.3..$..@......SOFTWARE\Norton\Browser\Update...@....%...MsiStubRun..#0....RegisterProduct..Registering product..[1]......Please insert the disk: ..required.cab.@.....@......C:\Windows\Installer\527688.msi.........@....H...C:\Windows\Installer\527688.msi&.{469D3039-E8BB-40CB-9989-158443EEA4EB}..&.{95

                                                                                                                                                                                                                                                  C:\Windows\Installer\SourceHash{469D3039-E8BB-40CB-9989-158443EEA4EB}

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.171397947275457
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:JSbX72FjyAGiLIlHVRpIh/7777777777777777777777777vDHFiqjBER9JTrl0G:JEQI5w0OB49YF
                                                                                                                                                                                                                                                  MD5:7A3796507E62F2A1A8F3C7EF5E160339
                                                                                                                                                                                                                                                  SHA1:80BE4D24D0DA863A60F7DAAD47435DB01C08CFE0
                                                                                                                                                                                                                                                  SHA-256:CF903D72149BA4873C0BE0EE84EE3483889E8C653C04EC9304444BB1B50FE566
                                                                                                                                                                                                                                                  SHA-512:E605DCBEF7EBC7DAC7002BB5E3C1B87A4C65A6327CCC0ABC06FC29749A4C8CA0D3D988923D9945E5F1E04DFC867B1C5C72B0DBA648745BBC269AEAF706EB9581
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.4544937098006108
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:I8PhNuRc06WX4UnT5odaMIbS7qdTCSIN8lgk:XhN1knTZbb+k
                                                                                                                                                                                                                                                  MD5:5FEFE211FC42C4069DDF87315A2EEF67
                                                                                                                                                                                                                                                  SHA1:57C61A950D86F3E0DCE679BE3A15F6E5056729F1
                                                                                                                                                                                                                                                  SHA-256:EAF27B7C9A6DD9A525D93AD1D3DDAF63812B10932E5431CFEF3EA80AD968E9B2
                                                                                                                                                                                                                                                  SHA-512:B1995D7B0263A17BFF928C1AB3061B86F95A0AC6AC6AA53872E9E6A5AAEA1ADADB6F918468592C81E9ECCD54FE02EB254962BFA9EE998B61D2D74051033A10DC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):432221
                                                                                                                                                                                                                                                  Entropy (8bit):5.375171354748807
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaur:zTtbmkExhMJCIpEru
                                                                                                                                                                                                                                                  MD5:D42FE1E87A5F330FFB6FF119C0D6D74E
                                                                                                                                                                                                                                                  SHA1:3D2219FFDFD6E7535B789D27BF6B0508AA8B4379
                                                                                                                                                                                                                                                  SHA-256:6077244556BB35DEDE6B4B31347087AE7B93DE653E9F5851146393D47BC30993
                                                                                                                                                                                                                                                  SHA-512:7C9EA29AC0251F4B031AE9348C9FBBA94559D9D3602E3AF58D5FF5E25932EDEF9E0ACC7C2772F3085C208BEAA2D27198D98D2CEBCC9D35754B0F011BD7035F56
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                  C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):55
                                                                                                                                                                                                                                                  Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                                                  MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                                                  SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                                                  SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                                                  SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                                                  C:\Windows\System32\icarus_rvrt.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):53048
                                                                                                                                                                                                                                                  Entropy (8bit):6.729924975001718
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:oLfUf1lD2x7hxdVxuEzi0dnw/M4Elp3+rdA3Yil3iPmbLtGds9z:obUf1lSxT3xuEW0ioTEdA37Z7VGdkz
                                                                                                                                                                                                                                                  MD5:B7D7665142FFFEA10744503B184CBE1D
                                                                                                                                                                                                                                                  SHA1:1D649481483540D4C08A537A0AC05A1DB55AB59B
                                                                                                                                                                                                                                                  SHA-256:DCE354F23E841A0A92242B0DCA5D692B00071698A891D7228049C76C6824357E
                                                                                                                                                                                                                                                  SHA-512:CEDE5360BC1B565CA4E351734ED47EF161CD0593D7C5EDEB191E3B54237C305750549B54E36E5BF7A97D071402DA22CD4D639F0CCFB25FFDA32808F8E45EB65B
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...ex..ex..ex......fx..ex..@x......ox....M.dx..ex%.dx......dx..Richex..................PE..d....7.g.........."....&.R...*...... ..........@..........................................`....................................................(....................~..8Q...........}...............................................p.. ............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...............r..............@..@.rsrc................x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\bug_report.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5944648
                                                                                                                                                                                                                                                  Entropy (8bit):6.511430665598052
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                                                                                                  MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                                                                                                  SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                                                                                                  SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                                                                                                  SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\config.def

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):579
                                                                                                                                                                                                                                                  Entropy (8bit):5.420426163811309
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:2AcW1OPqygANI+xzYN/pBM4b0a3Uk74YrTpuROfzZMVxYnuiqdQulUUyrZaLk:rVAJI+dspq4NUksYr1uALqVxYnuVmUyT
                                                                                                                                                                                                                                                  MD5:173270F3089BF6034FC92088D6DCF89C
                                                                                                                                                                                                                                                  SHA1:AC76FCB0656F834B3885B904D7D56E03C540D19B
                                                                                                                                                                                                                                                  SHA-256:26CB6BEF15DFD9BE0ADA61AF5F78F3C9AF378E0DFCBA7AC82A9687268F59C2DD
                                                                                                                                                                                                                                                  SHA-512:A0D1A171DB7F230F68C9AE9FB4FFACD65C5FCACBFDE717497D06AAF8722CD19ACD395A34DE6B106766EE8AB259E9E38926E98CBC4B6AABE5A96944535D729FAF
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:[ui.offer.actions]..url=https://ipm.avcdn.net/..[ui.offer.welcome]..loadtimer=10000..url=https://ipm.avcdn.net/..[reporting]..disable_checkforupdates=1..report_action_ids=RID_001,RID_002..[common]..after_run=1..config-def-url=https://shepherd.avcdn.net/..report-url=https://analytics.avcdn.net/v4/receive/json/25..wait_for_net=60..[ui]..enable_survey=1..[updating]..conceal_hours=1..fraction=100.0..updatable=1..[Signature]..Signature=ASWSig2A588B6BC0DE03C9E59882D00BDADE9E83F2814DB13B70BA18D1DDEB88B7E6B157468EC649853ABD1CB908465E40D29BA47D917D25A4AFDB2DA4ED2513FCFD5ABFASWSig2A

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\dump_process.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3531080
                                                                                                                                                                                                                                                  Entropy (8bit):6.522879430230983
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                                                                                                  MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                                                                                                  SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                                                                                                  SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                                                                                                  SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8425288
                                                                                                                                                                                                                                                  Entropy (8bit):6.449288731687494
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                                                                                                  MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                                                                                  SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                                                                                                  SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                                                                                                  SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_product.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):891720
                                                                                                                                                                                                                                                  Entropy (8bit):6.585338360673374
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:Doke10t8BAFF101+6zAdrZ6WhyBsrTDu+iGVTCCz/Yph0lhSMXlit+oc3q8+a/7:0TZU1A+6zCHC0bzmh0lhSMXldx3N/7
                                                                                                                                                                                                                                                  MD5:A3E668864285E04A02573E622C124942
                                                                                                                                                                                                                                                  SHA1:81498BDE4114F03F9AA5F6CA6097F9616689341C
                                                                                                                                                                                                                                                  SHA-256:689C118B8824D399F4A54875C30CD47AFAE467D96E571CF0DA47B775DA21231A
                                                                                                                                                                                                                                                  SHA-512:2DC8124D1F360B4B5708AA72203EBC6786E6A9CC34C8006895ECBB43E457ABEC5CF5967CD62D9D50E6406BFAB44DE699E968DF5178D82FDE98B75B399EB3AFC0
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........h..........|{....|{.x....:......................|{.....|.....q....e|.....qT.....|....e|....m|..........e|....|{.....|{.....................8......P.........Rich...........PE..d....BHg.........." ...&............................................................wd....`A................................................0................p...k..Hp...+.....................................(.......@............ ...............................text............................... ..`.rdata..j.... ......................@..@.data...........J..................@....pdata...k...p...l..................@..@_RDATA...............X..............@..@.rsrc................Z..............@..@.reloc...............`..............@..B........................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_product.dll.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 891720
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):330898
                                                                                                                                                                                                                                                  Entropy (8bit):7.999463671306361
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:6144:2Q4TuG9pskki5VyWURdHTW0NLFcUQMsnH41fWafmyYAywiWPt8VAi7h:2FXsiQRdz3NLPQMLsY6wi/VB7h
                                                                                                                                                                                                                                                  MD5:A93333D33435FC21F66C0EA7D0922EFF
                                                                                                                                                                                                                                                  SHA1:D3EC2C8028194993EF842A43ADDE39F56384AD93
                                                                                                                                                                                                                                                  SHA-256:AEE57B1F33AB198785BF833B178A13279A33FF13F49E6F9B7FC1A87E979ABEB7
                                                                                                                                                                                                                                                  SHA-512:1813E2B7FA9C11DD0F7474F891BD72A50E3703D9D313B71C779D68D39E227C6E7A2CC34D98629540956729A7D196D6ADC0C7D496A9BA4E7D954CB93B2D6E40D9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.H........&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f..2e...l{..1.*.cH...1...:.E.................3.)..!<.s(u..y.u....](+.q*?F......A....fJ.pWUnd.*....N##.X.:...1-Tr......K...0.w.....E..w.N..,.....7gv....]...T..2.=..........u...b.9.<H.0...9f...v.v1.S1..c.+X......<.qp..4`.o...uA...%*N....*..%5Gs.....?].U...).[....W.,r..d....@.Ar.....k.t..7.J.Z*.x......].....M.O.IW.7+....V.......`5..cNS..t(.B.y.a..0..x...s..x..<'...P*.n{K]t...qtBVYA..lh.Qp>..J.B.N.r..."...<.w1.&.Of...f...*7|..-[S:.'T.......*.Yd.%4...P|3..U(.D..qS.KS.....W.Mf..Y.(..S....\.lp..C...]d...;. ..*..b.5..>X...v.b....P.d.OD.........(.M.c.d.Z..y...<.U...T.0...c."j(.3b.X23.H_[OoRM...v.Oo.a..e.........J.......]..is. ...G...Q..........t.Ze].......P,...hw(E....ZXO.og.8...s.Qx.R...,.......:.....&;.....q......l..........Xl...r=.L....>...y...Q..i'.m.5..G....7...uy.q[..\[.-.|.s.....d..K.N..E8...3>_..q9....bKy...N.r..8.|...[..U.....Jm..?.......u.j(

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_rvrt.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):53048
                                                                                                                                                                                                                                                  Entropy (8bit):6.729924975001718
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:oLfUf1lD2x7hxdVxuEzi0dnw/M4Elp3+rdA3Yil3iPmbLtGds9z:obUf1lSxT3xuEW0ioTEdA37Z7VGdkz
                                                                                                                                                                                                                                                  MD5:B7D7665142FFFEA10744503B184CBE1D
                                                                                                                                                                                                                                                  SHA1:1D649481483540D4C08A537A0AC05A1DB55AB59B
                                                                                                                                                                                                                                                  SHA-256:DCE354F23E841A0A92242B0DCA5D692B00071698A891D7228049C76C6824357E
                                                                                                                                                                                                                                                  SHA-512:CEDE5360BC1B565CA4E351734ED47EF161CD0593D7C5EDEB191E3B54237C305750549B54E36E5BF7A97D071402DA22CD4D639F0CCFB25FFDA32808F8E45EB65B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...ex..ex..ex......fx..ex..@x......ox....M.dx..ex%.dx......dx..Richex..................PE..d....7.g.........."....&.R...*...... ..........@..........................................`....................................................(....................~..8Q...........}...............................................p.. ............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...............r..............@..@.rsrc................x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus_rvrt.exe.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 53048
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):27149
                                                                                                                                                                                                                                                  Entropy (8bit):7.993255690221499
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:768:vbqp7/fuSuynOSDItJa7Ir3KOf4hnpVpS0Aaj6nW6/VI:vbq9/XuQOudQf4DSauW9
                                                                                                                                                                                                                                                  MD5:6BE6C5EC4D747F287734910D404F19E4
                                                                                                                                                                                                                                                  SHA1:93FCBE75AC6D47ACD5791A4FFE4C22FEBA79B139
                                                                                                                                                                                                                                                  SHA-256:C19E6E4F6DC6EECBBBEE78747EB535F74C692FE57B1DA2F93678236B67C9ED83
                                                                                                                                                                                                                                                  SHA-512:F7ACC151D79B10619B73A6E3172DD563EAEA938D423AFF5D896F16A62E31E84743D53C26FF0352E2882404604A6305FA08D7E205544990E0E77113A9E007E6FF
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.8........&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....J..."..+$......%X..v..mq.(..q.X..Zk*fO L...|..W.......T.....6o.M&2.....}...WN..+..+...^.....1.Is.......j..k.... ..Q.d.....H.+.X.t...5.........+.m.....X....t...e.m3.9.......&..Y.g..K.....;....WJ....]f.M..R$...i.....t&..^.2B.m...]#......Vw........g.H.........I)'...X..h.....^.6....._.d...W.....z.....f....f@.....d....6..w._W ./......O'.`..TO.g9.YE..3.....:G.@v...t...u.L.z...`F.@.R.....$..?.~2.P.......F....D..*de...yP.=...;..n....D..(...\x.-+.u......%L..W;.2s....U>R.....^;..X...#={.m.b.A.%I........(...|....9lT%O.a~V....P.#-g.$.a.7..!.!_,i.g;.........S.....H........-u..........&.Kw..............6..veJ..5Y,8....%.b=..qE...p#(S...>|...\+.^.}_..#..r.[v.Ln/.!.r....e.3..]4.xm..u..vW.W....n0+.2.A......T.x:?..-.@..h.fiG...Dk..zjGL;4....yu.xZ...."]...4.x..}.K..],..\PR[b...r.&mJ..8..:...&F...I.H.......S..Z...PzikY.}P.p...0V...a.....ws...}.p.>cc..A._.x[G{j;.

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\product-def.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):61140
                                                                                                                                                                                                                                                  Entropy (8bit):5.19004057146788
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:1536:vOt4htupPgPSOKOlIZciIgIX3I5SnW8UNWDmhtEnx4y+/iQwBynnsSaJeOHnB4lS:ql9EzKWfzZ
                                                                                                                                                                                                                                                  MD5:30920CBD1AAB979B19159A35BEC72D48
                                                                                                                                                                                                                                                  SHA1:C1A37D9B62C5FF5F1AF23C2DF6F7789B1A19A409
                                                                                                                                                                                                                                                  SHA-256:8548F8B52F9186C78838C82331633B23D35C7FA429AE03C2BBE0DAD48259F7C3
                                                                                                                                                                                                                                                  SHA-512:9424AEF76AF0085158165F9DA12CAD3E1EFFD96A6DD237E6BC8FDF8A07B8A015000C888958FBA8751078F50B605042F1E4596843C4E170672F5A0CABAFF5ECF7
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" ?>.<product name="avg-av-vps">..<product-defs>...<config>....<install-folder name="AvVps"/>....<full-name name="AVG Antivirus Vps"/>...</config>..</product-defs>..<group-defs>...<group name="base" mandatory-selected="true">....<action-list op="install">.....<delete-pending-files/>.....<commit-extracted-files>......<important>true</important>.....</commit-extracted-files>.....<expand-vps-version order-base="commit-extracted-files" order="+1">......<important>true</important>.....</expand-vps-version>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg-av]%" exists="true"/>......</post-condition>......<src>%PRODUCT_INST%\*</src>......<dest>%PRODUCT_INST[avg-av]%\defs\%VPS_VERSION%</dest>......<ignore-same-files>true</ignore-same-files>......<move-type>Immediately</move-type>.....</copy-path>.....<copy-path order-base="set-property" order="-2">......<post-condition>.......<directory path="%PRODUCT_INST[avg

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\product-def.xml.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 61140
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):13435
                                                                                                                                                                                                                                                  Entropy (8bit):7.984851071270686
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:ZRC1RPLsrlFm7jNFxtvYncH+MWfEaGiU2LYrylaXr5FsLELNNIODNUKmRJBbfh3u:3CXwr2ncM9aGi3YrTtP2OOKWJBbfthyR
                                                                                                                                                                                                                                                  MD5:DBECFCFEA3D6A28C490B6AB667DF8549
                                                                                                                                                                                                                                                  SHA1:B0B36213FBF4075F58BBE6BE22710CB3C3D2E7EA
                                                                                                                                                                                                                                                  SHA-256:972978CC871325B27BF149EA04FBD071F3CCD5BA017B4A27D0C883033DC5374E
                                                                                                                                                                                                                                                  SHA-512:5E23AD6DD488726C7CB862A5D048C63493CDBD35E8E263AFEFCC7D07E28114DB8BE4F09E83CF7066025B1D49BEB10868991115E888242C5DAB73285E5CC92AEE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@................f......{3....&.7d..>$....`K...H......8..:_..~...\......>./........%..H.......o...Y....9-.f.P!....p...tC.k.....[...j...7^..1......N8...2....`..D.X.....h.TXhJk]......k...*3...J_..@[...URa.nK'.9W.a..Z.3k/.1e..gF6?.t...~.3e.=........BD....v...G7=..C.zM[B9d^..A...!....3BN3.(`..5T.....ZY&#AM.JA.......lnm.L.`x.......b@.`!...:...ZV.M~.P.%,.p.....Y..X2.oa.\.....}^....>.....7.{R=...3m>......I40Bua......[.q..Fn3j1....V6Wr..i9=P.(.8.......).\r..H..E..]?..&.mu...%x/..T......0..h`.E.h.228.....Y.4..9...vb.Gi.....f..SZ....w.k....E.....i.+.4...B....6......j......#.B..........[@..E......AP.yQ..%..V.YTN..Ue...?y.........z.7..ttP.B...%.O.._....].d...5&.1.Z./.]..Jg^V..S[d@1..~.R}.Y..}|Z...>..N.%.....A..J.#.....5.......u:8...IA.....q[!...!.o....Q''Imd.$.;]f..l.%......Z?.N.~T....c....q(....#...1Z.".....H.'n..w=6h.`.C.P.8h,.3%. ..-..+.....dW.U......K~..dg...\5&..........KI.s..v.~.u......l.......J..b......0.....Kw.6...M.....&....}.?.r.Ok...D

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\product-info.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5931
                                                                                                                                                                                                                                                  Entropy (8bit):5.1005989521720645
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:96:aVhDIkbjalzi/lgA4l3xlemZlKUz3rr62NM/7sXnqlbnlm2gVl6eUlgV1Ba+sSmM:acOjalzi/lgplhlemZlKUzbrxNM/YXnp
                                                                                                                                                                                                                                                  MD5:D4E1463D2E10EA78432BED03FC4BBC58
                                                                                                                                                                                                                                                  SHA1:C446153B97ED7985E00FCAFC5507DD7F265A57F6
                                                                                                                                                                                                                                                  SHA-256:3261F4AEEAADC8EE209DEB9F84E9CEA88CC126B27ECB88E5C70FBB1D197CC85C
                                                                                                                                                                                                                                                  SHA-512:96B8D69EDD0AC521F7050A6264BAA6C4EB920646F4D40963B636C5925BF30942AD2E0FEDEAB8D06CACA5819A6E34A262B6CDB834C38FC06564475F55624B26E4
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av-vps</name>..<version>24.12.2304.8777</version>..<build-time>1734970124</build-time>..<inner-version>24122304</inner-version>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1734970047</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1734970048</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<o

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\aswOfferTool.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2463560
                                                                                                                                                                                                                                                  Entropy (8bit):6.7877829379438115
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:Yms+K+wDPbHIC9gAvAfAAEV1rnFTZT0krlGW+q:Yh+FUjHICaAo7ELxTZT0krgq
                                                                                                                                                                                                                                                  MD5:6FA67E53082AADD57DC5FF9663B427E7
                                                                                                                                                                                                                                                  SHA1:0D4C9335BB7A04EF61CECDCA24612135D116C0C7
                                                                                                                                                                                                                                                  SHA-256:0927BFA8AA5A89A5B58DD7E3D70B795C4005BD9F6B550659CD6F8B0D2A751E7F
                                                                                                                                                                                                                                                  SHA-512:66E4D4D26FA47EF1A84BF3EE6BCFB0B59C4CEF62A3242573694182C79DA980DE412BC3E46AAB7B1B526C307563E485A85069DAE380992A34751B95C51FFD4060
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.............E...E...EY..D...EY..DZ..E...E...E...D...E...D..E...D...EY..D...E..~E...E...D...E...E...E...D...E@..D,..EY..D...E...EZ..E...D...E...D...E...E...E..zE...E...D...ERich...E................PE..L...zBHg...............&.z........................@...........................%.......&...@.........................@.......(........`.............Hl%..+....%.$....,.......................-......8,..@............................................text....y.......z.................. ..`.rdata...Q.......R...~..............@..@.data...<n.......H..................@....rsrc.......`......................@..@.reloc..$.....%.......$.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\aswOfferTool.exe.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 2463560
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):931125
                                                                                                                                                                                                                                                  Entropy (8bit):7.999802194058071
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:ENPdHsNVNYqE54xEA95k9Rx5EJf7JDK2W5RuIaMH1:EDmYqE54SAzk9RPEt7Jw5vDH1
                                                                                                                                                                                                                                                  MD5:1D5C7B36DBE8113B8B832B3A2D9E4669
                                                                                                                                                                                                                                                  SHA1:EC950585DAD815A430C30F7B9F127F1DE3DC0666
                                                                                                                                                                                                                                                  SHA-256:9E6192794963B565E5B0744307F77C5BD0ED912C695653A46982E4DD366BCCAB
                                                                                                                                                                                                                                                  SHA-512:CDE64F9864A9FBCEFFA60BB8FAE3B05441ABDCAD28C89AAAE6232DADA802F90C5C422A4A2B040478D44B152B864AD67D0DAB4FC34C465D881820BEB0C7BA81D6
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.H.%......&..p.........../D.|..b..6>..p.}#......G...)p{` ..i=`...k.<....G..7.p..C..K.N.........^.....~.0...Y.3xH.$.%.sH......q(.F..#.Vu@......j..*m.";..^.N.>....I......p.....n.|....C..A.`4.c.w..`..|...K.D.@N..mv..,..T...b../..!.2.=...S)B^*b_T....G.W..{...&..";VP..D....#a5....s...C..C..9.@.q.0....cB..........0F..* |2\.9x..YFM=]s.qk...b.aezx..S.\.pe...k.|.........Tb.N.......c.n.Hu1..Q...G.............1........\t_.'#..s...WJ9Tqx...x?`.$W.^........7.2...s$..S.Q..v...7..V.8..,~..*gB..kcL..d..S."|B..\l.s.....O...'S0.hC....`../..5...W...ha.......w......,...T..b?....XQ..6.T,.........~.~.U.g..`.2W......9.n4....6.[b.......|.....Gn..|.Y.z5.d./...&..E..m.]W..KU40...c ..u...A...z..DL..H..+..^.:...$.s.\....Y.N..+.%*.].......b.'Y_.;9o...&..t...G}....m.....5W-........X.....I'...yJDB.....E..C1.V.5.....-<..q..\...+..{...j..3........U.~..."..u.@....0.....K.u........[..i*Ur...7F...W...8.00R=..{..#C.6XM#....(....2x.X....w...8+..[H.K3i.\.#....R..{R...+...

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\bug_report.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5944648
                                                                                                                                                                                                                                                  Entropy (8bit):6.511430665598052
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                                                                                                  MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                                                                                                  SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                                                                                                  SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                                                                                                  SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\config.def

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):760
                                                                                                                                                                                                                                                  Entropy (8bit):5.392444363663049
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12:2AcW1OPqygANI+xzYN/pBM4b0a3Uk74YrTpuROfOOXy9G9QV6UaAAOheMjisU2T5:rVAJI+dspq4NUksYr1uAWOC933jI5rk
                                                                                                                                                                                                                                                  MD5:77F4B8E808586AC5EFD0F74F07C41713
                                                                                                                                                                                                                                                  SHA1:3ABFBE5681BBD4A687C193A120BB3DEA10B16A80
                                                                                                                                                                                                                                                  SHA-256:C6B0BDA024F7CFBB32151632D7A06A7411CE19275D847266E1853B05A5AD6A20
                                                                                                                                                                                                                                                  SHA-512:FCD8D79F1F895191111AF891296F306FD76B6E1810546E911165A14CEDB3F0F65A75F6304F5B71CF8E1BCB9BF626EC8FD62C61D1D261FE3B9C2B6B6EF8E8CB2F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:[ui.offer.actions]..url=https://ipm.avcdn.net/..[ui.offer.welcome]..loadtimer=10000..url=https://ipm.avcdn.net/..[reporting]..disable_checkforupdates=1..report_action_ids=RID_001,RID_002..[common]..after_run=1..config-def-url=https://shepherd.avcdn.net/..report-url=https://analytics.avcdn.net/v4/receive/json/25..wait_for_net=60..[ui]..enable_survey=1..[updating]..conceal_hours=1..fraction=0.0..stable_prefix=default..updatable=1..[offer.browser.asb]..decision_type=1..download_url=https://cdn-av-download.avgbrowser.com/avg_secure_browser_setup.exe..enable=1..priority=1..ui.offer=welcome..[Signature]..Signature=ASWSig2A68832743267EF1C24CD05C7E865EF0E8E83F109FD997312CB62ECC07F3D306231B7596ED813A6E4C6527036271FF50FEEA673EE7546099D224CDC9B99A3B11E9ASWSig2A

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\config.def.edat

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (2186), with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21873
                                                                                                                                                                                                                                                  Entropy (8bit):5.690464339074782
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:D4JxeXHtpV2gtJi0YbwA+V4B3p+3JBG1srr7dld13eWc8oEKAo:gxe99JiF+4BWBWwL13ej8opAo
                                                                                                                                                                                                                                                  MD5:E9865C49EFCC70C08B60AB5A99BFD76A
                                                                                                                                                                                                                                                  SHA1:12FF40AC0ED120D246BB7C1DB56066682BB60C4D
                                                                                                                                                                                                                                                  SHA-256:267481C5C3FF66EC6DDA02134B1216D85C12470555581F92B423A29C91DB547A
                                                                                                                                                                                                                                                  SHA-512:E9185E7B2622E03B158C6991F7DE414319EE499B7A4B01AA82C36D193D0432392D89FE4678B48FC53EDF3D4905F314F0AC67F93812162BF8DD445BE6AC647F8D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:[RemoteAccessShield.Setting]..BruteForceMaxAttemptsPerDay=60..BruteForceMaxAttemptsPerHour=40..BruteForceMaxAttemptsPerMinute=30..BruteForceMaxAttemptsPerTenSeconds=12..[Settings.UserInterface]..ShellExtensionFileName=0..streaming=0..[WebmailSignature]..GmailEnabled=1..MaxRequestSize=16384..OutlookEnabled=1..YahooEnabled=1..[WebShield.NXRedirect]..Redirect=0..[Features.SwupOpswat]..Licensed=1..[BehavioralShield.Common]..PUPAction=interactive..ScanPUP=1..[WebShield.WebScanner]..VpsFileRep=1..VpsFileRepScanAllPorts=1..[Offers.GoogleChrome]..DefaultState=0..ShowInComplete=0..ShowInIntro=0..ShowInPaidBusiness=0..ShowInPaidConsumer=0..ShowInPost=1..UseTryOffer=1..[Offers.SecureBrowser]..ShowInIntro=1..[Settings.{D93EF81A-B92F-27FE-AF54-9278EA8BF910}.const]..ScanAreas=*RTK-SUPERQUICK;QuickStartup;QuickMemory..[AntiTrack]..Enabled=0..[FileSystemShield.FileSystem]..EngineLdrModuleFlags=24..[Fmwlite]..License_check_interval=16..[PerfReporting]..AvastProcessesWprCaptureInterval=0..[Components]..

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\dump_process.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3531080
                                                                                                                                                                                                                                                  Entropy (8bit):6.522879430230983
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                                                                                                  MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                                                                                                  SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                                                                                                  SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                                                                                                  SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\edition.edat

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:Jn:J
                                                                                                                                                                                                                                                  MD5:9BF31C7FF062936A96D3C8BD1F8F2FF3
                                                                                                                                                                                                                                                  SHA1:F1ABD670358E036C31296E66B3B66C382AC00812
                                                                                                                                                                                                                                                  SHA-256:E629FA6598D732768F7C726B4B621285F9C3B85303900AA912017DB7617D8BDB
                                                                                                                                                                                                                                                  SHA-512:9A6398CFFC55ADE35B39F1E41CF46C7C491744961853FF9571D09ABB55A78976F72C34CD7A8787674EFA1C226EAA2494DBD0A133169C9E4E2369A7D2D02DE31A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:15

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8425288
                                                                                                                                                                                                                                                  Entropy (8bit):6.449288731687494
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                                                                                                  MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                                                                                  SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                                                                                                  SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                                                                                                  SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_product.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):7074632
                                                                                                                                                                                                                                                  Entropy (8bit):6.486902090088866
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:+zdxWpixBidNhPpfUwr593W+QZMSF78Oaxz4yG6JyZf:+zdxWpixBiDht93W+QZMSF78OYz4pZf
                                                                                                                                                                                                                                                  MD5:D86C3547360DB15C094E32FAAB54AE3A
                                                                                                                                                                                                                                                  SHA1:E197C16BE3F3AB8B2C9C5C4621984F2F9B28BA0C
                                                                                                                                                                                                                                                  SHA-256:9BBDC59F38BFA64EF3305AC3B0B8B2D89522DCD4F59363A5324A4089730157E8
                                                                                                                                                                                                                                                  SHA-512:03FD7FE09F13C052A289847CA4F9F2EF78AEAF03E431DABA617E7E4CBC5FA6813F96D19CA007196A961B3C5C822BF63C6D398C3B72A192F412345726F156071B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W..:...i...i...i...h...i..zi...i...h...i...ha..i...h...i...h...i...i...iE..h...iE..h...i...h...i...h?..i...h...iX..h...iX..h...i...h...i...h...i...h0..i...i.}.i...h...i...h...i...i...i...h4..iy..hG}.iy..h...iy.xi...i...i...iy..h...iRich...i........................PE..d....BHg.........." ...&.4H..l$......%.......................................l.....Oml...`A.........................................._......._......@l.......h..M..H.k..+...Pl.....0.U.......................U.(....U.@............PH. ............................text....2H......4H................. ..`.rdata.......PH......8H.............@..@.data....w...P_......4_.............@....pdata...M....h..N....g.............@..@.sdata....... l.......k.............@..._RDATA.......0l......"k.............@..@.rsrc........@l......$k.............@..@.reloc.......Pl......*k.............@..B........................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_product.dll.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 7074632
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2087067
                                                                                                                                                                                                                                                  Entropy (8bit):7.99990334673335
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:49152:/yf+BFH+dEXmVEL20MtW17aRT761Cv1zyOnIzzAkIqbu:/2+3HyEXmT0MteiW1CtWzUfiu
                                                                                                                                                                                                                                                  MD5:F22487BDE9ED1A7EDB44AC7BE68AC791
                                                                                                                                                                                                                                                  SHA1:FC8CD1F1769425149D36A93F3761F1454C9D2BE1
                                                                                                                                                                                                                                                  SHA-256:EB59F36A27FF71FD3BC7E59AFDB09A07C08616280927A408F01DBAF0F4AE5974
                                                                                                                                                                                                                                                  SHA-512:C8B4E9721C0E370A367E4AC236A9BC6FEF17289ADE0D731D1544B2E47CA32860C7362C8715FEC8723960563CB7F023B8ECF2064A26804EAA923E99EAAD0CC6E9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.H.k......&..p.........../D.|...D9...B..y.i...-......;OB.....`......>...s_9.Lz.I..W..?.K<..............>.....W.Q..."..2.7._.$e.K.....c.K.^."...._@.Qh.l.=...h....Y....j.E1..|.q_.D...*..U.....z..-K*.?........1...a.2A.u)....q.9.........o.+.09.81Oy...zk..m5../.?Mj,D,.d..2.......^...X.0.y...,....bi.N..4V'.!.b.Rt...f.h.>.XF.-..2}......L...^...P......{...#9R.<.pl....!..o,. :.u.o.p=.y.."<.D9'...D....+.W... ..M2......O..T.._.-.1."..-?.xCm..2*lx3f&..^.]Xh..D.G>..=/[.._.5.Gf....U....,~I....8<:.\.f.=w.c.q.0.*.7F.._...bWt..v..gP.$\.6.a.e:....#.%@1..e..c.<.0..5.,.k6.<.L..P...=V.W.-.@.|m.......Q./"..\.t......JZ.......d..........+.Vdk.$...L...X...n...w..B.._VF..M. 5%..u........C..i......G.p..,..w..;Z.<.........../W.X..I.\U......@O....#A.E..),.w.R..Qv4<.e....>..)Y.:.a.R.C...-J1..)H...M..S.@t...p.5.?..._....&.....nN...O.B.H.t.....t.p..B...i....8...hz ^i.....;.+...m...W...`.jZt(........ .@j=.!Y...8.ZwC$.g...`....%.R`5E..........7..z..S4..uws/...~.e.n

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_rvrt.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):53048
                                                                                                                                                                                                                                                  Entropy (8bit):6.729924975001718
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:768:oLfUf1lD2x7hxdVxuEzi0dnw/M4Elp3+rdA3Yil3iPmbLtGds9z:obUf1lSxT3xuEW0ioTEdA37Z7VGdkz
                                                                                                                                                                                                                                                  MD5:B7D7665142FFFEA10744503B184CBE1D
                                                                                                                                                                                                                                                  SHA1:1D649481483540D4C08A537A0AC05A1DB55AB59B
                                                                                                                                                                                                                                                  SHA-256:DCE354F23E841A0A92242B0DCA5D692B00071698A891D7228049C76C6824357E
                                                                                                                                                                                                                                                  SHA-512:CEDE5360BC1B565CA4E351734ED47EF161CD0593D7C5EDEB191E3B54237C305750549B54E36E5BF7A97D071402DA22CD4D639F0CCFB25FFDA32808F8E45EB65B
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!...ex..ex..ex......fx..ex..@x......ox....M.dx..ex%.dx......dx..Richex..................PE..d....7.g.........."....&.R...*...... ..........@..........................................`....................................................(....................~..8Q...........}...............................................p.. ............................text....Q.......R.................. ..`.rdata.......p.......V..............@..@.data...............................@....pdata...............r..............@..@.rsrc................x..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_rvrt.exe.lzma

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 53048
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):27149
                                                                                                                                                                                                                                                  Entropy (8bit):7.993255690221499
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:768:vbqp7/fuSuynOSDItJa7Ir3KOf4hnpVpS0Aaj6nW6/VI:vbq9/XuQOudQf4DSauW9
                                                                                                                                                                                                                                                  MD5:6BE6C5EC4D747F287734910D404F19E4
                                                                                                                                                                                                                                                  SHA1:93FCBE75AC6D47ACD5791A4FFE4C22FEBA79B139
                                                                                                                                                                                                                                                  SHA-256:C19E6E4F6DC6EECBBBEE78747EB535F74C692FE57B1DA2F93678236B67C9ED83
                                                                                                                                                                                                                                                  SHA-512:F7ACC151D79B10619B73A6E3172DD563EAEA938D423AFF5D896F16A62E31E84743D53C26FF0352E2882404604A6305FA08D7E205544990E0E77113A9E007E6FF
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.8........&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....J..."..+$......%X..v..mq.(..q.X..Zk*fO L...|..W.......T.....6o.M&2.....}...WN..+..+...^.....1.Is.......j..k.... ..Q.d.....H.+.X.t...5.........+.m.....X....t...e.m3.9.......&..Y.g..K.....;....WJ....]f.M..R$...i.....t&..^.2B.m...]#......Vw........g.H.........I)'...X..h.....^.6....._.d...W.....z.....f....f@.....d....6..w._W ./......O'.`..TO.g9.YE..3.....:G.@v...t...u.L.z...`F.@.R.....$..?.~2.P.......F....D..*de...yP.=...;..n....D..(...\x.-+.u......%L..W;.2s....U>R.....^;..X...#={.m.b.A.%I........(...|....9lT%O.a~V....P.#-g.$.a.7..!.!_,i.g;.........S.....H........-u..........&.Kw..............6..veJ..5Y,8....%.b=..qE...p#(S...>|...\+.^.}_..#..r.[v.Ln/.!.r....e.3..]4.xm..u..vW.W....n0+.2.A......T.x:?..-.@..h.fiG...Dk..zjGL;4....yu.xZ...."]...4.x..}.K..],..\PR[b...r.&mJ..8..:...&F...I.H.......S..Z...PzikY.}P.p...0V...a.....ws...}.p.>cc..A._.x[G{j;.

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus_ui.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12384584
                                                                                                                                                                                                                                                  Entropy (8bit):6.57357572805349
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:196608:p2BLFQqGBFdSvlxOQAKFt1Sw1flisrqNb:pGLFQ4lxOlKn0MNisrqNb
                                                                                                                                                                                                                                                  MD5:151364F07CCA741F9E70D2222003AADE
                                                                                                                                                                                                                                                  SHA1:21C6749D1563FB01A99218B37C8BDAF449BC72E7
                                                                                                                                                                                                                                                  SHA-256:E9E9A93A90FDACB5677472FBFEB58DFCEA5047E1D044CAE69FE1FAC0378F6D60
                                                                                                                                                                                                                                                  SHA-512:D1BE3B425CD9BB0321EF33B881E3A6740135B86F7E3041E34ADD38933A5D9E819FF7CCC994C21FB1C306E4284B6C5D86260D54B454A0ECD5FFB3974C053FE52A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........7R..V<..V<..V<.^$?..V<.^$9.TV<......V<...8..V<...9..V<...?..V<.^$8..V<..)8.pV<..)9.aV<......V<.O#8..V<..V<..V<..#9..V<.G#?..V<.G#8..V<.^$=..V<..V=.(U<...5..W<...<..V<......V<..V...V<...>..V<.Rich.V<.........................PE..d....BHg.........."....&.~....a.....P..........@.....................................9....`..................................................................@...H...+... ......@...........................(.......@............................................text....}.......~.................. ..`.rdata...{%......|%.................@..@.data.....4.........................@....pdata..@........ .................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\product-def.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1328262
                                                                                                                                                                                                                                                  Entropy (8bit):5.392938987790726
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:cwUVl9zvHIiRDSkcu2vlETMoB9SebjSkYu:cwUpAkGu2vlETM1ebjPYu
                                                                                                                                                                                                                                                  MD5:EB07DF8DD82F53102E8D11BBBC710BB3
                                                                                                                                                                                                                                                  SHA1:27496ABC3727699B049941D8D601F4C3D3942088
                                                                                                                                                                                                                                                  SHA-256:6B80FA1F82216A58BDC872DE1A8E2CF9D2C485D135CF3414B797D58EA9354FA4
                                                                                                                                                                                                                                                  SHA-512:25A4D798601A7CDDE6869B3B8BC01258F4FB98E11DC49A0A531FE7CCE39CE1FBCFE609AC0B67C849E2BA37A558C7DFA7B600E39DFC8F7318BFFE3509A7EFD406
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\product-info.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9546
                                                                                                                                                                                                                                                  Entropy (8bit):5.274796830995219
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:dO7aJi/aMbmNyyVlMoyZfsUzbmx43/wXnqlcoV0eU7USsOdSIu2EWUYusO4:dUyMmNy0uT1zjyeQeOIxtWUzB4
                                                                                                                                                                                                                                                  MD5:A34AD82C753D71407866D9A538B50B9C
                                                                                                                                                                                                                                                  SHA1:3C902044E1124DB647E157E50DBA71EEC20C02F0
                                                                                                                                                                                                                                                  SHA-256:6DD5A2E60BB46B3BF14A25CC382AD8506FC833DF411BFE64BCBA89A16BE2B41E
                                                                                                                                                                                                                                                  SHA-512:12890040EE507EB29ADB45EDE7DE7B6F1379F0B9C86BDBCEDB8D09B6F84F71C5820CEF36F4245D8DC605E9FD42BAA24112AA5F44F25B63F27E7C5095B4401C77
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>24.12.9725.2390</version>..<build-time>1734372882</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1734372793</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1734372794</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<nam

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\setupui.cont

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):388896
                                                                                                                                                                                                                                                  Entropy (8bit):7.999454561919189
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:6144:cZv1wTLXngkaPp4+eKpqIf+DiqKojxEoiG9jnFgoh5EDgBE+1qPl03uuARWAgTMr:c91wH5STqIf+DiCeM1h5EDsqPKeuAxK0
                                                                                                                                                                                                                                                  MD5:76344DB87A002E2F8A2D60D4D6EC96D9
                                                                                                                                                                                                                                                  SHA1:CE2A7412E2CDB002AB70D14AF4BD25E752B6FEC6
                                                                                                                                                                                                                                                  SHA-256:F6C29C470A756F71F14AD40453E27AA8E141BD3443B84483C733C282EACC8F7F
                                                                                                                                                                                                                                                  SHA-512:638B7F3854D5ED38924ED5E6C953F986D941460BC5DC3A45A86F741473221473E25988D8DCA0E62D5EB34254CA8E55B44249D86FFCDAD95028DBC18183CCA23E
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.7zXZ...i".6..!.....F.;...2..].0...?..Lm.K%. .6.X.....L.@#........EG.K._<.g...._...m.D.d...S:4.4J..k...._.B.x...e..E.nT..a...d)$.#...A.....U...i.R.....t..R....D2/!.Y5.......X..yD...*9}I.LN......./5.\Rm....hl~_.n..O.....>....-.~..0..4JO..!.........(.t.O"..D1.u,.>;.FW.^.o......W.n.....b...."...4....M.....k...H.......b...1...&4..<wO....*.j.:...M..i.$.../..U...eN.(.J..H5+.o.g.l0..n....s0...m...T...>..}woH.Y.P.........{l..s.."4.I..rg..\....8.W+H.xur..)M1.Lk.y.g..lT.N...."....\wX.5........2./.=.9..l...PI.o.h..GpTO.4.|":.........6c......X..{?.....Od.r7...Z.1KQx2.....!.C."Y..p+.(..d..<x[.1......<.6.\..c....V......0iQ..b-..i..{........[d.u1k........)...U......U.'?[P/=.3F..........)*g._..N...{.,f..c...n.-...x2.F`>+$ea.....s0..}..d|`......@.h.......i..tt..h*I"C....B.~....o..jc.>KP.QdqYK..@=.....cr..{.1....X.........[S.q.. ..`...l2.%".D.\-..xm......+.Hk.....N..S.G....p*.u~...Ph.?....|.Z ............_...........).....>.u...wRV..?._.....y.!VS.;|.

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\0c4b621d-4397-4af1-8ed3-161e84a7467d

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 3531080
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1024725
                                                                                                                                                                                                                                                  Entropy (8bit):7.999821315855513
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:24576:64ZDqa6E/JvqxKImmDBN+HAZLfT7O2iZvHF04PwUjsptlB:645N/QTN+X3ZK4Pw1Hb
                                                                                                                                                                                                                                                  MD5:B30B0361A61E22319E031BE300E0A058
                                                                                                                                                                                                                                                  SHA1:825B4E782C05019352F9C54AFF6855503D4732CD
                                                                                                                                                                                                                                                  SHA-256:B585CF3A5B8F95A32268E7CCA1CD7F5A743A1EC6A715D6151CA5DC3693F002A2
                                                                                                                                                                                                                                                  SHA-512:C70EBFDBE505422CE5AD4D47971C80A9E8CC908D22B2BC7F15A55CDD5CD276E2DBA8FACE0C710DF31CB6B406BE13692FF24F8201A967723B3326A94667DA6FD0
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.H.5......&..p.........../D.|..y..:.}.._..G...5mA..aQ..c5t ..+........w.uRl.,E.u9....r....dV....\....N..ZH$n.X.......<....|.N&..I@z...XrT..0O.j;...Q../b..-..g..F.......|.1A.\;.x...-....'`.y.\.9...hG.|...<.i..>.z...3`tP....x.9.:'.O6..0+.S ....zhs..C2O.X;D...>.GY.....4..M....IO....N.z`2.^...T..s.O."...0d.`.d.n............c..X...lkz.5'3..'[E....,m.kVt.Gx.L.pM.P4.].+ d.0... .d...F.@.f..&.H.l.v.I..D...i|._"..........RB....8.......X.v>.......d......>.=..'.W..)....v.Ut2. ...{....|k&.k....g'QV....|...6..k.N..6\....|.G.5.....v9.u.....(...X..[.-....0..4...:QrF.....RR...lhjW..n..c0q..9.....=]'~....N;c[.7*.=E...(.....wx.X8M..Z.b..n.?.....ECx2.8.d......?....GO..........qS.T...q..}...XN.m..,~...*....s..q..H.^..1i....*....{.o.....!W_d{.N.......J6.Vg...i.....................i0.....R.......#..o~.....8nW.......F..rn._.U........V=....Su..j.yk7.^._..C..........EDg.:sl)......L\.J...S.*u06`.}.BW..... ..<..T#6.*...-v~..q....!..7.....X.x.C.V.~g..o.A..#...}.

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\1d487711-d4e9-4740-98a6-3f3510d93dc3

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 1328262
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):143779
                                                                                                                                                                                                                                                  Entropy (8bit):7.998660051027999
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:3072:woHPYBqeVZAlvBiyK2Cu1ii3ZwA/MifImzB1A4iQrkM:5MqebWBeu1fZwApTztiY
                                                                                                                                                                                                                                                  MD5:4A31CDEC2EA9DEE0568BEF89D914FA14
                                                                                                                                                                                                                                                  SHA1:8E4983BBCB0A8D48186BE29E4758849ABF23D661
                                                                                                                                                                                                                                                  SHA-256:FC8868B60CA6E192DDF9A06CDE31D1D7FF9A19425F8F424CAA627D376C876B06
                                                                                                                                                                                                                                                  SHA-512:B31A387E051E85DDD7A68B2D72FB59844D220549C000DBBE9DA0AA03978C062501D5BDD95FFFECCBB3D7FD5CC3E24C121652DAA638B8789F76DE1A24EB60174D
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@..D.............f......{3....&.7d..>$....`K...H.......4...^.a.)....0C:.6..n.f.c...j...$Px...........X.PMf$5.B....O..DN....[.d..s..s..M..:B..(.N..L.?7=~Rg.[...N!."..8......1uW.#....;u<Q..MC..Kl.#.9!U.3N..N...^....Gp..a.@....-.m..Q...c.6.....]..vK..I..(.<..s.1h.r..)y.]!J9%...*/.(]X...%."....Y.,.J.......Z..T,....u1.&......n..&.!E$Dn<..;."....@..90H$Jk4..{i%.@^...q;.%.t!......Md..fJp) m.0..>3......hs...Y.4..<...Q8.$.@.n...u..N..X..ia.f..o.."....b<...^X...z.U;..[..[....A.`.W.0.X..l...v.GfM.9..y..q... $.....4E..Xd..[l.>..R...z../KjC*d..9J...!.O..U.^.l..].S).zLS.[90....O."0...kX[$V!...b{...1&.*@a{....|.Bg.....d0K.KGS.....r.h.]m.9..}.>Y.Ha..Sh.\.UgmX.......Hm.!8.?..k..r)..z.M........bc0:...N9?Qf.w78.....j.C y...;...V8.8..'....HE.Ur..A.,.4.....k.:'Vm.M.J.`..V....*.`.U#...\.8.G.`:......7...P."~.T....|...n......qsm.|..a....L......M580...............e...c1.9.8B.i<..@..~...5..&......kl@..<%8./H..R..9...g..nm_...s.c...."...P...Da.$l.#.;c.$d.w.

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\28344a05-e14a-498e-900c-511013b44a45

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 15688
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9881
                                                                                                                                                                                                                                                  Entropy (8bit):7.982144056447914
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:va5QFe5kFCIgy2UX/GWISJ+ut3gXwU4Vp6RUxWKr9w5mqKokS6mNL6fb:vay6kFxaUXOBINQAbgRUx79w5xKok/uY
                                                                                                                                                                                                                                                  MD5:AE04DC0902D3306BE8A16E9C824EC526
                                                                                                                                                                                                                                                  SHA1:29977902A92BFD75234E8ACA64BC57A627FBC782
                                                                                                                                                                                                                                                  SHA-256:D5ACF32560137A3AFEE4E10CBE3A5630D75A8DF139922824FF78F9FA713B6D93
                                                                                                                                                                                                                                                  SHA-512:8D448254F8F9A9161782100FAE1D1F062C9BFE04555D4B30AC5457DB02A5D8A7C513BBBE013ADB1D9F386CD0F58A3607CEF864DE9A68FDDC22348453BF634B13
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.H=.......&..p.........../D.|.........{...cl..KN......TS;...p....."...gW.....~...~....oF~;....L.c.Jc..k_....P....u*....E.~.Y.......0....\.:._.........]Q...o..V. .....e.D.K$j...d<...e`.XN[y.|....W..cv....U..%.C.d/\G*2.a....Q....._........ .`.!...#.h..|)...G....p.8.Py...=0,.8'.4...L..Po..d.;.Q.#..R.I..&N...C\....<H..<.UT.b..w(..G...D..S*....K..V..O3z.r.........t.5..U..wb...8H.:..4...c.'....wv.j%c....=.....q.D......s%Gr.>......I1.n..s..h...<........N.B......F.&.7.U6@.LM..@.LB.....BS.P..vA..W..r..2.v.C.UM.{.|....\..#8......::.E,..h...X.X....o..ii~.A0......Q.i.C.FZ.....,....y..h.....yr.....qB...`..-.i...\8(.........!./@...r.|T.|.......Zm...1........&G~....Pk.q.&.a...8..*..}.D.7..`"B....}.P..i.v.........}....h.Z.%.!T+.L....4.b...S.H...r.;t........PK)2.C.y<..^0.....C..,M..Z..s7.VA7[Z.<_..H.C....+...e. .'.{..l?.....@.E...#.oq.....i..@......J..G.m.nf..=. ....9;.y@...)....:.....>.......E...b...!H|f.q3|.I..a..Sq!.....6.f../.^.b

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\73ba32b5-f7bb-4e77-a2d3-27898a0648be

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 12384584
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):4013693
                                                                                                                                                                                                                                                  Entropy (8bit):7.999951248371016
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:98304:8C7VaUF0yi3wH4mmiTOA1RKldIwQSv9bM3QC:H7VaI0Z3o4QqDzoz
                                                                                                                                                                                                                                                  MD5:1751FFBAA0682BA752E1EBEA6B6259E3
                                                                                                                                                                                                                                                  SHA1:01A52320D884B13A6A92DD476A8837C25F551EFB
                                                                                                                                                                                                                                                  SHA-256:E91471DCAA978E828AF58403F63859F6459837C2E7E6BFB24BB6846643E743E9
                                                                                                                                                                                                                                                  SHA-512:504302B962AA99FF55B0326D2F29787EED6BD2C586CDCB733F03F2E67EEAAEA0CB56847E3779B8027F4CADA9C945D4E48E5DC8DDEEEE2FBE029D9E0F8CEC1592
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]....H........&..p.........../D.|......I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f.......s;1a9f.$.h[3..A.....G|pk^..d....&..5.....f.=......o.../1p..'....y......l\.>.\....rK3s.9E.J.O.....%_m.F..#.l.......Q,..%..0....!.........y.....m.C..x...F .W.v?..9.N...{|1Vx..$.z.v.f../.:.D.)?0.j.....'.......sXvZ........m^;ti6wv....MG...:...V.z....0G.Mg./up.f..XEw...iMkF.b....^....(..}......!..O,...9?&..p..Gl.......0_.F.... ..R4...-..*.w.~..@...U. r........f.Q.n*....Y.........w....Fc..... J.8.3.!.~.....i.Z.<......ro./WIK-a...2y.Bh.1.......VS..J.,..Yc.c]..+....z^vl.d>.GF\=Y.WvT...............0K..D..l. 1.(bz.n.8.....uS_5..$V..j"..1.V.C..-...."..P<B.^z.&.P[\..Oq.(kb.q.....r.....G.....d&.E.-.~H.;... .*wD........T#.....M.@.....&d;.s........;...........&q.D..)V.IL.........:..*.\hg.......h:Y.g.\...j...e'.n..L5.9.SDG.J1?..WJ<].6.K....Q.d./....r.....eX...7V..\.S....sv.....0a1G..M..&..B..A8..:...PI........5'...W@...S....a....g.d..Dm..L....u..

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\8e10f755-a3fc-4561-9bfa-8094a2c867dc

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 8425288
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2532654
                                                                                                                                                                                                                                                  Entropy (8bit):7.99992603160213
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:49152:/WjjaTN6PDXOHqdjB0i8qpmWqeiYdYvSWatmEzB1h796GBXjc:esyaHWjei8qiYO2IEt7kGdc
                                                                                                                                                                                                                                                  MD5:4F97115E493AFF57C86AE0343D4706EC
                                                                                                                                                                                                                                                  SHA1:15CE45B25B64B3958BE2C9ADCCA5A91D25A554C7
                                                                                                                                                                                                                                                  SHA-256:A184C4878F3D33C3B9ACF78931A846C5D45430E245639008803AF803DB02AF6A
                                                                                                                                                                                                                                                  SHA-512:F5C87720A5341EE9C53E8E6E894A4AFFE8244B663367107CCBFA0E9B48356BD12C775E0D11F06C1A2000FDC8A7523B95295760360CACD21E528E1C18C70D9BDD
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]....H........&..p.........../D.|...C..I0..y.]n.u......i...7.....B]......F2$1..../e.Y.....f}{..5.;.@..[.t.......S...z~X...T....l...7..x.].../.o9SM9.(.0...o....}fX's.....G...\|:...c....3_.....H...d.z..Ki...2.XJ8y.y.40.._..,..F.."....X......T......!.0..5.%p.`@.J...e!.`..K".....^......h..[.).N.#.8.M..C...v..,..MI&C..T.R...1c..&n8.....6....e...?.Sh.?..|!&j..........=.k..\..?..p.`..[...]..!@.....7.q..N..F..S...Z...U...)....o.."J.7..K..:Y....cqO.'.9I.../v.....[..?i.....W#.{.a..".tjf.<......./....99\RP...........{.p.~....F......".]...W.$..=e.mU.k...%.T.'...X.....G..E........9.I.S...'`\.a..7...G.5}T.....UET..0...|....?..f....S...I4..L6Z..l.B.z.1@.....H..k~.=I.s.5....k.....e.3.V...]...0...cC.-_...j......E...~...|.......O.nM.y.H.')...L..P.........=A{H.?..LC.l..f.,;..PKS.t....a...u.QH!.Z8.{...@^e..[..?%i.a.=.i....eJm...y....]..a..>X...p.m.)..;.._..V.......D.d......L.....&.K5..XO...~.*}........=.*MG.O..i.5..]...b....z......5..$.f..T.Ew.h?*7m.6..T.W

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\b02adf1d-85e4-48d4-b968-5538b228fb95

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 5944648
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1827555
                                                                                                                                                                                                                                                  Entropy (8bit):7.999904141247566
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:49152:ODI7vzOJ4LkpEKNUBibEk9BxxQAUrV2Dvxr:ODIT/KEqzVpDvxr
                                                                                                                                                                                                                                                  MD5:84952697EEF607B32BC64CFBFFADC30E
                                                                                                                                                                                                                                                  SHA1:285F44353ADBF679AE88C63C9191976E05FA4320
                                                                                                                                                                                                                                                  SHA-256:B2821850BA09E884C2B058094EDF84EE7D72C2988CD575AA2D986CBEFA6579F9
                                                                                                                                                                                                                                                  SHA-512:57BD96CAB4844346B0E05ED3AC4CEE291C814D41AA4A1B86B05CFAC3CAA5501476871E49425363C633BCABDBF635A3072304FF9B9BEAC73EA3628BDEEFC9FBF9
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@.H.Z......&..p.........../D.|....o.e.F<w.,...vY.Ta.....NE..1E...V..Z..m9..^../:Y!....y....eg....>..:o.u...F.d.h...Q..DL...^Mv.m..I.....R..h5.A.....M...i&-u..-...G.k.P.~..D,..\.*U'.)]T..A..Cn..gx....kXem.A;..F.ph.0....)....T.O.1.k.:w1.@.g..^...../.(.N.V.."/.....5.....j...>fq..bFG.+.y...a.v... .Z@.Au.|.H..%.......}..2...i....M....r........TbzT.R....."1.*....\A....X.<....+..X...<]8.y...b.P3x.q&.N...ze.a4$.Zpk.z...'C."..P.$h.....m.=L.3...\.|{..X.EX..f.....M....~q.C3.VN..+...N..|.....U..}<.$a.!j..>.../...9 .F..i. .Z/7_..<......q.o...p..j38.\p....4.B..)J..D.....N:...X.&+....-/.P..Q2...7 .e.H.....&..Ys.(i.j.S.4k......J....!..../.kY.....!..@.[.tV._.....5...W/.[....`FY5'U....L..|.R.F_.K.....mz9....G...#".o.-..L;.5...l6f.1...._.~.U..u.m!x._.N Ep.p........T.:..0Q.u.o.B.g.m.Q....T.P.d.k..V.Y.`d..9.6;{3{.U.hOvk.^D....\....]K+......w.|..{.._!...r..+...q.d..D.%..<YD.*.....K...!"oS.p.....o..i..&...-v.Rw.om.<.134.D..;cCvJ%?..o....?..gj\......B..r.;......M..;`.

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\bug_report.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):5944648
                                                                                                                                                                                                                                                  Entropy (8bit):6.511430665598052
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:rBOxB4b6hbZa5cvkDNiZ9yN/OA+13rIF3TY1Tlm:rBcuV5fDoZ9yN/OA+13rIF3T2U
                                                                                                                                                                                                                                                  MD5:088319BBB8483A4AB883B3EAA6D322A3
                                                                                                                                                                                                                                                  SHA1:8F99BE88AA96D5F31E2408779C2082A586140C0F
                                                                                                                                                                                                                                                  SHA-256:AA901643995C786C0598CE59C6EDC19D0202EF4A3A8A0CB0C1A22E961735099A
                                                                                                                                                                                                                                                  SHA-512:BAA4842408362B600C6F6BDD7F66DDA9F4690F95844ECFCA12CE8619FB0C6C0407C1188C76D414F4006DBD9BCBD6E490DA6637F7383DBD156A493B6CB33035E8
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........[.5...5...5.w.6...5.w.0.z.5..-...5..-1...5..-0..5..-6...5......5...1...5.n.1.?.5.f.1...5...5...5...0...5.n.0...5.w.1...5.w.4...5...4..5..-<..5..-5...5..-...5.......5..-7...5.Rich..5.........................PE..d....BHg.........."....&..=..d.................@..............................[....../[...`...........................................O.......O.h.....Z.......W.....H.Z..+....[..v.. .G.......................G.(....G.@.............=..............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data.........O..B....O.............@....pdata........W.......W.............@..@_RDATA........Z.......Z.............@..@.rsrc.........Z.......Z.............@..@.reloc...v....[..x....Z.............@..B................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\dc2653ef-52bd-45ad-9763-a50198c51c87

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:LZMA compressed data, non-streamed, size 388896
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):394365
                                                                                                                                                                                                                                                  Entropy (8bit):7.999498861385828
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:12288:MiHsN+DsMAGeruomEfcoPUYeI7NgJGR54rB:MrNcsMAGerDThdewBRKrB
                                                                                                                                                                                                                                                  MD5:4B1DD5C2123216AF96B86F6E43BBF980
                                                                                                                                                                                                                                                  SHA1:ABD916E383301C5EF4EA48898E349096CA4846B8
                                                                                                                                                                                                                                                  SHA-256:0D1E33CAC8D5A14FF8E9B55A58EAE20B6E795E5A3B96DB0B829E8801D6E7C7B2
                                                                                                                                                                                                                                                  SHA-512:75DA0D36297D96C6D7BD34F40D9597D729674C96346715B2078CF425AF19F44D02E82845BC2D36A5A1F3B438522AC884C125A453F9062DEDAFB665ABEAB65E2F
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:]..@. ........~..E..8... .rZ.~0.eg6....2..)V....o.z.....gO.....L.1U..........@....Z.]..\..._...9'.....T...2<.u?.]..<!.i.3...gb.`c.*.....@.vu.Y..U.F./..m...(T...w(....m.i...VAX<........1!.W..)..?9k..E.(p..lN.r....,.;Z.;.?..Z..=.._w.'.H....v.m..i...P0m.<q..w..v.:..LE_z...i.....tfIz..(.nI.*...M..N..].h...2e.u.`.....h.}c.K{.].)..YQ......?}..6@.:.@(0R.`Bko.O...K.......Op.d.*.6b....e;....KC..n^..?(..[..S...-H@{z..&...<..T.......U.. .....yP.k.b;SGy..M.%(....L.....AcB........^...;K...cwO.7......h(.4E^.>.S........p....HY..,.?.=.....W........",e...w....z'.7..P.S.T.$...nQ./..rM.VK.sjd..3of...f..+.....P].6....L4...a.>G.D.5...2$o.......Er...m~....%.z^....vqi.@.O.~87....N.Z..3..A..kV......ND}N...1*_.`l.u.Kw..h.?.._.?ZK1.\O?.vv..8.WE....#T....J.....'<~I.dI.-.........FA<.k.f....0....4......K....h....*3.O.Go.....W.0.zc..e.......P......o....BL..............`m......l.bA....0....U.ac.....eH....=.p<F...............H.r?..i......Y..y..9...;-.F..GJZ/..O.

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\dump_process.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):3531080
                                                                                                                                                                                                                                                  Entropy (8bit):6.522879430230983
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:49152:/4ZVltpGu1verv550rDSbIhWeeNErYajCtiZH6AKgtMtchtNaJtGycT+XJlktvTr:/uXIbpI1BGtidJtBo
                                                                                                                                                                                                                                                  MD5:621737307656F95EE47A8FD88F653DEE
                                                                                                                                                                                                                                                  SHA1:007EAB8401237C014EB2A3942220AD83C6AC9A23
                                                                                                                                                                                                                                                  SHA-256:2F8A779D146017868E5DD4E67083675DA9AA5B94A174D8B56C33F58F1EE4FD08
                                                                                                                                                                                                                                                  SHA-512:9D9B29F28B203D371CE65E9395CA67856E5D7952BE46F5C54F05B13545FDCEF7C8C4FC084E239F78B0C4BC21680986D313BCE32EDDD07157FEF7386D601BE24F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.........~...-...-...-j..,...-j..,...-j..,...-..0-...-...,...-...,...-...,..-..^-...-{..,...-...-...-...,...-j..,...-s..,...-...-P..-...,Y..-...,...-..2-...-..Z-...-...,...-Rich...-........................PE..d....BHg.........."....&.. .........`..........@..............................6.....=:6...`........................................../,....../,.......4..Y... 3.,...H.5..+...06..U..x.'.......................'.(...p.".@............. .`...p,,.@....................text..... ....... ................. ..`.rdata........ ....... .............@..@.data.......`,..4...@,.............@....pdata..,.... 3......t2.............@..@.didat..P.....4.......4.............@..._RDATA........4.......4.............@..@.rsrc....Y....4..Z....4.............@..@.reloc...U...06..V...`5.............@..B........................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):8425288
                                                                                                                                                                                                                                                  Entropy (8bit):6.449288731687494
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:98304:m0Lwb72hqfl95H41bgHJdEOKyjhlqAkwjJ2UpIYrchS:m0Lwb72Efl95H5SOKyjhlqAkwjJppF
                                                                                                                                                                                                                                                  MD5:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                                                                                  SHA1:667DD38F434B7E7B334C203E06B87892002AA3B0
                                                                                                                                                                                                                                                  SHA-256:3BA8FBAC3885AA994B335C77D2F1544C6A87420EDC8B0F047B3E46CB527223B1
                                                                                                                                                                                                                                                  SHA-512:C5E67816FC905836D178A8CFCE7585E383F822987E45BF9078E834BB625ED745918615DB8B83DA34FFB7EE46004F579B4CC2B50BD544249E775BF88D4836385C
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$..........Z...Z...Z........\.I.V...\...I...\...H...\...'......J......|.......Y......R......Y...S.'.X.......@...........Y...Z...W......[......[......G...Z......0...@...0...[...0.K.[...Z.#.X...0...[...RichZ...................PE..d....BHg.........."....&..Y...&......t2........@..........................................`.........................................0.r.......r..............P|..x..Hd...+............g...................... g.(....7^.@.............Z.......r......................text.....Y.......Y................. ..`.rdata...H....Z..J....Y.............@..@.data........`r......Br.............@....pdata...x...P|..z...X{.............@..@.didat..p.............~.............@..._RDATA................~.............@..@.rsrc.................~.............@..@.reloc..............................@..B........................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus_mod.dll

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):15688
                                                                                                                                                                                                                                                  Entropy (8bit):6.958791234525559
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:384:wORgChIIIYiifE/Pw1/wfT3ir2WSx7bL4cv:ruRYiisPv3iPmbLH
                                                                                                                                                                                                                                                  MD5:F91371D99394307A7AF600577ED787F3
                                                                                                                                                                                                                                                  SHA1:D7488B8E6E302CDDA9B49EC7CB927D02A38254C2
                                                                                                                                                                                                                                                  SHA-256:48C1D01F6234E7C129B31A0C2388DE0F102F718721FEDF18EDBE19971D4222F5
                                                                                                                                                                                                                                                  SHA-512:F43CE12312A6A2BBEBA57A917DAF28CEE2C36DFE5C9529BB6C89B3390ED3902995F69ED3EBFA8903FD96A093D8DA8251204739A50576DFCE695010833C92C48D
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................................*........Rich..................PE..L....AHg...........!...&..................... ...............................P............@E........................ !..\....#..<....0..............H....+...@..(.... ............................................... .. ............................text...U........................... ..`.rdata....... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus_ui.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):12384584
                                                                                                                                                                                                                                                  Entropy (8bit):6.57357572805349
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:196608:p2BLFQqGBFdSvlxOQAKFt1Sw1flisrqNb:pGLFQ4lxOlKn0MNisrqNb
                                                                                                                                                                                                                                                  MD5:151364F07CCA741F9E70D2222003AADE
                                                                                                                                                                                                                                                  SHA1:21C6749D1563FB01A99218B37C8BDAF449BC72E7
                                                                                                                                                                                                                                                  SHA-256:E9E9A93A90FDACB5677472FBFEB58DFCEA5047E1D044CAE69FE1FAC0378F6D60
                                                                                                                                                                                                                                                  SHA-512:D1BE3B425CD9BB0321EF33B881E3A6740135B86F7E3041E34ADD38933A5D9E819FF7CCC994C21FB1C306E4284B6C5D86260D54B454A0ECD5FFB3974C053FE52A
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........7R..V<..V<..V<.^$?..V<.^$9.TV<......V<...8..V<...9..V<...?..V<.^$8..V<..)8.pV<..)9.aV<......V<.O#8..V<..V<..V<..#9..V<.G#?..V<.G#8..V<.^$=..V<..V=.(U<...5..W<...<..V<......V<..V...V<...>..V<.Rich.V<.........................PE..d....BHg.........."....&.~....a.....P..........@.....................................9....`..................................................................@...H...+... ......@...........................(.......@............................................text....}.......~.................. ..`.rdata...{%......|%.................@..@.data.....4.........................@....pdata..@........ .................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\product-def.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1328262
                                                                                                                                                                                                                                                  Entropy (8bit):5.392938987790726
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:12288:cwUVl9zvHIiRDSkcu2vlETMoB9SebjSkYu:cwUpAkGu2vlETM1ebjPYu
                                                                                                                                                                                                                                                  MD5:EB07DF8DD82F53102E8D11BBBC710BB3
                                                                                                                                                                                                                                                  SHA1:27496ABC3727699B049941D8D601F4C3D3942088
                                                                                                                                                                                                                                                  SHA-256:6B80FA1F82216A58BDC872DE1A8E2CF9D2C485D135CF3414B797D58EA9354FA4
                                                                                                                                                                                                                                                  SHA-512:25A4D798601A7CDDE6869B3B8BC01258F4FB98E11DC49A0A531FE7CCE39CE1FBCFE609AC0B67C849E2BA37A558C7DFA7B600E39DFC8F7318BFFE3509A7EFD406
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" ?>.<product name="avg-av">..<product-defs>...<config>....<install-folder name="Antivirus"/>....<program-data-folder name="Antivirus"/>....<registry-key name="Antivirus"/>....<full-name name="AVG Antivirus"/>....<languages>.....<lang>en-us</lang>.....<lang>cs-cz</lang>.....<lang>da-dk</lang>.....<lang>de-de</lang>.....<lang>es-es</lang>.....<lang>fi-fi</lang>.....<lang>fr-fr</lang>.....<lang>hu-hu</lang>.....<lang>id-id</lang>.....<lang>it-it</lang>.....<lang>ja-jp</lang>.....<lang>ko-kr</lang>.....<lang>ms-my</lang>.....<lang>nb-no</lang>.....<lang>nl-nl</lang>.....<lang>pl-pl</lang>.....<lang>pt-br</lang>.....<lang>pt-pt</lang>.....<lang>ru-ru</lang>.....<lang>sk-sk</lang>.....<lang>sr-sp</lang>.....<lang>sv-se</lang>.....<lang>tr-tr</lang>.....<lang>zh-cn</lang>.....<lang>zh-tw</lang>....</languages>...</config>...<vars>....<var name="%V_PRODUCT_PREFIX%">.....<desc lang="en-us">avg</desc>....</var>....<var name="%V_AV_SVC_MODULE%">.....<desc lang="en-us">AVGSvc.ex

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\product-info.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):9546
                                                                                                                                                                                                                                                  Entropy (8bit):5.274796830995219
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:192:dO7aJi/aMbmNyyVlMoyZfsUzbmx43/wXnqlcoV0eU7USsOdSIu2EWUYusO4:dUyMmNy0uT1zjyeQeOIxtWUzB4
                                                                                                                                                                                                                                                  MD5:A34AD82C753D71407866D9A538B50B9C
                                                                                                                                                                                                                                                  SHA1:3C902044E1124DB647E157E50DBA71EEC20C02F0
                                                                                                                                                                                                                                                  SHA-256:6DD5A2E60BB46B3BF14A25CC382AD8506FC833DF411BFE64BCBA89A16BE2B41E
                                                                                                                                                                                                                                                  SHA-512:12890040EE507EB29ADB45EDE7DE7B6F1379F0B9C86BDBCEDB8D09B6F84F71C5820CEF36F4245D8DC605E9FD42BAA24112AA5F44F25B63F27E7C5095B4401C77
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" ?>.<product-info xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="product-info.xsd">..<name>avg-av</name>..<version>24.12.9725.2390</version>..<build-time>1734372882</build-time>..<setup-files>...<file>....<conditions>.....<os platform="x86"/>....</conditions>....<name>icarus.exe</name>....<src-id>69c9de9f0cc9cc846d44e8b9a42de17d93f4cde9ffcf7a10d1dff69c4cef0c1f</src-id>....<sha-256>832f5604ec5e0a80e5c49dce4a6a23fd3864c423876ec26b6b398411dd15d81f</sha-256>....<timestamp>1734372793</timestamp>....<size>7469384</size>...</file>...<file>....<conditions>.....<os platform="x64"/>....</conditions>....<name>icarus.exe</name>....<src-id>cfab5808bd7503ee1aff23b54d5a98a557524fa453762afa10b90e4b7ca6af95</src-id>....<sha-256>3ba8fbac3885aa994b335c77d2f1544c6a87420edc8b0f047b3e46cb527223b1</sha-256>....<timestamp>1734372794</timestamp>....<size>8425288</size>...</file>...<file>....<conditions>.....<os platform="arm64"/>....</conditions>....<nam

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\setupui.cont

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:XZ compressed data, checksum CRC32
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):388896
                                                                                                                                                                                                                                                  Entropy (8bit):7.999454561919189
                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                  SSDEEP:6144:cZv1wTLXngkaPp4+eKpqIf+DiqKojxEoiG9jnFgoh5EDgBE+1qPl03uuARWAgTMr:c91wH5STqIf+DiCeM1h5EDsqPKeuAxK0
                                                                                                                                                                                                                                                  MD5:76344DB87A002E2F8A2D60D4D6EC96D9
                                                                                                                                                                                                                                                  SHA1:CE2A7412E2CDB002AB70D14AF4BD25E752B6FEC6
                                                                                                                                                                                                                                                  SHA-256:F6C29C470A756F71F14AD40453E27AA8E141BD3443B84483C733C282EACC8F7F
                                                                                                                                                                                                                                                  SHA-512:638B7F3854D5ED38924ED5E6C953F986D941460BC5DC3A45A86F741473221473E25988D8DCA0E62D5EB34254CA8E55B44249D86FFCDAD95028DBC18183CCA23E
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:.7zXZ...i".6..!.....F.;...2..].0...?..Lm.K%. .6.X.....L.@#........EG.K._<.g...._...m.D.d...S:4.4J..k...._.B.x...e..E.nT..a...d)$.#...A.....U...i.R.....t..R....D2/!.Y5.......X..yD...*9}I.LN......./5.\Rm....hl~_.n..O.....>....-.~..0..4JO..!.........(.t.O"..D1.u,.>;.FW.^.o......W.n.....b...."...4....M.....k...H.......b...1...&4..<wO....*.j.:...M..i.$.../..U...eN.(.J..H5+.o.g.l0..n....s0...m...T...>..}woH.Y.P.........{l..s.."4.I..rg..\....8.W+H.xur..)M1.Lk.y.g..lT.N...."....\wX.5........2./.=.9..l...PI.o.h..GpTO.4.|":.........6c......X..{?.....Od.r7...Z.1KQx2.....!.C."Y..p+.(..d..<x[.1......<.6.\..c....V......0iQ..b-..i..{........[d.u1k........)...U......U.'?[P/=.3F..........)*g._..N...{.,f..c...n.-...x2.F`>+$ea.....s0..}..d|`......@.h.......i..tt..h*I"C....B.~....o..jc.>KP.QdqYK..@=.....cr..{.1....X.........[S.q.. ..`...l2.%".D.\-..xm......+.Hk.....N..S.G....p*.u~...Ph.?....|.Z ............_...........).....>.u...wRV..?._.....y.!VS.;|.

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\ecoo.edat

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21
                                                                                                                                                                                                                                                  Entropy (8bit):3.422577995321604
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                                                                                                  MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                                                                                                  SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                                                                                                  SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                                                                                                  SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\icarus-info.xml

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):2044
                                                                                                                                                                                                                                                  Entropy (8bit):5.404263805657324
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:cEYpodGUS42A+l7fllyhlX/AaTbVRKp2lEkIM:0irWA+l7flohlX/AkbVS2FIM
                                                                                                                                                                                                                                                  MD5:ECBBC5B1FCEFCA8BC1BE027A691FFA2E
                                                                                                                                                                                                                                                  SHA1:C9A2EE972F78DECAF5A19BDA8D8A9805E03633A1
                                                                                                                                                                                                                                                  SHA-256:526A56B7EC8AD3C27C43E96FBF7FF672385F055D135FB614357FE466645FB37F
                                                                                                                                                                                                                                                  SHA-512:9D485ADCAADF7FF9D17046FC47D5D34D5CA8134B19B7F40941D94AF28096CFF5D3B40CB5546F4E4C7B981E02897CD78E535D0A4C2F68647E36EFEE930BD2DC5F
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>.<icarus-info xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">..<file-mapping-sfx>...<handle>284</handle>...<size>1691384</size>..</file-mapping-sfx>..<file-list>...<file>....<alias>sfx-info.xml</alias>....<sha-256>e3ec3a7d2fad564b9481017e1adbe5057a2a0cf8a48f339433e56443adcfb14f</sha-256>....<offset>1670726</offset>....<size>803</size>....<timestamp>1734522436</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av/edition.edat</alias>....<sha-256>e629fa6598d732768f7c726b4b621285f9c3b85303900aa912017db7617d8bdb</sha-256>....<offset>1671606</offset>....<size>2</size>....<timestamp>1734522436</timestamp>....<flags>0</flags>...</file>...<file>....<alias>avg-av/config.def.edat</alias>....<sha-256>267481c5c3ff66ec6dda02134b1216d85c12470555581f92b423a29c91db547a</sha-256>....<offset>1671688</offset>....<size>8555</size>....<timestamp>1734522278</timestamp>....<flags>1</flags>...</file>..</file-list>..<sfx-dir>C:\Windows\Temp\asw.7a5bfd1c

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1691384
                                                                                                                                                                                                                                                  Entropy (8bit):6.7745330741667
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24576:dfoyR/GATYvXlTwDljYotFh8OQgxqIFlrhUcPlCbh0lhSMXli8zlo4e4zWKM7:dfJpGATYvXAxFPKIF3TPlCqZ5e4aK
                                                                                                                                                                                                                                                  MD5:6EBB043BC04784DBC6DF3F4C52391CD0
                                                                                                                                                                                                                                                  SHA1:D3975382239D916AED32AFE37A32623781450759
                                                                                                                                                                                                                                                  SHA-256:A599608AA42D0E334E6001CC9B90C0A0672F506B9459246F4A7B53D4AC5D2410
                                                                                                                                                                                                                                                  SHA-512:96653F518EB6B8AFFBCA0A1DBA61A8D1E5BD49FAD12AE11D605550B35A50814FC81BEF9A383C0659723D8421C71DF90B64E6CB238A60659A2DF85CA5DB28119D
                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......c.R.'.<.'.<.'.<...?.(.<...9...<.!T..#.<.!T8.1.<.!T?.;.<.!T9.K.<...8.>.<.l.=.!.<..8...<.....%.<..9.&.<.'.<.+.<...;.&.<...=.6.<.'.=...<.MT5...<.MT<.&.<.MT.&.<.'..$.<.MT>.&.<.Rich'.<.........................PE..L... BHg...............&.(...................@....@..................................(....@..........................z.......{..........Hr...............+......t....................................M..@............@.......v.......................text....'.......(.................. ..`.rdata..LY...@...Z...,..............@..@.data...............................@....didat..T............2..............@....rsrc...Hr.......t...4..............@..@.reloc..t...........................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\asw.7a5bfd1c0a21df2c\ecoo.edat

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):21
                                                                                                                                                                                                                                                  Entropy (8bit):3.422577995321604
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:1HRcMK:5RU
                                                                                                                                                                                                                                                  MD5:3F44A3C655AC2A5C3AB32849ECB95672
                                                                                                                                                                                                                                                  SHA1:93211445DCF90BB3200ABE3902C2A10FE2BAA8E4
                                                                                                                                                                                                                                                  SHA-256:51516A61A1E25124173DEF4EF68A6B8BABEDC28CA143F9EEE3E729EBDC1EF31F
                                                                                                                                                                                                                                                  SHA-512:D3F95262CF3E910DD707DFEEF8D2E9DB44DB76B2A13092D238D0145C822D87A529CA58CCBB24995DFCF6DAD1FFC8CED6D50948BB550760CD03049598C6943BC0
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:mmm_irs_ppi_902_451_o

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF0BC57BEF5BF38D27.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):69632
                                                                                                                                                                                                                                                  Entropy (8bit):0.09960160716856029
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:24:NkQpN8l5ipVvipVJVgd85apG2ZkiI0+Ed85m:Nk0N8l5S9S7qdTLI07d
                                                                                                                                                                                                                                                  MD5:AAD7F101E8EF1BA50E0DD3C36BD3D671
                                                                                                                                                                                                                                                  SHA1:72900EF27C9E930A8F928E0D441C64556100A8E1
                                                                                                                                                                                                                                                  SHA-256:E0A4B724993D96B24B81FA9440F2151A2D79D1A4C5E0E52DD83748B1D0DEA1E0
                                                                                                                                                                                                                                                  SHA-512:5B981904CE2A6A31A9F770CC1C797C4788DCC660C46F3CC0F529A8C3CEB813E519B93ADD57E9E268DB1D19ED63E2D721349F75A98D4659703F57A998E25D979E
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF43793CE877BBE5FC.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.4544937098006108
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:I8PhNuRc06WX4UnT5odaMIbS7qdTCSIN8lgk:XhN1knTZbb+k
                                                                                                                                                                                                                                                  MD5:5FEFE211FC42C4069DDF87315A2EEF67
                                                                                                                                                                                                                                                  SHA1:57C61A950D86F3E0DCE679BE3A15F6E5056729F1
                                                                                                                                                                                                                                                  SHA-256:EAF27B7C9A6DD9A525D93AD1D3DDAF63812B10932E5431CFEF3EA80AD968E9B2
                                                                                                                                                                                                                                                  SHA-512:B1995D7B0263A17BFF928C1AB3061B86F95A0AC6AC6AA53872E9E6A5AAEA1ADADB6F918468592C81E9ECCD54FE02EB254962BFA9EE998B61D2D74051033A10DC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF604F18CCD73DE336.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):1.1723753834303525
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:yW1unZM+xFX4rT5ZdaMIbS7qdTCSIN8lgk:N1goTQbb+k
                                                                                                                                                                                                                                                  MD5:93EFE6F1271BCFB5DFA78DC610B26342
                                                                                                                                                                                                                                                  SHA1:BA0E9052F3B3A0C0CFF7BD3CFC8E94431DC2770E
                                                                                                                                                                                                                                                  SHA-256:CACE58A4AF1B77E5B86AA4A8396ED4D9B2B08608602082B74A9081361BAAB591
                                                                                                                                                                                                                                                  SHA-512:74F9C5B8040CCB5E1DC7E8A977DF5425F36D07EDD4DAC2E9375EEBFE32BE827E91B8448EB59BE860FF85DFF4EF0C264EA639E12F70623C2FD8FFD65701B3F042
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF7113F95D2FEF4F9D.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):1.1723753834303525
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:yW1unZM+xFX4rT5ZdaMIbS7qdTCSIN8lgk:N1goTQbb+k
                                                                                                                                                                                                                                                  MD5:93EFE6F1271BCFB5DFA78DC610B26342
                                                                                                                                                                                                                                                  SHA1:BA0E9052F3B3A0C0CFF7BD3CFC8E94431DC2770E
                                                                                                                                                                                                                                                  SHA-256:CACE58A4AF1B77E5B86AA4A8396ED4D9B2B08608602082B74A9081361BAAB591
                                                                                                                                                                                                                                                  SHA-512:74F9C5B8040CCB5E1DC7E8A977DF5425F36D07EDD4DAC2E9375EEBFE32BE827E91B8448EB59BE860FF85DFF4EF0C264EA639E12F70623C2FD8FFD65701B3F042
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF778812C0E92DCF1B.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFA146F1E4872FDDDF.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFA3FCB2D1E2F55A7D.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                  Entropy (8bit):1.4544937098006108
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:I8PhNuRc06WX4UnT5odaMIbS7qdTCSIN8lgk:XhN1knTZbb+k
                                                                                                                                                                                                                                                  MD5:5FEFE211FC42C4069DDF87315A2EEF67
                                                                                                                                                                                                                                                  SHA1:57C61A950D86F3E0DCE679BE3A15F6E5056729F1
                                                                                                                                                                                                                                                  SHA-256:EAF27B7C9A6DD9A525D93AD1D3DDAF63812B10932E5431CFEF3EA80AD968E9B2
                                                                                                                                                                                                                                                  SHA-512:B1995D7B0263A17BFF928C1AB3061B86F95A0AC6AC6AA53872E9E6A5AAEA1ADADB6F918468592C81E9ECCD54FE02EB254962BFA9EE998B61D2D74051033A10DC
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFAA28AE98305F4C7F.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFBBFE07102F4B8DA6.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):0.07728575714935673
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOpIWzraCtjBER9J1iVky6l51:2F0i8n0itFzDHFiqjBER9JTr
                                                                                                                                                                                                                                                  MD5:87FC8CE0A19F2A7AE5AB2EDCB62F907D
                                                                                                                                                                                                                                                  SHA1:B370BCD4C62ADFEB1F140C1524ECEA12B310707C
                                                                                                                                                                                                                                                  SHA-256:AB970EEF0513B00293AAD24A43E25E9101B5220FB59291752E63E2841A35E9EA
                                                                                                                                                                                                                                                  SHA-512:CEA19F21C4393A92BED63D2E3ADDF97C7C0932F4844935F1F0DA5F337D8EC206138C0D01D0002ADDEB4282981C58221640163AF724FF9231B3E9F1B48B23E3EE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFDC8690A8055257E6.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFF9A36EBC825BC97F.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                  Entropy (8bit):1.1723753834303525
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:48:yW1unZM+xFX4rT5ZdaMIbS7qdTCSIN8lgk:N1goTQbb+k
                                                                                                                                                                                                                                                  MD5:93EFE6F1271BCFB5DFA78DC610B26342
                                                                                                                                                                                                                                                  SHA1:BA0E9052F3B3A0C0CFF7BD3CFC8E94431DC2770E
                                                                                                                                                                                                                                                  SHA-256:CACE58A4AF1B77E5B86AA4A8396ED4D9B2B08608602082B74A9081361BAAB591
                                                                                                                                                                                                                                                  SHA-512:74F9C5B8040CCB5E1DC7E8A977DF5425F36D07EDD4DAC2E9375EEBFE32BE827E91B8448EB59BE860FF85DFF4EF0C264EA639E12F70623C2FD8FFD65701B3F042
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFFEDE59BFA44DCD6C.TMP

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):1835008
                                                                                                                                                                                                                                                  Entropy (8bit):4.463152621017014
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:6144:AIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN2dwBCswSbn:FXD94+WlLZMM6YFHg+n
                                                                                                                                                                                                                                                  MD5:645BB9F94DF3BD16FD9EC05989DA7B79
                                                                                                                                                                                                                                                  SHA1:F4C5A634D6A21A70BC8C8A65FC6CE5A6E07C6DEB
                                                                                                                                                                                                                                                  SHA-256:DE37453C20DC27B08E680B4A58730E78A4923BC0FFFC86608151EAD8A4AE202F
                                                                                                                                                                                                                                                  SHA-512:F3127EB6BAAF4225179A1B28FDA2E67447E5546C1D950C661652787BFE41A2B42CC35DDF5D1BB7B7468F8CE63BD8C7D90581598DADA0BD854EC3110FF7D47E93
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm>...fU..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                  \Device\ConDrv

                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                  Size (bytes):148
                                                                                                                                                                                                                                                  Entropy (8bit):4.906627163124873
                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                  SSDEEP:3:SKpJOLz3WF+RUepJVcFLzBVZEIIt+kiE2J5xAIzInoxB5dsHeL4AcXOFuun:wL73CepJK3jZhIwkn23fzICPGHeLNcXm
                                                                                                                                                                                                                                                  MD5:3F8A271C38E336D51B02EC9B4F784627
                                                                                                                                                                                                                                                  SHA1:0C2429F61CAEC6B0B1C84925FC58D00201CD28C3
                                                                                                                                                                                                                                                  SHA-256:262C8CD5BA1CE83F1AF14D2E07A14264FBA6CD5C2ED00EE04329D38F41AB6AA6
                                                                                                                                                                                                                                                  SHA-512:4D1A716E5E18157BBD459EC931091C0F1AF322F081AC5E9B5AA81971225BE225C06633CE0FC63A70F749A2BD7843EADE1E4817709A8E8494AD51E8792D7A32DA
                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                  Preview:The following command was not found: firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe qBittorrent ENABLE...

                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                  Entropy (8bit):7.984915995325627
                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                                                                                  • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                                                                                  • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                                                                                  • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                                                  File name:Violated Heroine_91zbZ-1.exe
                                                                                                                                                                                                                                                  File size:14'472'936 bytes
                                                                                                                                                                                                                                                  MD5:6e4c8f2488186375ecc5701ae74a2a19
                                                                                                                                                                                                                                                  SHA1:f4765471feb517088c50a085f75264bd43b17b07
                                                                                                                                                                                                                                                  SHA256:d45e8203cd5398582a2a13d7f1f4caf7bab60fa6db19db24a2ae99efb0b2fbbc
                                                                                                                                                                                                                                                  SHA512:4ccd80ba67e037947736f3fbb774efa4a293c53fdba8c23c6f1ec0b3fba2deed1950a638e8f53cc80fa09505f84a4c6fadf899750e1c3640fe53348d96733501
                                                                                                                                                                                                                                                  SSDEEP:393216:wBBTeN30LpEiSCC9XSpIFwah3RuINhkUWgyL:AtwkLps9Xhrhhuahkdh
                                                                                                                                                                                                                                                  TLSH:3DE6333FB2A8A23FD56E0B3149B39250593B77A5795A8C1E07F0480DDF6A0611F3BB25
                                                                                                                                                                                                                                                  File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                  Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Entrypoint:0x4b5eec
                                                                                                                                                                                                                                                  Entrypoint Section:.itext
                                                                                                                                                                                                                                                  Digitally signed:true
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                  Time Stamp:0x5FB0F96E [Sun Nov 15 09:48:30 2020 UTC]
                                                                                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                                                                                  OS Version Minor:1
                                                                                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                                                                                  File Version Minor:1
                                                                                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                                                                                  Subsystem Version Minor:1
                                                                                                                                                                                                                                                  Import Hash:5a594319a0d69dbc452e748bcf05892e

                                                                                                                                                                                                                                                  Authenticode Signature

                                                                                                                                                                                                                                                  Signature Valid:true
                                                                                                                                                                                                                                                  Signature Issuer:CN=Sectigo Public Code Signing CA R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                                                                                  Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                  Error Number:0
                                                                                                                                                                                                                                                  Not Before, Not After
                                                                                                                                                                                                                                                  • 24/03/2024 20:00:00 25/03/2025 19:59:59
                                                                                                                                                                                                                                                  Subject Chain
                                                                                                                                                                                                                                                  • CN=MECHA MANGA - FZCO, O=MECHA MANGA - FZCO, S=Dubai, C=AE
                                                                                                                                                                                                                                                  Version:3
                                                                                                                                                                                                                                                  Thumbprint MD5:1A2E39E8F90F5FF6D22AD9098F5518F1
                                                                                                                                                                                                                                                  Thumbprint SHA-1:1F3CCE31883C9EF47711A1EE96294E479CE69CFB
                                                                                                                                                                                                                                                  Thumbprint SHA-256:42B420F3B7BB52249C84BFDABF29C9D4B5978803163B451821B2501ACB042115
                                                                                                                                                                                                                                                  Serial:3B1955CFEAA2C9C392292E00287D4A6C

                                                                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                                                                  add esp, FFFFFFA4h
                                                                                                                                                                                                                                                  push ebx
                                                                                                                                                                                                                                                  push esi
                                                                                                                                                                                                                                                  push edi
                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                  mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                                                                                  mov dword ptr [ebp-40h], eax
                                                                                                                                                                                                                                                  mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                                                                                  mov dword ptr [ebp-30h], eax
                                                                                                                                                                                                                                                  mov dword ptr [ebp-38h], eax
                                                                                                                                                                                                                                                  mov dword ptr [ebp-34h], eax
                                                                                                                                                                                                                                                  mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                                                                                  mov dword ptr [ebp-28h], eax
                                                                                                                                                                                                                                                  mov dword ptr [ebp-14h], eax
                                                                                                                                                                                                                                                  mov eax, 004B10F0h
                                                                                                                                                                                                                                                  call 00007F49E4D23FF5h
                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  push 004B65E2h
                                                                                                                                                                                                                                                  push dword ptr fs:[eax]
                                                                                                                                                                                                                                                  mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                                                  xor edx, edx
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  push 004B659Eh
                                                                                                                                                                                                                                                  push dword ptr fs:[edx]
                                                                                                                                                                                                                                                  mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                                  mov eax, dword ptr [004BE634h]
                                                                                                                                                                                                                                                  call 00007F49E4DC671Fh
                                                                                                                                                                                                                                                  call 00007F49E4DC6272h
                                                                                                                                                                                                                                                  lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                                                                                  call 00007F49E4D39A68h
                                                                                                                                                                                                                                                  mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                                                                                  mov eax, 004C1D84h
                                                                                                                                                                                                                                                  call 00007F49E4D1EBE7h
                                                                                                                                                                                                                                                  push 00000002h
                                                                                                                                                                                                                                                  push 00000000h
                                                                                                                                                                                                                                                  push 00000001h
                                                                                                                                                                                                                                                  mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                                                                                  mov dl, 01h
                                                                                                                                                                                                                                                  mov eax, dword ptr [004237A4h]
                                                                                                                                                                                                                                                  call 00007F49E4D3AACFh
                                                                                                                                                                                                                                                  mov dword ptr [004C1D88h], eax
                                                                                                                                                                                                                                                  xor edx, edx
                                                                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                                                                  push 004B654Ah
                                                                                                                                                                                                                                                  push dword ptr fs:[edx]
                                                                                                                                                                                                                                                  mov dword ptr fs:[edx], esp
                                                                                                                                                                                                                                                  call 00007F49E4DC67A7h
                                                                                                                                                                                                                                                  mov dword ptr [004C1D90h], eax
                                                                                                                                                                                                                                                  mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                                  cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                                                                                  jne 00007F49E4DCCD8Ah
                                                                                                                                                                                                                                                  mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                                                                                  mov edx, 00000028h
                                                                                                                                                                                                                                                  call 00007F49E4D3B3C4h
                                                                                                                                                                                                                                                  mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xf36.idata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x47a0.rsrc
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0xdcab380x2bb0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0xc22e40x244.idata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                  Sections

                                                                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                  .text0x10000xb361c0xb3800ad6e46e3a3acdb533eb6a077f6d065afFalse0.3448639341051532data6.356058204328091IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .itext0xb50000x16880x1800d40fc822339d01f2abcc5493ac101c94False0.544921875data5.972750055221053IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .data0xb70000x37a40x38004c195d5591f6d61265df08a3733de3a2False0.36097935267857145data5.044400562007734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .idata0xc20000xf360x1000a73d686f1e8b9bb06ec767721135e397False0.3681640625data4.8987046479600425IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .didata0xc30000x1a40x20041b8ce23dd243d14beebc71771885c89False0.345703125data2.7563628682496506IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .edata0xc40000x9a0x20037c1a5c63717831863e018c0f51dabb7False0.2578125data1.8722228665884297IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                  .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                  .rsrc0xc70000x47a00x4800f650003280cd8edcb0c3855622bffe3bFalse0.3184136284722222data4.521124879067257IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                  Resources

                                                                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                  RT_ICON0xc74f80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4637096774193548
                                                                                                                                                                                                                                                  RT_ICON0xc77e00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5912162162162162
                                                                                                                                                                                                                                                  RT_ICON0xc79080x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.3935018050541516
                                                                                                                                                                                                                                                  RT_ICON0xc81b00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4486994219653179
                                                                                                                                                                                                                                                  RT_ICON0xc87180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5912162162162162
                                                                                                                                                                                                                                                  RT_STRING0xc88400x360data0.34375
                                                                                                                                                                                                                                                  RT_STRING0xc8ba00x260data0.3256578947368421
                                                                                                                                                                                                                                                  RT_STRING0xc8e000x45cdata0.4068100358422939
                                                                                                                                                                                                                                                  RT_STRING0xc925c0x40cdata0.3754826254826255
                                                                                                                                                                                                                                                  RT_STRING0xc96680x2d4data0.39226519337016574
                                                                                                                                                                                                                                                  RT_STRING0xc993c0xb8data0.6467391304347826
                                                                                                                                                                                                                                                  RT_STRING0xc99f40x9cdata0.6410256410256411
                                                                                                                                                                                                                                                  RT_STRING0xc9a900x374data0.4230769230769231
                                                                                                                                                                                                                                                  RT_STRING0xc9e040x398data0.3358695652173913
                                                                                                                                                                                                                                                  RT_STRING0xca19c0x368data0.3795871559633027
                                                                                                                                                                                                                                                  RT_STRING0xca5040x2a4data0.4275147928994083
                                                                                                                                                                                                                                                  RT_RCDATA0xca7a80x10data1.5
                                                                                                                                                                                                                                                  RT_RCDATA0xca7b80x2c4data0.6384180790960452
                                                                                                                                                                                                                                                  RT_RCDATA0xcaa7c0x2cdata1.25
                                                                                                                                                                                                                                                  RT_GROUP_ICON0xcaaa80x4cdataEnglishUnited States0.75
                                                                                                                                                                                                                                                  RT_VERSION0xcaaf40x584dataEnglishUnited States0.28257790368271957
                                                                                                                                                                                                                                                  RT_MANIFEST0xcb0780x726XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4005464480874317

                                                                                                                                                                                                                                                  Imports

                                                                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                                                                  kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                                                                                  comctl32.dllInitCommonControls
                                                                                                                                                                                                                                                  version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                                                                                  user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                                                                                  oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                                                                                  netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                                                                                  advapi32.dllRegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                                                                                  Exports

                                                                                                                                                                                                                                                  NameOrdinalAddress
                                                                                                                                                                                                                                                  TMethodImplementationIntercept30x454060
                                                                                                                                                                                                                                                  __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                                                                                  dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                  Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                  Start time:13:13:50
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe"
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  File size:14'472'936 bytes
                                                                                                                                                                                                                                                  MD5 hash:6E4C8F2488186375ECC5701AE74A2A19
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                  Start time:13:13:51
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-OUIUL.tmp\Violated Heroine_91zbZ-1.tmp" /SL5="$1040C,13566766,780800,C:\Users\user\Desktop\Violated Heroine_91zbZ-1.exe"
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  File size:3'025'328 bytes
                                                                                                                                                                                                                                                  MD5 hash:B1F49F39D06B2CFDF18C9C19DAAA4C4F
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                  Start time:13:14:45
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe" /affid 91088 PaidDistribution=true CountryCode=US
                                                                                                                                                                                                                                                  Imagebase:0x330000
                                                                                                                                                                                                                                                  File size:1'184'128 bytes
                                                                                                                                                                                                                                                  MD5 hash:143255618462A577DE27286A272584E1
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                  Start time:13:14:48
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod1_extract\avg_antivirus_free_setup.exe" /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU
                                                                                                                                                                                                                                                  Imagebase:0xc20000
                                                                                                                                                                                                                                                  File size:234'936 bytes
                                                                                                                                                                                                                                                  MD5 hash:26816AF65F2A3F1C61FB44C682510C97
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                  Start time:13:14:50
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod2_extract\norton_secure_browser_setup.exe" /s /make-default /run_source="norton_ppi_is"
                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                  File size:5'727'368 bytes
                                                                                                                                                                                                                                                  MD5 hash:F269C5140CBC0E376CC7354A801DDD16
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                  Start time:13:14:53
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Windows\Temp\asw.7a5bfd1c0a21df2c\avg_antivirus_free_online_setup.exe" /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /ga_clientid:572539a1-d07f-4197-bf4d-89a74f87a492 /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c
                                                                                                                                                                                                                                                  Imagebase:0x860000
                                                                                                                                                                                                                                                  File size:1'691'384 bytes
                                                                                                                                                                                                                                                  MD5 hash:6EBB043BC04784DBC6DF3F4C52391CD0
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                  Start time:13:14:56
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"netsh" firewall add allowedprogramC:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe "qBittorrent" ENABLE
                                                                                                                                                                                                                                                  Imagebase:0x1560000
                                                                                                                                                                                                                                                  File size:82'432 bytes
                                                                                                                                                                                                                                                  MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                  Start time:13:14:56
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                  Start time:13:14:57
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\qbittorrent.exe" magnet:?xt=urn:btih:8B023433BB140CC755C6B8166CDE023DB44FCFA7
                                                                                                                                                                                                                                                  Imagebase:0xf70000
                                                                                                                                                                                                                                                  File size:23'891'968 bytes
                                                                                                                                                                                                                                                  MD5 hash:22A34900ADA67EAD7E634EB693BD3095
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                  Start time:13:14:57
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                  Start time:13:14:59
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\nsz2A4F.tmp\NortonBrowserUpdateSetup.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:NortonBrowserUpdateSetup.exe /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
                                                                                                                                                                                                                                                  Imagebase:0x70000
                                                                                                                                                                                                                                                  File size:1'910'576 bytes
                                                                                                                                                                                                                                                  MD5 hash:2B07E26D3C33CD96FA825695823BBFA7
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                  Start time:13:15:02
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\GUM4AA6.tmp\NortonBrowserUpdate.exe" /silent /install "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome"
                                                                                                                                                                                                                                                  Imagebase:0x9a0000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                  Start time:13:15:03
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                                                                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                                  Start time:13:15:03
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6692 -ip 6692
                                                                                                                                                                                                                                                  Imagebase:0xd50000
                                                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:17
                                                                                                                                                                                                                                                  Start time:13:15:04
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 964
                                                                                                                                                                                                                                                  Imagebase:0xd50000
                                                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                                                                                  Start time:13:15:07
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regsvc
                                                                                                                                                                                                                                                  Imagebase:0x380000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                                  Start time:13:15:08
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /regserver
                                                                                                                                                                                                                                                  Imagebase:0x380000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                                  Start time:13:15:08
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff676530000
                                                                                                                                                                                                                                                  File size:438'592 bytes
                                                                                                                                                                                                                                                  MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                  Start time:13:15:08
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff676530000
                                                                                                                                                                                                                                                  File size:438'592 bytes
                                                                                                                                                                                                                                                  MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                  Start time:13:15:08
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserUpdateComRegisterShell64.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff676530000
                                                                                                                                                                                                                                                  File size:438'592 bytes
                                                                                                                                                                                                                                                  MD5 hash:35BDDD897E9CF97CF4074A930F78E496
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                                  Start time:13:15:09
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /c
                                                                                                                                                                                                                                                  Imagebase:0x380000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                                  Start time:13:15:10
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ua /installsource scheduler
                                                                                                                                                                                                                                                  Imagebase:0x380000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                                  Start time:13:15:10
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /cr
                                                                                                                                                                                                                                                  Imagebase:0x380000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                                                                  Start time:13:15:10
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler.exe"
                                                                                                                                                                                                                                                  Imagebase:0x2f0000
                                                                                                                                                                                                                                                  File size:383'232 bytes
                                                                                                                                                                                                                                                  MD5 hash:1694092D5DE0E0DAEF4C5EA13EA84CAB
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                                                                  Start time:13:15:10
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /registermsihelper
                                                                                                                                                                                                                                                  Imagebase:0x380000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                                                  Start time:13:15:10
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\1.8.1649.5\NortonBrowserCrashHandler64.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff722b50000
                                                                                                                                                                                                                                                  File size:404'480 bytes
                                                                                                                                                                                                                                                  MD5 hash:09621280025727AB4CB39BD6F6B2C69E
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                                                                  Start time:13:15:10
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                  Imagebase:0x7ff6dcd90000
                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                                                                                  Start time:13:15:12
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezU4MzdCMUE1LUI3MkEtNDU2QS1CMDlGLUY2ODBFOUFCNUUwMn0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTY0OS41IiBzaGVsbF92ZXJzaW9uPSIxLjguMTY0OS41IiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0iezE5NzhDRURELUY2RUQtNDc4Qy05RDhDLTgzMTA0OEQ5REY4MH0iIHVzZXJpZD0iezBFMTk2MDUwLURBNzAtNEQyRi04MkE1LUIxQUYyOURDNjRFRn0iIHVzZXJpZF9kYXRlPSIyMDI0MTIyMyIgbWFjaGluZWlkPSJ7MDAwMDlEOTYtNkFDQS0yQzI0LTk0MDgtMTRBMDU2NEZENUJDfSIgbWFjaGluZWlkX2RhdGU9IjIwMjQxMjIzIiBpbnN0YWxsc291cmNlPSJvdGhlcmluc3RhbGxjbWQiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezczRTFDMDhDLTNBMzQtNDVCNi04OTY1LTZDMEZFQzlFMDgwRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS4yMDA2IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NTgzN0IxQTUtQjcyQS00NTZBLUIwOUYtRjY4MEU5QUI1RTAyfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS44LjE2NDkuNSIgbGFuZz0iZW4tR0IiIGJyYW5kPSIyOTIzOSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNjUzOCIvPjwvYXBwPjwvcmVxdWVzdD4
                                                                                                                                                                                                                                                  Imagebase:0x380000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                                                                                  Start time:13:15:13
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /handoff "bundlename=Norton Private Browser&appguid={3A3642E6-DE46-4F68-9887-AA017EEFE426}&appname=Norton Private Browser&needsadmin=true&lang=en-GB&brand=29239&installargs=--no-create-user-shortcuts --make-chrome-default --force-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome" /installsource otherinstallcmd /sessionid "{1978CEDD-F6ED-478C-9D8C-831048D9DF80}" /silent
                                                                                                                                                                                                                                                  Imagebase:0x380000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                                                                  Start time:13:15:13
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /svc
                                                                                                                                                                                                                                                  Imagebase:0x380000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                                                                  Start time:13:15:23
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\Norton\Browser\Update\NortonBrowserUpdate.exe" /uninstall
                                                                                                                                                                                                                                                  Imagebase:0x380000
                                                                                                                                                                                                                                                  File size:440'608 bytes
                                                                                                                                                                                                                                                  MD5 hash:BF8FE62DBCD949547AF37EEE4ECE61FC
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                                                                                  Start time:13:15:34
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\icarus-info.xml /install /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492
                                                                                                                                                                                                                                                  Imagebase:0x7ff77ce80000
                                                                                                                                                                                                                                                  File size:8'425'288 bytes
                                                                                                                                                                                                                                                  MD5 hash:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                                                                                  Start time:13:15:56
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av\icarus.exe /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av_slave_ep_f4b941a1-dca3-4c7d-a54f-a0d09edff664 /slave:avg-av
                                                                                                                                                                                                                                                  Imagebase:0x7ff671680000
                                                                                                                                                                                                                                                  File size:8'425'288 bytes
                                                                                                                                                                                                                                                  MD5 hash:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                                                                                  Start time:13:15:56
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:C:\Windows\Temp\asw-30db408d-3f45-45f8-9fd6-a29cee9aa0ee\avg-av-vps\icarus.exe /silent /ws /psh:92pTu5hwBbK24uXiaw3MEGMz4I1zgKfNGVwJiNoWBSvHOaYDe41JkZQaBKrq9dkr7tWDBRPytz31vU /cookie:mmm_irs_ppi_902_451_o /edat_dir:C:\Windows\Temp\asw.7a5bfd1c0a21df2c /track-guid:572539a1-d07f-4197-bf4d-89a74f87a492 /er_master:master_ep_039cca48-79ed-481b-8a26-06a4eea4f584 /er_ui:ui_ep_68a0db07-d995-4b3b-bbc5-aa42d4ac403e /er_slave:avg-av-vps_slave_ep_af387ac7-fcda-4980-9da1-7e333e1d25e3 /slave:avg-av-vps
                                                                                                                                                                                                                                                  Imagebase:0x7ff79e160000
                                                                                                                                                                                                                                                  File size:8'425'288 bytes
                                                                                                                                                                                                                                                  MD5 hash:A1FFFE3E9589CCFE629EB653F704A659
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                                                                                  Start time:13:15:58
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 6692 -ip 6692
                                                                                                                                                                                                                                                  Imagebase:0xd50000
                                                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:39
                                                                                                                                                                                                                                                  Start time:13:15:58
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 2604
                                                                                                                                                                                                                                                  Imagebase:0xd50000
                                                                                                                                                                                                                                                  File size:483'680 bytes
                                                                                                                                                                                                                                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:40
                                                                                                                                                                                                                                                  Start time:13:16:02
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\installer.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                                                                                                                                                                                                                                  Imagebase:0x7ff661180000
                                                                                                                                                                                                                                                  File size:23'918'680 bytes
                                                                                                                                                                                                                                                  MD5 hash:7DD0FAA9C00391333B2A12D21CA028BF
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:41
                                                                                                                                                                                                                                                  Start time:13:16:06
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\McAfee\Temp2112252202\installer.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\McAfee\Temp2112252202\installer.exe" /setOem:Affid=91088 /s /thirdparty /upgrade
                                                                                                                                                                                                                                                  Imagebase:0x7ff6645e0000
                                                                                                                                                                                                                                                  File size:3'079'968 bytes
                                                                                                                                                                                                                                                  MD5 hash:9B6FDFBC11B51E810F01598730A002F4
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                  Target ID:42
                                                                                                                                                                                                                                                  Start time:13:16:22
                                                                                                                                                                                                                                                  Start date:23/12/2024
                                                                                                                                                                                                                                                  Path:C:\Program Files\McAfee\WebAdvisor\servicehost.exe
                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                  Commandline:"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
                                                                                                                                                                                                                                                  Imagebase:0x7ff6ddf10000
                                                                                                                                                                                                                                                  File size:926'176 bytes
                                                                                                                                                                                                                                                  MD5 hash:F7C7039D19E16D05B6194D74E128DFE4
                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                                                                    Execution Coverage:7.1%
                                                                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                    Signature Coverage:11.8%
                                                                                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                                                                                    Total number of Limit Nodes:49
                                                                                                                                                                                                                                                    execution_graph 83875 394db8 83876 394da7 83875->83876 83876->83875 83878 3a293c 83876->83878 83904 3a269d 83878->83904 83881 3a29a9 83882 3a28da DloadReleaseSectionWriteAccess 8 API calls 83881->83882 83883 3a29b4 RaiseException 83882->83883 83900 3a2ba2 83883->83900 83884 3a2a45 LoadLibraryExA 83885 3a2a58 GetLastError 83884->83885 83886 3a2aa6 83884->83886 83887 3a2a6b 83885->83887 83888 3a2a81 83885->83888 83890 3a2ab1 FreeLibrary 83886->83890 83892 3a2ab8 83886->83892 83887->83886 83887->83888 83893 3a28da DloadReleaseSectionWriteAccess 8 API calls 83888->83893 83889 3a2b16 GetProcAddress 83894 3a2b26 GetLastError 83889->83894 83899 3a2b74 83889->83899 83890->83892 83891 3a29cd 83891->83884 83891->83886 83891->83892 83891->83899 83892->83889 83892->83899 83895 3a2a8c RaiseException 83893->83895 83896 3a2b39 83894->83896 83895->83900 83898 3a28da DloadReleaseSectionWriteAccess 8 API calls 83896->83898 83896->83899 83901 3a2b5a RaiseException 83898->83901 83910 3a28da 83899->83910 83900->83876 83902 3a269d ___delayLoadHelper2@8 7 API calls 83901->83902 83903 3a2b71 83902->83903 83903->83899 83905 3a26a9 83904->83905 83906 3a26ca 83904->83906 83918 3a2743 83905->83918 83906->83881 83906->83891 83908 3a26ae 83908->83906 83923 3a286c 83908->83923 83911 3a290e 83910->83911 83912 3a28ec 83910->83912 83911->83900 83913 3a2743 DloadReleaseSectionWriteAccess 4 API calls 83912->83913 83914 3a28f1 83913->83914 83915 3a2909 83914->83915 83916 3a286c DloadProtectSection 3 API calls 83914->83916 83930 3a2910 GetModuleHandleW GetProcAddress GetProcAddress ReleaseSRWLockExclusive DloadGetSRWLockFunctionPointers 83915->83930 83916->83915 83928 3a26d0 GetModuleHandleW GetProcAddress GetProcAddress 83918->83928 83920 3a2748 83921 3a2764 83920->83921 83922 3a2760 AcquireSRWLockExclusive 83920->83922 83921->83908 83922->83908 83924 3a2881 DloadObtainSection 83923->83924 83925 3a28bc VirtualProtect 83924->83925 83926 3a2887 83924->83926 83929 3a2782 VirtualQuery GetSystemInfo 83924->83929 83925->83926 83926->83906 83928->83920 83929->83925 83930->83911 83931 394cfa 83932 394c79 83931->83932 83933 3a293c ___delayLoadHelper2@8 16 API calls 83932->83933 83933->83932 83934 357156 84121 3b8713 83934->84121 83936 35715c codecvt 83937 3571bf 83936->83937 83947 35722a 83936->83947 84249 349bb0 InitOnceBeginInitialize 83937->84249 83942 357df1 84322 3434d0 21 API calls collate 83942->84322 83947->83942 83950 3572b4 83947->83950 83951 3572db 83947->83951 83959 35725f codecvt 83947->83959 83952 357dfc Concurrency::cancel_current_task 83950->83952 83954 3b8713 moneypunct 27 API calls 83950->83954 83955 3b8713 moneypunct 27 API calls 83951->83955 83951->83959 83956 357e01 83952->83956 83953 357200 84283 341c50 83953->84283 83954->83959 83955->83959 84323 3bd60f 83956->84323 83958 357348 83962 349bb0 125 API calls 83958->83962 83959->83956 83959->83958 83974 3573b3 83959->83974 83963 35734d 83962->83963 83967 349940 164 API calls 83963->83967 83966 357219 84288 34b8a0 83966->84288 83969 35735d 83967->83969 83971 341b84 79 API calls 83969->83971 83973 357379 83971->83973 84304 341be0 83973->84304 83974->83942 83977 357443 83974->83977 83978 35746a 83974->83978 83990 3573ee codecvt 83974->83990 83977->83952 83985 3b8713 moneypunct 27 API calls 83977->83985 83986 3b8713 moneypunct 27 API calls 83978->83986 83978->83990 83983 341c50 76 API calls 83988 357397 83983->83988 83984 3574d7 83989 349bb0 125 API calls 83984->83989 83985->83990 83986->83990 84308 358f20 76 API calls 83988->84308 83994 3574dc 83989->83994 83990->83956 83990->83984 84004 357542 83990->84004 83991 357221 std::ios_base::_Ios_base_dtor __Mtx_unlock collate 84315 3b8367 83991->84315 83998 349940 164 API calls 83994->83998 83997 3573a2 84000 34b8a0 163 API calls 83997->84000 84001 3574ec 83998->84001 83999 357dea 84000->83991 84003 341b84 79 API calls 84001->84003 84002 357d49 84135 364b40 84002->84135 84008 357508 84003->84008 84004->83942 84012 3576d8 84004->84012 84013 35757f codecvt 84004->84013 84020 3575d6 84004->84020 84021 3575ff 84004->84021 84005 3578ae codecvt 84005->83956 84007 357a07 84005->84007 84045 35799c 84005->84045 84007->83942 84010 357b9d 84007->84010 84038 357ac2 84007->84038 84039 357a9b 84007->84039 84062 357a44 codecvt 84007->84062 84014 341be0 76 API calls 84008->84014 84010->83942 84010->84002 84022 357c00 84010->84022 84064 357bde codecvt 84010->84064 84012->83942 84016 35786e 84012->84016 84023 357795 84012->84023 84024 35776c 84012->84024 84029 357715 codecvt 84012->84029 84013->83956 84013->84012 84026 35766d 84013->84026 84015 357518 84014->84015 84018 341c50 76 API calls 84015->84018 84016->83942 84016->84005 84016->84007 84027 357905 84016->84027 84028 35792e 84016->84028 84025 357526 84018->84025 84020->83952 84030 3b8713 moneypunct 27 API calls 84020->84030 84021->84013 84031 3b8713 moneypunct 27 API calls 84021->84031 84046 357c35 84022->84046 84047 357c5c 84022->84047 84023->84029 84035 3b8713 moneypunct 27 API calls 84023->84035 84024->83952 84032 3b8713 moneypunct 27 API calls 84024->84032 84309 358f20 76 API calls 84025->84309 84034 349bb0 125 API calls 84026->84034 84027->83952 84042 3b8713 moneypunct 27 API calls 84027->84042 84028->84005 84044 3b8713 moneypunct 27 API calls 84028->84044 84029->83956 84029->84016 84037 357803 84029->84037 84030->84013 84031->84013 84032->84029 84041 357672 84034->84041 84035->84029 84043 349bb0 125 API calls 84037->84043 84055 3b8713 moneypunct 27 API calls 84038->84055 84038->84062 84039->83952 84053 3b8713 moneypunct 27 API calls 84039->84053 84040 357531 84050 34b8a0 163 API calls 84040->84050 84051 349940 164 API calls 84041->84051 84042->84005 84052 357808 84043->84052 84044->84005 84054 349bb0 125 API calls 84045->84054 84046->83952 84048 357c40 84046->84048 84058 3b8713 moneypunct 27 API calls 84047->84058 84047->84064 84056 3b8713 moneypunct 27 API calls 84048->84056 84049 357b32 84057 349bb0 125 API calls 84049->84057 84050->83991 84059 357682 84051->84059 84061 349940 164 API calls 84052->84061 84053->84062 84063 3579a1 84054->84063 84055->84062 84056->84064 84065 357b37 84057->84065 84058->84064 84066 341b84 79 API calls 84059->84066 84060 357ccc 84067 349bb0 125 API calls 84060->84067 84068 357818 84061->84068 84062->83956 84062->84010 84062->84049 84069 349940 164 API calls 84063->84069 84064->83956 84064->84002 84064->84060 84070 349940 164 API calls 84065->84070 84071 35769e 84066->84071 84072 357cd1 84067->84072 84073 341b84 79 API calls 84068->84073 84074 3579b1 84069->84074 84075 357b47 84070->84075 84076 341be0 76 API calls 84071->84076 84077 349940 164 API calls 84072->84077 84078 357834 84073->84078 84079 341b84 79 API calls 84074->84079 84080 341b84 79 API calls 84075->84080 84081 3576ae 84076->84081 84082 357ce1 84077->84082 84083 341be0 76 API calls 84078->84083 84084 3579cd 84079->84084 84086 357b63 84080->84086 84087 341c50 76 API calls 84081->84087 84088 341b84 79 API calls 84082->84088 84089 357844 84083->84089 84085 341be0 76 API calls 84084->84085 84090 3579dd 84085->84090 84091 341be0 76 API calls 84086->84091 84092 3576bc 84087->84092 84093 357cfd 84088->84093 84094 341c50 76 API calls 84089->84094 84095 341c50 76 API calls 84090->84095 84096 357b73 84091->84096 84310 358f20 76 API calls 84092->84310 84098 341be0 76 API calls 84093->84098 84099 357852 84094->84099 84100 3579eb 84095->84100 84101 341c50 76 API calls 84096->84101 84103 357d0d 84098->84103 84311 358f20 76 API calls 84099->84311 84312 358f20 76 API calls 84100->84312 84106 357b81 84101->84106 84102 3576c7 84107 34b8a0 163 API calls 84102->84107 84108 341c50 76 API calls 84103->84108 84313 358f20 76 API calls 84106->84313 84107->83991 84112 357d1b 84108->84112 84109 35785d 84113 34b8a0 163 API calls 84109->84113 84110 3579f6 84114 34b8a0 163 API calls 84110->84114 84314 358f20 76 API calls 84112->84314 84113->83991 84114->83991 84115 357b8c 84117 34b8a0 163 API calls 84115->84117 84117->83991 84118 357d26 84119 34b8a0 163 API calls 84118->84119 84119->83991 84123 3b8718 84121->84123 84124 3b8732 84123->84124 84127 343599 moneypunct 84123->84127 84327 3c594f 84123->84327 84337 3cf60f EnterCriticalSection LeaveCriticalSection moneypunct 84123->84337 84124->83936 84126 3b873e 84126->84126 84127->84126 84129 3435c5 84127->84129 84334 3ba332 84127->84334 84130 3b8713 moneypunct 27 API calls 84129->84130 84132 3435cb 84130->84132 84131 3435d2 84131->83936 84132->84131 84338 3bd62c IsProcessorFeaturePresent 84132->84338 84134 3bd62b 84353 3652d0 84135->84353 84137 364b83 84138 3b8713 moneypunct 27 API calls 84137->84138 84139 364c08 84138->84139 84429 366340 84139->84429 84141 364eba 84432 361b40 84141->84432 84144 366360 27 API calls 84145 364d1a 84144->84145 84145->84141 84145->84144 84162 3b8713 moneypunct 27 API calls 84145->84162 84165 3c594f std::locale::_Locimp::_Locimp_ctor 15 API calls 84145->84165 84460 366640 27 API calls 3 library calls 84145->84460 84147 364c8a 84147->84145 84459 366c80 29 API calls moneypunct 84147->84459 84149 364fc2 84150 36502e 84149->84150 84151 36517d 84149->84151 84171 36500e codecvt 84149->84171 84160 365062 84150->84160 84161 36508b 84150->84161 84463 3434d0 21 API calls collate 84151->84463 84152 365187 84156 3bd60f 11 API calls 84152->84156 84153 364ec9 collate 84153->84152 84158 364f98 84153->84158 84461 3477a9 5 API calls collate 84153->84461 84159 36518c 84156->84159 84157 365182 Concurrency::cancel_current_task 84157->84152 84158->84149 84462 362f20 29 API calls 3 library calls 84158->84462 84168 349bb0 125 API calls 84159->84168 84160->84157 84164 36506d 84160->84164 84167 3b8713 moneypunct 27 API calls 84161->84167 84161->84171 84162->84145 84166 3b8713 moneypunct 27 API calls 84164->84166 84165->84145 84169 365073 84166->84169 84167->84171 84170 3651cb 84168->84170 84169->84152 84169->84171 84172 349940 164 API calls 84170->84172 84456 3be960 84171->84456 84173 3651db 84172->84173 84175 341b84 79 API calls 84173->84175 84177 3651f7 84175->84177 84178 3650d8 collate 84179 3be960 ~collate 14 API calls 84178->84179 84181 36510c collate 84178->84181 84179->84178 84250 349c45 84249->84250 84252 349bef 84249->84252 84661 3c41c9 48 API calls std::locale::_Setgloballocale 84250->84661 84253 349c27 84252->84253 84631 349c50 84252->84631 84256 3b8367 codecvt 5 API calls 84253->84256 84258 349c41 84256->84258 84259 349940 84258->84259 84260 349985 84259->84260 84261 349a1c 84259->84261 84260->84261 84264 34998e __cftof 84260->84264 84927 34b420 163 API calls 3 library calls 84261->84927 84263 3b8367 codecvt 5 API calls 84265 349a51 84263->84265 84924 34b420 163 API calls 3 library calls 84264->84924 84274 341b84 84265->84274 84267 3499d5 84925 349820 76 API calls 84267->84925 84269 3499e9 84926 34b690 79 API calls collate 84269->84926 84271 3499f8 84272 34b8a0 163 API calls 84271->84272 84273 349a00 std::ios_base::_Ios_base_dtor 84272->84273 84273->84263 84275 341bb6 84274->84275 84276 341bbf 84274->84276 84928 3480b0 84275->84928 84278 349ab0 84276->84278 84279 349aec 84278->84279 84280 349b1a 84278->84280 84992 3420a0 76 API calls 4 library calls 84279->84992 84280->83953 84282 349afa 84282->83953 84284 341c98 84283->84284 84285 341c8c 84283->84285 84287 358f20 76 API calls 84284->84287 84993 3420a0 76 API calls 4 library calls 84285->84993 84287->83966 84289 34b8ff 84288->84289 84295 34b96c collate 84288->84295 84290 349ab0 76 API calls 84289->84290 84292 34b910 84290->84292 84994 34ba20 84292->84994 84293 34b9e0 84293->83991 85156 34cd20 84295->85156 84296 34b927 85008 3520f0 84296->85008 85012 3507c0 84296->85012 85086 350890 84296->85086 84297 34b93c 84297->84295 84298 34ba0d 84297->84298 84299 3bd60f 11 API calls 84298->84299 84300 34ba12 84299->84300 84305 341c27 84304->84305 84306 341c1c 84304->84306 84305->83983 85630 3420a0 76 API calls 4 library calls 84306->85630 84308->83997 84309->84040 84310->84102 84311->84109 84312->84110 84313->84115 84314->84118 84316 3b836f 84315->84316 84317 3b8370 IsProcessorFeaturePresent 84315->84317 84316->83999 84319 3b9055 84317->84319 85631 3b9018 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 84319->85631 84321 3b9138 84321->83999 84324 3bd61e 84323->84324 84325 3bd62c std::_Locinfo::_W_Getdays 11 API calls 84324->84325 84326 3bd62b 84325->84326 84332 3d2174 std::_Locinfo::_W_Getdays 84327->84332 84328 3d21b2 84343 3bd73d 84328->84343 84330 3d219d RtlAllocateHeap 84331 3d21b0 84330->84331 84330->84332 84331->84123 84332->84328 84332->84330 84342 3cf60f EnterCriticalSection LeaveCriticalSection moneypunct 84332->84342 84335 3ba379 RaiseException 84334->84335 84336 3ba34c 84334->84336 84335->84127 84336->84335 84337->84123 84339 3bd638 84338->84339 84347 3bd453 84339->84347 84342->84332 84346 3d1e00 14 API calls 2 library calls 84343->84346 84345 3bd742 84345->84331 84346->84345 84348 3bd46f __cftof std::locale::_Setgloballocale 84347->84348 84349 3bd49b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 84348->84349 84352 3bd56c std::locale::_Setgloballocale 84349->84352 84350 3b8367 codecvt 5 API calls 84351 3bd58a GetCurrentProcess TerminateProcess 84350->84351 84351->84134 84352->84350 84354 36571d 84353->84354 84464 366440 84354->84464 84356 36575a GetModuleHandleW 84358 365816 84356->84358 84359 366440 27 API calls 84358->84359 84360 365885 84359->84360 84474 3665c0 84360->84474 84362 36588c 84363 366440 27 API calls 84362->84363 84364 36595c 84363->84364 84365 366440 27 API calls 84364->84365 84366 365ae8 84365->84366 84367 365b83 std::ios_base::_Ios_base_dtor collate 84366->84367 84479 3411f3 29 API calls 2 library calls 84366->84479 84370 366440 27 API calls 84367->84370 84369 365bdb 84371 365be6 84369->84371 84378 365cfc collate 84369->84378 84377 365cc5 84370->84377 84372 349bb0 125 API calls 84371->84372 84374 365beb 84372->84374 84373 366440 27 API calls 84375 365d62 84373->84375 84376 349940 164 API calls 84374->84376 84375->84367 84480 35aad0 28 API calls 3 library calls 84375->84480 84379 365bfb 84376->84379 84380 365de7 84377->84380 84381 365e30 84377->84381 84390 365cd3 codecvt 84377->84390 84378->84373 84383 341b84 79 API calls 84379->84383 84384 366085 Concurrency::cancel_current_task 84380->84384 84385 365df2 84380->84385 84387 3b8713 moneypunct 27 API calls 84381->84387 84381->84390 84388 365c17 84383->84388 84389 36608a 84384->84389 84386 3b8713 moneypunct 27 API calls 84385->84386 84386->84390 84387->84390 84391 341be0 76 API calls 84388->84391 84392 3bd60f 11 API calls 84389->84392 84390->84389 84396 365ebc collate 84390->84396 84393 365c27 84391->84393 84394 36608f 84392->84394 84397 34b8a0 163 API calls 84393->84397 84395 3bd60f 11 API calls 84394->84395 84406 366094 collate 84395->84406 84398 366440 27 API calls 84396->84398 84410 365f73 collate 84396->84410 84397->84367 84400 365f2f 84398->84400 84399 365f82 GetModuleHandleW 84401 365f95 GetProcAddress 84399->84401 84402 365fc1 84399->84402 84404 365f45 84400->84404 84481 35aad0 28 API calls 3 library calls 84400->84481 84401->84402 84403 365fa7 GetCurrentProcess 84401->84403 84408 366440 27 API calls 84402->84408 84403->84402 84404->84394 84404->84399 84404->84410 84421 366166 collate 84406->84421 84486 3667b0 12 API calls collate 84406->84486 84411 366022 84408->84411 84409 3660f4 84417 36610e SysFreeString 84409->84417 84420 36611b collate 84409->84420 84410->84399 84482 3436db 27 API calls collate 84411->84482 84412 3bd60f 11 API calls 84414 3661d9 84412->84414 84415 3661b4 collate 84415->84137 84416 36602a 84483 34372a 5 API calls collate 84416->84483 84417->84420 84418 366159 SysFreeString 84418->84421 84420->84418 84420->84421 84421->84412 84421->84415 84422 366032 84484 34372a 5 API calls collate 84422->84484 84424 36603a 84485 34372a 5 API calls collate 84424->84485 84426 366042 84427 3b8367 codecvt 5 API calls 84426->84427 84428 366059 84427->84428 84428->84137 84430 3b8367 codecvt 5 API calls 84429->84430 84431 366355 84430->84431 84431->84147 84433 361db3 84432->84433 84434 361de3 84433->84434 84435 361dff 84433->84435 84489 362580 29 API calls 84434->84489 84437 361e24 84435->84437 84438 361e08 84435->84438 84439 361e33 84437->84439 84440 361e4b 84437->84440 84490 3624c0 29 API calls 84438->84490 84491 3623e0 29 API calls 84439->84491 84492 362320 29 API calls 84440->84492 84441 361dec 84445 3b8367 codecvt 5 API calls 84441->84445 84449 361df9 84445->84449 84446 361e11 84450 3b8367 codecvt 5 API calls 84446->84450 84447 361e38 84452 3b8367 codecvt 5 API calls 84447->84452 84448 361e50 84453 3b8367 codecvt 5 API calls 84448->84453 84449->84153 84451 361e1e 84450->84451 84451->84153 84454 361e45 84452->84454 84455 361e5e 84453->84455 84454->84153 84455->84153 84493 3d2098 84456->84493 84458 3be978 84458->84178 84459->84147 84460->84145 84461->84153 84462->84149 84465 366496 84464->84465 84466 3665af 84465->84466 84467 3664fd 84465->84467 84473 3664e8 84465->84473 84488 349b40 27 API calls collate 84466->84488 84468 3b8713 moneypunct 27 API calls 84467->84468 84470 366515 84468->84470 84487 366bb0 11 API calls collate 84470->84487 84471 3665b4 84473->84356 84475 3665ef collate 84474->84475 84476 3665cc 84474->84476 84475->84362 84476->84475 84477 3bd60f 11 API calls 84476->84477 84478 366639 84477->84478 84479->84369 84480->84367 84481->84404 84482->84416 84483->84422 84484->84424 84485->84426 84486->84409 84487->84473 84488->84471 84489->84441 84490->84446 84491->84447 84492->84448 84494 3d20a3 RtlFreeHeap 84493->84494 84498 3d20cc __dosmaperr 84493->84498 84495 3d20b8 84494->84495 84494->84498 84496 3bd73d __Wcrtomb 12 API calls 84495->84496 84497 3d20be GetLastError 84496->84497 84497->84498 84498->84458 84662 34e310 ConvertStringSecurityDescriptorToSecurityDescriptorW 84631->84662 84634 34a048 collate 84638 3b8367 codecvt 5 API calls 84634->84638 84637 349f7e 84637->84634 84639 34a072 84637->84639 84640 349c11 InitOnceComplete 84638->84640 84642 3bd60f 11 API calls 84639->84642 84640->84250 84640->84253 84643 34a077 84642->84643 84644 3b8713 moneypunct 27 API calls 84647 349eec collate 84644->84647 84645 36d900 27 API calls 84645->84637 84646 349cec 84648 36d900 27 API calls 84646->84648 84647->84639 84647->84645 84649 349d4c 84648->84649 84689 3a3b8a 84649->84689 84653 34a06d Concurrency::cancel_current_task 84653->84639 84654 349def 84654->84653 84655 349e74 84654->84655 84656 349e9b 84654->84656 84660 349e24 codecvt 84654->84660 84655->84653 84657 349e7f 84655->84657 84658 3b8713 moneypunct 27 API calls 84656->84658 84656->84660 84659 3b8713 moneypunct 27 API calls 84657->84659 84658->84660 84659->84660 84660->84639 84660->84644 84663 34e376 collate 84662->84663 84664 34e37d 84662->84664 84666 3b8367 codecvt 5 API calls 84663->84666 84713 34deb0 84664->84713 84668 349ca2 84666->84668 84667 34e3d9 84669 34e3e8 __cftof 84667->84669 84671 34e3dd 84667->84671 84668->84637 84683 3b8760 84668->84683 84670 34e425 GetModuleFileNameW 84669->84670 84672 34e443 84670->84672 84679 34e54f collate 84670->84679 84671->84663 84673 34e62e 84671->84673 84765 34daa0 29 API calls 3 library calls 84672->84765 84676 3bd60f 11 API calls 84673->84676 84675 34e454 84675->84679 84766 34dc20 84675->84766 84677 34e633 84676->84677 84679->84671 84679->84673 84680 34e629 84682 3bd60f 11 API calls 84680->84682 84681 34e49d collate 84681->84679 84681->84680 84682->84673 84684 3b8713 moneypunct 27 API calls 84683->84684 84685 349cc1 84684->84685 84685->84660 84686 36d900 84685->84686 84875 36dc50 84686->84875 84688 36d95d 84688->84646 84881 3a38db 84689->84881 84691 349dd9 84692 351130 84691->84692 84887 353d80 84692->84887 84696 351183 84697 35119d 84696->84697 84698 3513d8 84696->84698 84911 3440e8 84697->84911 84919 3434d0 21 API calls collate 84698->84919 84701 3511bc 84915 353640 28 API calls codecvt 84701->84915 84702 3bd60f 11 API calls 84704 3513e2 84702->84704 84705 3511cc 84916 353590 28 API calls codecvt 84705->84916 84707 3511df 84917 34f310 28 API calls 3 library calls 84707->84917 84709 3511f5 84918 353590 28 API calls codecvt 84709->84918 84711 351208 collate 84711->84702 84712 3513b9 collate 84711->84712 84712->84654 84837 3ba920 84713->84837 84716 34df16 84719 34dc20 93 API calls 84716->84719 84717 3b8367 codecvt 5 API calls 84718 34e2ee 84717->84718 84718->84667 84721 34df5d collate 84719->84721 84720 34e2f2 84723 3bd60f 11 API calls 84720->84723 84721->84720 84722 34e00f collate 84721->84722 84839 34f520 84722->84839 84725 34e2f7 84723->84725 84727 3bd60f 11 API calls 84725->84727 84726 34e084 84854 34e640 84726->84854 84729 34e2fc 84727->84729 84731 3bd60f 11 API calls 84729->84731 84732 34e301 84731->84732 84733 3bd60f 11 API calls 84732->84733 84734 34e306 ConvertStringSecurityDescriptorToSecurityDescriptorW 84733->84734 84737 34e37d 84734->84737 84746 34e376 collate 84734->84746 84735 34e0e8 collate 84735->84735 84738 34dc20 93 API calls 84735->84738 84760 34e2bd collate 84735->84760 84739 34deb0 93 API calls 84737->84739 84745 34e143 collate 84738->84745 84741 34e3d9 84739->84741 84740 3b8367 codecvt 5 API calls 84742 34e625 84740->84742 84743 34e3e8 __cftof 84741->84743 84747 34e3dd 84741->84747 84742->84667 84744 34e425 GetModuleFileNameW 84743->84744 84748 34e443 84744->84748 84761 34e54f collate 84744->84761 84745->84729 84751 34e1f5 collate 84745->84751 84746->84740 84747->84746 84749 34e62e 84747->84749 84869 34daa0 29 API calls 3 library calls 84748->84869 84754 3bd60f 11 API calls 84749->84754 84753 34f520 28 API calls 84751->84753 84752 34e454 84757 34dc20 93 API calls 84752->84757 84752->84761 84755 34e264 84753->84755 84756 34e633 84754->84756 84758 34e640 87 API calls 84755->84758 84763 34e49d collate 84757->84763 84759 34e27d 84758->84759 84759->84732 84759->84760 84760->84717 84761->84747 84761->84749 84762 34e629 84764 3bd60f 11 API calls 84762->84764 84763->84761 84763->84762 84764->84749 84765->84675 84767 34dc55 84766->84767 84768 34dc83 84766->84768 84771 34f520 28 API calls 84767->84771 84769 34dd83 84768->84769 84770 34dcaa 84768->84770 84773 34f520 28 API calls 84769->84773 84772 34f520 28 API calls 84770->84772 84774 34dc71 84771->84774 84775 34dcb9 84772->84775 84776 34dd92 84773->84776 84774->84681 84777 34f520 28 API calls 84775->84777 84778 34f520 28 API calls 84776->84778 84779 34dce7 84777->84779 84780 34ddc0 84778->84780 84872 34f310 28 API calls 3 library calls 84779->84872 84873 34f310 28 API calls 3 library calls 84780->84873 84783 34dd67 collate 84783->84681 84784 3bd60f 11 API calls 84786 34dea8 __cftof 84784->84786 84785 34dcfd collate 84785->84783 84785->84784 84787 34def8 SHGetSpecialFolderPathW 84786->84787 84788 34df16 84787->84788 84832 34e2bd collate 84787->84832 84791 34dc20 93 API calls 84788->84791 84789 3b8367 codecvt 5 API calls 84790 34e2ee 84789->84790 84790->84681 84792 34df5d collate 84791->84792 84793 34e2f2 84792->84793 84794 34e00f collate 84792->84794 84795 3bd60f 11 API calls 84793->84795 84796 34f520 28 API calls 84794->84796 84797 34e2f7 84795->84797 84798 34e084 84796->84798 84799 3bd60f 11 API calls 84797->84799 84800 34e640 87 API calls 84798->84800 84801 34e2fc 84799->84801 84802 34e09d 84800->84802 84803 3bd60f 11 API calls 84801->84803 84802->84797 84807 34e0e8 collate 84802->84807 84804 34e301 84803->84804 84805 3bd60f 11 API calls 84804->84805 84806 34e306 ConvertStringSecurityDescriptorToSecurityDescriptorW 84805->84806 84809 34e37d 84806->84809 84817 34e376 collate 84806->84817 84807->84807 84810 34dc20 93 API calls 84807->84810 84807->84832 84811 34deb0 93 API calls 84809->84811 84820 34e143 collate 84810->84820 84813 34e3d9 84811->84813 84812 3b8367 codecvt 5 API calls 84814 34e625 84812->84814 84815 34e3e8 __cftof 84813->84815 84818 34e3dd 84813->84818 84814->84681 84816 34e425 GetModuleFileNameW 84815->84816 84819 34e443 84816->84819 84833 34e54f collate 84816->84833 84817->84812 84818->84817 84821 34e62e 84818->84821 84874 34daa0 29 API calls 3 library calls 84819->84874 84820->84801 84823 34e1f5 collate 84820->84823 84826 3bd60f 11 API calls 84821->84826 84825 34f520 28 API calls 84823->84825 84824 34e454 84829 34dc20 93 API calls 84824->84829 84824->84833 84827 34e264 84825->84827 84828 34e633 84826->84828 84830 34e640 87 API calls 84827->84830 84834 34e49d collate 84829->84834 84831 34e27d 84830->84831 84831->84804 84831->84832 84832->84789 84833->84818 84833->84821 84834->84833 84835 34e629 84834->84835 84836 3bd60f 11 API calls 84835->84836 84836->84821 84838 34def8 SHGetSpecialFolderPathW 84837->84838 84838->84716 84838->84760 84842 34f571 84839->84842 84843 34f541 codecvt 84839->84843 84840 34f677 84870 3434d0 21 API calls collate 84840->84870 84842->84840 84844 34f672 Concurrency::cancel_current_task 84842->84844 84847 34f5d3 84842->84847 84848 34f5fa 84842->84848 84843->84726 84844->84840 84845 3bd60f 11 API calls 84846 34f681 84845->84846 84847->84844 84849 34f5de 84847->84849 84851 3b8713 moneypunct 27 API calls 84848->84851 84852 34f5e4 codecvt 84848->84852 84850 3b8713 moneypunct 27 API calls 84849->84850 84850->84852 84851->84852 84852->84845 84853 34f658 collate 84852->84853 84853->84726 84855 34e680 GetFileAttributesW 84854->84855 84856 34e67e 84854->84856 84860 34e690 84855->84860 84865 34e724 collate 84855->84865 84856->84855 84857 34e736 CreateDirectoryW 84858 34e742 GetLastError 84857->84858 84859 34e09d 84857->84859 84858->84859 84859->84725 84859->84735 84860->84860 84861 34f520 28 API calls 84860->84861 84860->84865 84862 34e6ec 84861->84862 84871 34d6d0 83 API calls 84862->84871 84864 34e6f8 84864->84865 84866 34e77d 84864->84866 84865->84857 84867 3bd60f 11 API calls 84866->84867 84868 34e782 84867->84868 84869->84752 84871->84864 84872->84785 84873->84785 84874->84824 84876 36dc90 84875->84876 84880 36dcc5 84875->84880 84877 3b8760 27 API calls 84876->84877 84879 36dc9c 84877->84879 84878 3b8713 moneypunct 27 API calls 84878->84880 84879->84878 84880->84688 84886 3a38e8 84881->84886 84882 3a38a6 InitializeCriticalSectionEx 84882->84691 84883 3a38c4 InitializeSRWLock 84883->84691 84886->84882 84886->84883 84920 3ba3a0 84887->84920 84889 353de7 WTSGetActiveConsoleSessionId 84890 353e15 84889->84890 84891 353e0b OutputDebugStringW 84889->84891 84890->84891 84895 353e3e 84890->84895 84908 353e57 codecvt collate 84891->84908 84893 3b8367 codecvt 5 API calls 84894 351172 84893->84894 84910 353fd0 70 API calls codecvt 84894->84910 84896 353f81 OutputDebugStringW 84895->84896 84897 353e4a 84895->84897 84896->84908 84898 353fc0 84897->84898 84901 353e90 84897->84901 84897->84908 84922 3434d0 21 API calls collate 84898->84922 84900 353fc5 84903 3bd60f 11 API calls 84900->84903 84902 353fca Concurrency::cancel_current_task 84901->84902 84904 353ee7 84901->84904 84905 353f0e 84901->84905 84903->84902 84904->84902 84906 3b8713 moneypunct 27 API calls 84904->84906 84907 3b8713 moneypunct 27 API calls 84905->84907 84909 353ef8 codecvt 84905->84909 84906->84909 84907->84909 84908->84893 84909->84900 84909->84908 84910->84696 84912 344122 84911->84912 84914 344147 codecvt 84911->84914 84923 3433c3 28 API calls collate 84912->84923 84914->84701 84915->84705 84916->84707 84917->84709 84918->84711 84921 3ba3b8 84920->84921 84921->84889 84921->84921 84923->84914 84924->84267 84925->84269 84926->84271 84927->84273 84929 3480f9 84928->84929 84943 348185 collate 84928->84943 84947 347f60 84929->84947 84933 348109 84963 3481d0 28 API calls 3 library calls 84933->84963 84935 348119 84964 3489b0 84935->84964 84937 348130 84938 344300 5 API calls 84937->84938 84939 34813e 84938->84939 84975 348730 75 API calls 2 library calls 84939->84975 84941 34814b 84942 344300 5 API calls 84941->84942 84944 348156 84942->84944 84943->84276 84944->84943 84945 3bd60f 11 API calls 84944->84945 84946 3481c5 84945->84946 84948 347faa 84947->84948 84958 348076 84947->84958 84976 3a3cd6 84948->84976 84949 3b8367 codecvt 5 API calls 84951 34809e 84949->84951 84959 344300 84951->84959 84952 347faf std::_Stofx_v2 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 84979 349620 76 API calls 2 library calls 84952->84979 84954 348036 84980 348530 75 API calls 2 library calls 84954->84980 84956 34806b 84957 344300 5 API calls 84956->84957 84957->84958 84958->84949 84961 34430c __EH_prolog3_catch 84959->84961 84986 342c9c 84961->84986 84962 34436d moneypunct 84962->84933 84963->84935 84965 3489ff 84964->84965 84966 342c9c 5 API calls 84965->84966 84974 348a1b 84966->84974 84967 348bce 84967->84937 84969 348c51 84970 3ba332 CallUnexpected RaiseException 84969->84970 84971 348c5f 84970->84971 84972 3be960 ~collate 14 API calls 84971->84972 84973 348c71 collate 84972->84973 84973->84937 84974->84967 84991 3428d1 27 API calls 3 library calls 84974->84991 84975->84941 84981 3a6d6a 84976->84981 84979->84954 84980->84956 84982 3a6d7b GetSystemTimePreciseAsFileTime 84981->84982 84983 3a6d87 GetSystemTimeAsFileTime 84981->84983 84984 3a3ce4 84982->84984 84983->84984 84984->84952 84988 342ca8 __EH_prolog3 84986->84988 84987 342cf7 moneypunct 84987->84962 84988->84987 84990 342c33 5 API calls 2 library calls 84988->84990 84990->84987 84991->84969 84992->84282 84993->84284 84998 34ba83 84994->84998 84995 34baca codecvt 84995->84296 84996 34bba2 85159 3434d0 21 API calls collate 84996->85159 84998->84995 84998->84996 84999 34bb9d Concurrency::cancel_current_task 84998->84999 85001 34bb64 84998->85001 85002 34bb43 84998->85002 84999->84996 85000 3bd60f 11 API calls 85003 34bbac 85000->85003 85001->84995 85006 3b8713 moneypunct 27 API calls 85001->85006 85002->84999 85004 34bb4a 85002->85004 85005 3b8713 moneypunct 27 API calls 85004->85005 85007 34bb50 85005->85007 85006->84995 85007->84995 85007->85000 85009 352123 85008->85009 85010 3520f9 85008->85010 85009->84297 85010->85009 85160 3c4ef7 85010->85160 85013 3507cb collate 85012->85013 85014 3bd60f 11 API calls 85013->85014 85016 35083b __Mtx_destroy_in_situ collate 85013->85016 85015 350884 85014->85015 85017 3a3bab 13 API calls 85015->85017 85016->84297 85018 3508dd 85017->85018 85019 351045 85018->85019 85020 3508e8 85018->85020 85021 3a3faf 79 API calls 85019->85021 85022 3508f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 85020->85022 85025 350a51 __cftof 85020->85025 85023 35104b 85021->85023 85027 350911 85022->85027 85038 350fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 85022->85038 85024 3bd60f 11 API calls 85023->85024 85032 350f65 85024->85032 85314 353110 85025->85314 85030 34f520 28 API calls 85027->85030 85028 3b8367 codecvt 5 API calls 85031 35103f 85028->85031 85034 350991 85030->85034 85031->84297 85376 3428d1 27 API calls 3 library calls 85032->85376 85036 34e640 87 API calls 85034->85036 85037 3509a4 85036->85037 85037->85023 85042 3509ec collate 85037->85042 85038->85028 85045 350a31 85042->85045 85046 350a1d 85042->85046 85044 351087 85048 3ba332 CallUnexpected RaiseException 85044->85048 85045->85025 85049 350a42 LocalFree 85045->85049 85046->85038 85050 350a25 LocalFree 85046->85050 85051 351098 85048->85051 85049->85025 85050->85038 85087 3a3bab 13 API calls 85086->85087 85088 3508dd 85087->85088 85089 351045 85088->85089 85090 3508e8 85088->85090 85091 3a3faf 79 API calls 85089->85091 85092 3508f4 ConvertStringSecurityDescriptorToSecurityDescriptorW 85090->85092 85095 350a51 __cftof 85090->85095 85093 35104b 85091->85093 85097 350911 85092->85097 85108 350fdb std::ios_base::_Ios_base_dtor __Mtx_unlock 85092->85108 85094 3bd60f 11 API calls 85093->85094 85102 350f65 85094->85102 85096 353110 102 API calls 85095->85096 85099 350a84 85096->85099 85100 34f520 28 API calls 85097->85100 85098 3b8367 codecvt 5 API calls 85101 35103f 85098->85101 85103 350fa9 85099->85103 85110 3b8713 moneypunct 27 API calls 85099->85110 85154 350c43 codecvt 85099->85154 85104 350991 85100->85104 85101->84297 85622 3428d1 27 API calls 3 library calls 85102->85622 85621 352b90 73 API calls collate 85103->85621 85106 34e640 87 API calls 85104->85106 85107 3509a4 85106->85107 85107->85093 85112 3509ec collate 85107->85112 85108->85098 85111 350ae1 __cftof 85110->85111 85122 3a3367 std::_Lockit::_Lockit 7 API calls 85111->85122 85115 350a31 85112->85115 85116 350a1d 85112->85116 85113 3489b0 27 API calls 85117 350d38 85113->85117 85114 351087 85118 3ba332 CallUnexpected RaiseException 85114->85118 85115->85095 85119 350a42 LocalFree 85115->85119 85116->85108 85120 350a25 LocalFree 85116->85120 85123 342c9c 5 API calls 85117->85123 85129 350d68 85117->85129 85121 351098 85118->85121 85119->85095 85120->85108 85125 350b0d 85122->85125 85123->85129 85124 342c9c 5 API calls 85126 350e1f 85124->85126 85614 3a3184 72 API calls 2 library calls 85125->85614 85136 350e6e 85126->85136 85155 352380 70 API calls 85126->85155 85128 350b55 85615 3a33f6 48 API calls 4 library calls 85128->85615 85129->85102 85129->85103 85129->85124 85131 350b61 85616 343128 72 API calls 3 library calls 85131->85616 85133 350b8b 85134 3a3084 std::locale::_Init 57 API calls 85133->85134 85135 350b9c 85134->85135 85617 3a31e9 77 API calls 3 library calls 85135->85617 85136->85103 85138 353030 73 API calls 85136->85138 85140 350f29 85138->85140 85139 350ba9 85141 350be6 85139->85141 85142 3a3367 std::_Lockit::_Lockit 7 API calls 85139->85142 85140->85102 85144 350f78 85140->85144 85618 3a5688 77 API calls 9 library calls 85141->85618 85145 350bc5 85142->85145 85619 34e790 34 API calls 2 library calls 85144->85619 85148 3a33bf std::_Lockit::~_Lockit 2 API calls 85145->85148 85146 350bf7 85150 350c1e 85146->85150 85152 3be960 ~collate 14 API calls 85146->85152 85146->85154 85148->85141 85149 350f9f 85620 351740 28 API calls 85149->85620 85153 3c594f std::locale::_Locimp::_Locimp_ctor 15 API calls 85150->85153 85152->85150 85153->85154 85154->85113 85155->85136 85623 34cc80 85156->85623 85158 34cd2f collate 85158->84293 85161 3c4f09 85160->85161 85164 3c4f12 ___scrt_uninitialize_crt 85160->85164 85176 3c4d9c 72 API calls ___scrt_uninitialize_crt 85161->85176 85163 3c4f0f 85163->85009 85165 3c4f23 85164->85165 85168 3c4d3c 85164->85168 85165->85009 85169 3c4d48 __FrameHandler3::FrameUnwindToState 85168->85169 85177 3c582c EnterCriticalSection 85169->85177 85171 3c4d56 85178 3c4ea6 85171->85178 85175 3c4d79 85175->85009 85176->85163 85177->85171 85179 3c4ebc 85178->85179 85180 3c4eb3 85178->85180 85189 3c4e41 85179->85189 85195 3c4d9c 72 API calls ___scrt_uninitialize_crt 85180->85195 85183 3c4d67 85188 3c4d90 LeaveCriticalSection ___scrt_uninitialize_crt 85183->85188 85186 3c4ed8 85201 3d56f0 18 API calls 3 library calls 85186->85201 85188->85175 85190 3c4e59 85189->85190 85191 3c4e7e 85189->85191 85190->85191 85192 3d2e1c std::locale::_Setgloballocale 14 API calls 85190->85192 85191->85183 85196 3d2e1c 85191->85196 85193 3c4e77 85192->85193 85202 3d5ee6 85193->85202 85195->85183 85197 3d2e3d 85196->85197 85198 3d2e28 85196->85198 85197->85186 85199 3bd73d __Wcrtomb 14 API calls 85198->85199 85200 3d2e2d __wsopen_s 85199->85200 85200->85186 85201->85183 85203 3d5ef2 __FrameHandler3::FrameUnwindToState 85202->85203 85204 3d5efa 85203->85204 85209 3d5f12 85203->85209 85268 3bd72a 14 API calls __dosmaperr 85204->85268 85206 3d5fad 85271 3bd72a 14 API calls __dosmaperr 85206->85271 85207 3d5eff 85210 3bd73d __Wcrtomb 14 API calls 85207->85210 85209->85206 85212 3d5f44 85209->85212 85215 3d5f07 __wsopen_s 85210->85215 85211 3d5fb2 85213 3bd73d __Wcrtomb 14 API calls 85211->85213 85225 3dace1 EnterCriticalSection 85212->85225 85213->85215 85215->85191 85216 3d5f4a 85217 3d5f7b 85216->85217 85218 3d5f66 85216->85218 85226 3d5fd8 85217->85226 85220 3bd73d __Wcrtomb 14 API calls 85218->85220 85222 3d5f6b 85220->85222 85221 3d5f76 85270 3d5fa5 LeaveCriticalSection __wsopen_s 85221->85270 85269 3bd72a 14 API calls __dosmaperr 85222->85269 85225->85216 85227 3d5ffa 85226->85227 85265 3d600b __wsopen_s 85226->85265 85228 3d5ffe 85227->85228 85230 3d604e 85227->85230 85289 3bd72a 14 API calls __dosmaperr 85228->85289 85232 3d6061 85230->85232 85272 3d698d 85230->85272 85231 3d6003 85233 3bd73d __Wcrtomb 14 API calls 85231->85233 85275 3d5b7f 85232->85275 85233->85265 85237 3d6077 85241 3d607b 85237->85241 85242 3d60a0 85237->85242 85238 3d60b6 85239 3d610f WriteFile 85238->85239 85240 3d60ca 85238->85240 85243 3d6133 GetLastError 85239->85243 85257 3d60ed 85239->85257 85245 3d60ff 85240->85245 85246 3d60d5 85240->85246 85252 3d6096 85241->85252 85290 3d5b17 6 API calls __wsopen_s 85241->85290 85291 3d576d 53 API calls 5 library calls 85242->85291 85243->85257 85282 3d5bf0 85245->85282 85247 3d60ef 85246->85247 85248 3d60da 85246->85248 85248->85252 85254 3d6159 85252->85254 85255 3d6183 85252->85255 85252->85265 85255->85265 85257->85252 85265->85221 85268->85207 85269->85221 85270->85215 85271->85211 85297 3d68f6 85272->85297 85306 3dec2a 85275->85306 85277 3d5b90 85278 3d5be6 85277->85278 85313 3d1ca9 48 API calls 3 library calls 85277->85313 85278->85237 85278->85238 85280 3d5bb3 85280->85278 85281 3d5bcd GetConsoleMode 85280->85281 85281->85278 85289->85231 85290->85252 85291->85252 85298 3daf5d __wsopen_s 14 API calls 85297->85298 85299 3d6908 85298->85299 85300 3d6921 SetFilePointerEx 85299->85300 85301 3d6910 85299->85301 85302 3d6939 GetLastError 85300->85302 85305 3d6915 85300->85305 85303 3bd73d __Wcrtomb 14 API calls 85301->85303 85304 3bd707 __dosmaperr 14 API calls 85302->85304 85303->85305 85304->85305 85305->85232 85307 3dec37 85306->85307 85309 3dec44 85306->85309 85308 3bd73d __Wcrtomb 14 API calls 85307->85308 85312 3dec3c __wsopen_s 85308->85312 85310 3dec50 85309->85310 85311 3bd73d __Wcrtomb 14 API calls 85309->85311 85310->85277 85311->85312 85312->85277 85313->85280 85377 34be30 85314->85377 85376->85044 85403 34c0c0 85377->85403 85382 34be6f 85383 34be7c 85382->85383 85412 3a2bab 9 API calls 2 library calls 85382->85412 85390 34bbb0 85383->85390 85385 34be86 85413 3428d1 27 API calls 3 library calls 85385->85413 85387 34bebc 85388 3ba332 CallUnexpected RaiseException 85387->85388 85389 34becb 85388->85389 85391 3b8713 moneypunct 27 API calls 85390->85391 85392 34bbea 85391->85392 85404 3b8713 moneypunct 27 API calls 85403->85404 85405 34c13a 85404->85405 85406 3a3084 std::locale::_Init 57 API calls 85405->85406 85407 34be3b 85406->85407 85408 34bff0 85407->85408 85409 34c02e 85408->85409 85414 3432de 85409->85414 85412->85383 85413->85387 85415 3432ea __EH_prolog3_GS 85414->85415 85416 3a3367 std::_Lockit::_Lockit 7 API calls 85415->85416 85417 3432f7 85416->85417 85434 342d14 14 API calls 3 library calls 85417->85434 85419 34330e std::locale::_Locimp::_Makeushloc 85431 343320 85419->85431 85435 3431d9 75 API calls 4 library calls 85419->85435 85420 3a33bf std::_Lockit::~_Lockit 2 API calls 85421 343365 85420->85421 85437 3b8def 5 API calls codecvt 85421->85437 85424 34332e 85426 343335 85424->85426 85427 34336d 85424->85427 85436 3a3052 27 API calls moneypunct 85426->85436 85438 343268 RaiseException Concurrency::cancel_current_task CallUnexpected collate 85427->85438 85430 343372 85439 3a32da LCMapStringEx ___crtLCMapStringW 85430->85439 85431->85420 85433 34338d 85433->85382 85433->85385 85434->85419 85435->85424 85436->85431 85438->85430 85439->85433 85614->85128 85615->85131 85616->85133 85617->85139 85618->85146 85619->85149 85621->85108 85622->85114 85624 34cccb collate 85623->85624 85625 34cc89 85623->85625 85624->85158 85625->85624 85626 3bd60f 11 API calls 85625->85626 85627 34cd1f 85626->85627 85628 34cc80 11 API calls 85627->85628 85629 34cd2f collate 85628->85629 85629->85158 85630->84305 85631->84321 85632 3c22d9 85633 3c22fc 85632->85633 85634 3c22e9 85632->85634 85636 3c230e 85633->85636 85641 3c2321 85633->85641 85635 3bd73d __Wcrtomb 14 API calls 85634->85635 85658 3c22ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __wsopen_s __allrem 85635->85658 85637 3bd73d __Wcrtomb 14 API calls 85636->85637 85637->85658 85638 3c2341 85642 3bd73d __Wcrtomb 14 API calls 85638->85642 85639 3c2352 85659 3d3ead 85639->85659 85641->85638 85641->85639 85642->85658 85645 3c2369 85646 3c255d 85645->85646 85666 3d349f 14 API calls 2 library calls 85645->85666 85648 3bd62c std::_Locinfo::_W_Getdays 11 API calls 85646->85648 85649 3c2567 85648->85649 85650 3c237b 85650->85646 85667 3d34cb 85650->85667 85652 3c238d 85652->85646 85653 3c2396 85652->85653 85654 3c241b 85653->85654 85655 3c23b7 85653->85655 85654->85658 85673 3d3f0a 25 API calls 2 library calls 85654->85673 85655->85658 85672 3d3f0a 25 API calls 2 library calls 85655->85672 85660 3d3eb9 __FrameHandler3::FrameUnwindToState 85659->85660 85661 3c2357 85660->85661 85674 3ccd41 EnterCriticalSection 85660->85674 85665 3d3473 14 API calls 2 library calls 85661->85665 85663 3d3eca 85675 3d3f01 LeaveCriticalSection std::_Lockit::~_Lockit 85663->85675 85665->85645 85666->85650 85668 3d34ec 85667->85668 85669 3d34d7 85667->85669 85668->85652 85670 3bd73d __Wcrtomb 14 API calls 85669->85670 85671 3d34dc __wsopen_s 85670->85671 85671->85652 85672->85658 85673->85658 85674->85663 85675->85661 85682 36ea50 85685 36ed10 85682->85685 85683 36ea63 85686 36ed1a 85685->85686 85687 36ed39 85685->85687 85686->85687 85688 36ed22 RegSetValueExW 85686->85688 85687->85683 85688->85683 85689 36ecd0 85690 36ece7 lstrlenW 85689->85690 85691 36ecde 85689->85691 85693 36ed10 RegSetValueExW 85690->85693 85692 36ed07 85693->85692 85694 36df10 RegCreateKeyExW 85695 36df52 85694->85695 85696 36e590 85697 36e5a5 85696->85697 85698 36e59a 85696->85698 85701 36e8c0 RegQueryValueExW 85697->85701 85699 36e5bf 85701->85699 85702 3d61fa 85703 3d6206 __FrameHandler3::FrameUnwindToState 85702->85703 85704 3d620c 85703->85704 85705 3d6223 85703->85705 85706 3bd73d __Wcrtomb 14 API calls 85704->85706 85713 3c582c EnterCriticalSection 85705->85713 85712 3d6211 __wsopen_s 85706->85712 85708 3d6233 85714 3d627a 85708->85714 85710 3d623f 85733 3d6270 LeaveCriticalSection ___scrt_uninitialize_crt 85710->85733 85713->85708 85715 3d629f 85714->85715 85716 3d6288 85714->85716 85718 3d2e1c std::locale::_Setgloballocale 14 API calls 85715->85718 85717 3bd73d __Wcrtomb 14 API calls 85716->85717 85720 3d628d __wsopen_s 85717->85720 85719 3d62a9 85718->85719 85734 3d6972 85719->85734 85720->85710 85723 3d638c 85725 3d639a 85723->85725 85726 3d6365 85723->85726 85724 3d6337 85724->85726 85728 3d6351 85724->85728 85727 3bd73d __Wcrtomb 14 API calls 85725->85727 85729 3d62ee __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 85726->85729 85738 3d63fe 18 API calls 2 library calls 85726->85738 85727->85729 85737 3d65bd 24 API calls 4 library calls 85728->85737 85729->85710 85731 3d635d 85731->85729 85733->85712 85739 3d67ea 85734->85739 85736 3d62c4 85736->85723 85736->85724 85736->85729 85737->85731 85738->85729 85740 3d67f6 __FrameHandler3::FrameUnwindToState 85739->85740 85741 3d67fe 85740->85741 85742 3d6816 85740->85742 85763 3bd72a 14 API calls __dosmaperr 85741->85763 85743 3d68c7 85742->85743 85747 3d684b 85742->85747 85766 3bd72a 14 API calls __dosmaperr 85743->85766 85746 3d6803 85749 3bd73d __Wcrtomb 14 API calls 85746->85749 85762 3dace1 EnterCriticalSection 85747->85762 85748 3d68cc 85751 3bd73d __Wcrtomb 14 API calls 85748->85751 85753 3d680b __wsopen_s 85749->85753 85751->85753 85752 3d6851 85754 3d688a 85752->85754 85755 3d6875 85752->85755 85753->85736 85757 3d68f6 __wsopen_s 16 API calls 85754->85757 85756 3bd73d __Wcrtomb 14 API calls 85755->85756 85758 3d687a 85756->85758 85759 3d6885 85757->85759 85764 3bd72a 14 API calls __dosmaperr 85758->85764 85765 3d68bf LeaveCriticalSection __wsopen_s 85759->85765 85762->85752 85763->85746 85764->85759 85765->85753 85766->85748 85770 365318 85887 3b88fa EnterCriticalSection 85770->85887 85772 365322 85773 36571a 85772->85773 85775 3b8713 moneypunct 27 API calls 85772->85775 85774 366440 27 API calls 85773->85774 85776 36575a GetModuleHandleW 85774->85776 85777 36535e 85775->85777 85781 365816 85776->85781 85892 364a40 85777->85892 85780 3653a7 85782 364a40 33 API calls 85780->85782 85785 366440 27 API calls 85781->85785 85783 3653ba 85782->85783 85784 364a40 33 API calls 85783->85784 85786 3653cb 85784->85786 85787 365885 85785->85787 85899 3661f0 29 API calls 3 library calls 85786->85899 85789 3665c0 11 API calls 85787->85789 85791 36588c 85789->85791 85790 3653e9 85792 364a40 33 API calls 85790->85792 85793 366440 27 API calls 85791->85793 85794 365486 85792->85794 85800 36595c 85793->85800 85795 364a40 33 API calls 85794->85795 85796 365499 85795->85796 85797 364a40 33 API calls 85796->85797 85798 3654aa 85797->85798 85900 3661f0 29 API calls 3 library calls 85798->85900 85803 366440 27 API calls 85800->85803 85801 3654c8 85802 364a40 33 API calls 85801->85802 85804 365565 85802->85804 85811 365ae8 85803->85811 85805 364a40 33 API calls 85804->85805 85806 365578 85805->85806 85807 364a40 33 API calls 85806->85807 85808 365589 85807->85808 85901 3661f0 29 API calls 3 library calls 85808->85901 85810 3655a7 85816 364a40 33 API calls 85810->85816 85840 365b83 std::ios_base::_Ios_base_dtor collate 85811->85840 85905 3411f3 29 API calls 2 library calls 85811->85905 85813 365bdb 85815 365be6 85813->85815 85826 365cfc collate 85813->85826 85814 366440 27 API calls 85824 365cc5 85814->85824 85817 349bb0 125 API calls 85815->85817 85818 36564e 85816->85818 85820 365beb 85817->85820 85821 364a40 33 API calls 85818->85821 85819 366440 27 API calls 85822 365d62 85819->85822 85823 349940 164 API calls 85820->85823 85825 365661 85821->85825 85822->85840 85906 35aad0 28 API calls 3 library calls 85822->85906 85827 365bfb 85823->85827 85828 365de7 85824->85828 85829 365e30 85824->85829 85842 365cd3 codecvt 85824->85842 85830 364a40 33 API calls 85825->85830 85826->85819 85832 341b84 79 API calls 85827->85832 85833 366085 Concurrency::cancel_current_task 85828->85833 85834 365df2 85828->85834 85838 3b8713 moneypunct 27 API calls 85829->85838 85829->85842 85835 365672 85830->85835 85839 365c17 85832->85839 85841 36608a 85833->85841 85836 3b8713 moneypunct 27 API calls 85834->85836 85902 3661f0 29 API calls 3 library calls 85835->85902 85836->85842 85838->85842 85844 341be0 76 API calls 85839->85844 85840->85814 85845 3bd60f 11 API calls 85841->85845 85842->85841 85849 365ebc collate 85842->85849 85843 365690 85852 3b8713 moneypunct 27 API calls 85843->85852 85846 365c27 85844->85846 85847 36608f 85845->85847 85850 34b8a0 163 API calls 85846->85850 85848 3bd60f 11 API calls 85847->85848 85862 366094 collate 85848->85862 85851 366440 27 API calls 85849->85851 85868 365f73 collate 85849->85868 85850->85840 85854 365f2f 85851->85854 85855 3656d2 85852->85855 85853 365f82 GetModuleHandleW 85856 365f95 GetProcAddress 85853->85856 85857 365fc1 85853->85857 85859 365f45 85854->85859 85907 35aad0 28 API calls 3 library calls 85854->85907 85903 3b85bf 17 API calls 85855->85903 85856->85857 85858 365fa7 GetCurrentProcess 85856->85858 85865 366440 27 API calls 85857->85865 85858->85857 85859->85847 85859->85853 85859->85868 85879 366166 collate 85862->85879 85912 3667b0 12 API calls collate 85862->85912 85864 365710 85904 3b88b0 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 85864->85904 85869 366022 85865->85869 85866 3660f4 85875 36610e SysFreeString 85866->85875 85878 36611b collate 85866->85878 85868->85853 85908 3436db 27 API calls collate 85869->85908 85870 3bd60f 11 API calls 85872 3661d9 85870->85872 85873 3661b4 collate 85874 36602a 85909 34372a 5 API calls collate 85874->85909 85875->85878 85876 366159 SysFreeString 85876->85879 85878->85876 85878->85879 85879->85870 85879->85873 85880 366032 85910 34372a 5 API calls collate 85880->85910 85882 36603a 85911 34372a 5 API calls collate 85882->85911 85884 366042 85885 3b8367 codecvt 5 API calls 85884->85885 85886 366059 85885->85886 85889 3b890e 85887->85889 85890 3b8913 LeaveCriticalSection 85889->85890 85913 3b8982 SleepConditionVariableCS LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 85889->85913 85890->85772 85893 3b8713 moneypunct 27 API calls 85892->85893 85894 364a6e 85893->85894 85897 364aa5 _com_issue_error 85894->85897 85914 3b9900 85894->85914 85896 364ab8 collate 85896->85780 85897->85896 85898 364afc SysFreeString 85897->85898 85898->85896 85899->85790 85900->85801 85901->85810 85902->85843 85903->85864 85904->85773 85905->85813 85906->85840 85907->85859 85908->85874 85909->85880 85910->85882 85911->85884 85912->85866 85913->85889 85915 3b993d 85914->85915 85916 3b9960 85914->85916 85917 3b8367 codecvt 5 API calls 85915->85917 85918 3b997f MultiByteToWideChar 85916->85918 85919 3b9a33 _com_issue_error 85916->85919 85920 3b995a 85917->85920 85921 3b999c 85918->85921 85922 3b9a47 GetLastError 85918->85922 85919->85922 85920->85897 85923 3c594f std::locale::_Locimp::_Locimp_ctor 15 API calls 85921->85923 85924 3b99ae __Strxfrm 85921->85924 85925 3b9a51 _com_issue_error 85922->85925 85923->85924 85924->85919 85927 3b99fa MultiByteToWideChar 85924->85927 85926 3b9a70 GetLastError 85925->85926 85928 3be960 ~collate 14 API calls 85925->85928 85931 3b9a7a _com_issue_error 85926->85931 85927->85925 85929 3b9a0e SysAllocString 85927->85929 85930 3b9a6d 85928->85930 85932 3b9a25 85929->85932 85933 3b9a1f 85929->85933 85930->85926 85931->85897 85932->85915 85932->85919 85934 3be960 ~collate 14 API calls 85933->85934 85934->85932 85938 3d5192 85939 3d2e1c std::locale::_Setgloballocale 14 API calls 85938->85939 85940 3d51a0 85939->85940 85941 3d51af 85940->85941 85942 3d51ce 85940->85942 85945 3bd73d __Wcrtomb 14 API calls 85941->85945 85943 3d51dc 85942->85943 85944 3d51e9 85942->85944 85946 3bd73d __Wcrtomb 14 API calls 85943->85946 85951 3d51fc 85944->85951 85971 3d555a 16 API calls __wsopen_s 85944->85971 85950 3d51b4 85945->85950 85946->85950 85948 3d527b 85960 3d53c0 85948->85960 85951->85948 85951->85950 85952 3dec2a std::locale::_Setgloballocale 14 API calls 85951->85952 85953 3d526e 85951->85953 85952->85953 85953->85948 85955 3d55f5 85953->85955 85956 3d2174 std::_Locinfo::_W_Getdays 15 API calls 85955->85956 85957 3d5610 85956->85957 85958 3d2098 _free 14 API calls 85957->85958 85959 3d561a 85958->85959 85959->85948 85961 3d2e1c std::locale::_Setgloballocale 14 API calls 85960->85961 85962 3d53cf 85961->85962 85963 3d5472 85962->85963 85964 3d53e2 85962->85964 85965 3d5ee6 __wsopen_s 68 API calls 85963->85965 85966 3d53ff 85964->85966 85969 3d5423 85964->85969 85967 3d540c 85965->85967 85968 3d5ee6 __wsopen_s 68 API calls 85966->85968 85967->85950 85968->85967 85969->85967 85970 3d6972 18 API calls 85969->85970 85970->85967 85971->85951 85972 355204 RegOpenKeyExW 85973 355244 RegQueryValueExW 85972->85973 85974 3552e2 85972->85974 85976 3552ca RegCloseKey 85973->85976 85982 355275 85973->85982 85975 3be960 ~collate 14 API calls 85974->85975 85977 3552ea GetLastError 85975->85977 85976->85974 85978 35538b 85976->85978 85977->85978 85979 3553de OutputDebugStringW 85978->85979 85985 3553fd __cftof 85978->85985 86022 354f50 85979->86022 85981 3553f0 85984 35549c OutputDebugStringW 85981->85984 85988 355584 85981->85988 85982->85976 85983 3552b4 SetLastError RegCloseKey 85982->85983 85983->85974 86038 354e60 85984->86038 85985->85981 85992 356ae0 5 API calls 85985->85992 85987 355703 85990 35570c LoadLibraryExW 85987->85990 85999 3556f7 85987->85999 85988->85987 85991 3555c4 85988->85991 85989 3554b6 85989->85988 85994 354e60 3 API calls 85989->85994 85993 35571d GetLastError 85990->85993 85990->85999 86054 354dc0 85991->86054 85992->85981 85995 3be960 ~collate 14 API calls 85993->85995 85996 3554c8 85994->85996 85995->85999 85998 3554e8 85996->85998 86000 355510 85996->86000 86003 3be960 ~collate 14 API calls 85996->86003 86001 3c594f std::locale::_Locimp::_Locimp_ctor 15 API calls 85998->86001 86002 3b8367 codecvt 5 API calls 85999->86002 86000->85991 86005 354e60 3 API calls 86000->86005 86001->86000 86006 35577e 86002->86006 86003->85998 86004 3be960 ~collate 14 API calls 86004->85999 86008 355531 86005->86008 86042 354cc0 86008->86042 86010 354dc0 3 API calls 86012 35566a 86010->86012 86011 355546 __cftof 86011->85991 86047 356ae0 86011->86047 86013 3c594f std::locale::_Locimp::_Locimp_ctor 15 API calls 86012->86013 86014 355697 86013->86014 86015 354dc0 3 API calls 86014->86015 86021 3556e7 86014->86021 86016 3556ae 86015->86016 86018 354cc0 54 API calls 86016->86018 86019 3556cd OutputDebugStringW 86018->86019 86020 3be960 ~collate 14 API calls 86019->86020 86020->86021 86021->85999 86021->86004 86023 354f98 86022->86023 86034 355099 86022->86034 86024 354fae GetCurrentDirectoryW 86023->86024 86023->86034 86026 354fc5 86024->86026 86027 35500b GetLastError 86024->86027 86025 3b8367 codecvt 5 API calls 86028 355109 86025->86028 86030 354fd6 GetCurrentDirectoryW 86026->86030 86029 354fec 86027->86029 86028->85981 86031 3c594f std::locale::_Locimp::_Locimp_ctor 15 API calls 86029->86031 86029->86034 86030->86029 86032 354ff2 GetLastError 86030->86032 86033 355045 86031->86033 86032->86029 86033->86034 86035 354cc0 54 API calls 86033->86035 86034->86025 86036 355064 __cftof 86035->86036 86036->86034 86037 356ae0 5 API calls 86036->86037 86037->86034 86039 354e73 86038->86039 86041 354e7c 86038->86041 86040 354dc0 3 API calls 86039->86040 86040->86041 86041->85989 86043 354d2d 86042->86043 86044 354cce swprintf 86042->86044 86043->86011 86044->86043 86062 3c1faa 86044->86062 86048 356bb2 86047->86048 86049 356afc 86047->86049 86050 3b8367 codecvt 5 API calls 86048->86050 86052 3b8367 codecvt 5 API calls 86049->86052 86051 356bc0 86050->86051 86051->85988 86053 356bac 86052->86053 86053->85988 86055 354e49 86054->86055 86059 354dce 86054->86059 86055->86010 86055->86021 86056 354dec GetModuleFileNameW 86057 354e23 86056->86057 86058 354e02 GetLastError 86056->86058 86060 354e2f GetLastError 86057->86060 86061 354e28 86057->86061 86058->86057 86058->86059 86059->86056 86060->86061 86061->86055 86065 3bf2ec 86062->86065 86066 3bf32c 86065->86066 86067 3bf314 86065->86067 86066->86067 86068 3bf334 86066->86068 86069 3bd73d __Wcrtomb 14 API calls 86067->86069 86078 3be6db 48 API calls 3 library calls 86068->86078 86071 3bf319 __wsopen_s 86069->86071 86072 3b8367 codecvt 5 API calls 86071->86072 86074 354cf9 86072->86074 86073 3bf344 swprintf 86079 3c01c8 54 API calls 3 library calls 86073->86079 86074->86011 86076 3bf3cb 86080 3bfafc 14 API calls _free 86076->86080 86078->86073 86079->86076 86080->86071 86081 3529e0 86082 352a15 86081->86082 86083 352a00 86081->86083 86086 352a2b 86082->86086 86096 352a54 86082->86096 86084 3b8367 codecvt 5 API calls 86083->86084 86085 352a0f 86084->86085 86088 3b8367 codecvt 5 API calls 86086->86088 86087 352b4c 86089 3b8367 codecvt 5 API calls 86087->86089 86090 352a4e 86088->86090 86091 352b60 86089->86091 86093 352ae0 86093->86087 86094 352af0 86093->86094 86097 3b8367 codecvt 5 API calls 86094->86097 86095 352b07 86099 352b1f 86095->86099 86101 3c569d 70 API calls 86095->86101 86096->86087 86096->86095 86100 352a86 86096->86100 86098 352b01 86097->86098 86099->86087 86102 352b34 86099->86102 86100->86087 86105 3c4762 52 API calls 4 library calls 86100->86105 86101->86099 86103 3b8367 codecvt 5 API calls 86102->86103 86104 352b46 86103->86104 86105->86093 86106 3d732a 86111 3d70bf 86106->86111 86108 3d7340 86109 3d7369 86108->86109 86121 3e0408 86108->86121 86112 3d70ed 86111->86112 86117 3d723d 86112->86117 86124 3c2041 86112->86124 86113 3bd73d __Wcrtomb 14 API calls 86114 3d7248 __wsopen_s 86113->86114 86114->86108 86116 3d72a5 86116->86117 86118 3c2041 49 API calls 86116->86118 86117->86113 86117->86114 86119 3d72c3 86118->86119 86119->86117 86120 3c2041 49 API calls 86119->86120 86120->86117 86133 3dfb11 86121->86133 86123 3e0423 86123->86109 86125 3c204f 86124->86125 86126 3c2072 86124->86126 86125->86126 86128 3c2055 86125->86128 86132 3c208d 49 API calls 4 library calls 86126->86132 86129 3bd73d __Wcrtomb 14 API calls 86128->86129 86131 3c205a __wsopen_s 86129->86131 86130 3c2088 86130->86116 86131->86116 86132->86130 86135 3dfb1d __FrameHandler3::FrameUnwindToState 86133->86135 86134 3dfb24 86136 3bd73d __Wcrtomb 14 API calls 86134->86136 86135->86134 86137 3dfb4f 86135->86137 86140 3dfb29 __wsopen_s 86136->86140 86142 3e00de 86137->86142 86140->86123 86143 3e00fb 86142->86143 86144 3e0129 86143->86144 86145 3e0110 86143->86145 86189 3dadb9 86144->86189 86203 3bd72a 14 API calls __dosmaperr 86145->86203 86148 3e0115 86152 3bd73d __Wcrtomb 14 API calls 86148->86152 86150 3e014e 86202 3dfe25 CreateFileW 86150->86202 86151 3e0137 86204 3bd72a 14 API calls __dosmaperr 86151->86204 86178 3dfb73 86152->86178 86155 3e013c 86156 3bd73d __Wcrtomb 14 API calls 86155->86156 86156->86148 86157 3e0204 GetFileType 86159 3e020f GetLastError 86157->86159 86160 3e0256 86157->86160 86158 3e01d9 GetLastError 86206 3bd707 14 API calls 2 library calls 86158->86206 86207 3bd707 14 API calls 2 library calls 86159->86207 86208 3dad04 15 API calls 3 library calls 86160->86208 86161 3e0187 86161->86157 86161->86158 86205 3dfe25 CreateFileW 86161->86205 86165 3e021d CloseHandle 86165->86148 86168 3e0246 86165->86168 86167 3e01cc 86167->86157 86167->86158 86169 3bd73d __Wcrtomb 14 API calls 86168->86169 86172 3e024b 86169->86172 86170 3e0277 86171 3e02c3 86170->86171 86209 3e0034 70 API calls 4 library calls 86170->86209 86176 3e02ca 86171->86176 86210 3dfbd2 71 API calls 4 library calls 86171->86210 86172->86148 86175 3e02f8 86175->86176 86177 3e0306 86175->86177 86179 3d6b6c __wsopen_s 17 API calls 86176->86179 86177->86178 86180 3e0382 CloseHandle 86177->86180 86188 3dfba6 LeaveCriticalSection __wsopen_s 86178->86188 86179->86178 86211 3dfe25 CreateFileW 86180->86211 86182 3e03ad 86183 3e03e3 86182->86183 86184 3e03b7 GetLastError 86182->86184 86183->86178 86212 3bd707 14 API calls 2 library calls 86184->86212 86186 3e03c3 86213 3daecc 15 API calls 3 library calls 86186->86213 86188->86140 86190 3dadc5 __FrameHandler3::FrameUnwindToState 86189->86190 86214 3ccd41 EnterCriticalSection 86190->86214 86192 3dae13 86215 3daec3 86192->86215 86194 3dadcc 86194->86192 86195 3dadf1 86194->86195 86199 3dae60 EnterCriticalSection 86194->86199 86218 3dab93 15 API calls 3 library calls 86195->86218 86198 3dadf6 86198->86192 86219 3dace1 EnterCriticalSection 86198->86219 86199->86192 86201 3dae6d LeaveCriticalSection 86199->86201 86201->86194 86202->86161 86203->86148 86204->86155 86205->86167 86206->86148 86207->86165 86208->86170 86209->86171 86210->86175 86211->86182 86212->86186 86213->86183 86214->86194 86220 3ccd91 LeaveCriticalSection 86215->86220 86217 3dae33 86217->86150 86217->86151 86218->86198 86219->86192 86220->86217 86225 35928d 86264 358fb0 CoCreateGuid 86225->86264 86227 359293 86228 359297 86227->86228 86232 3592e9 86227->86232 86229 349bb0 125 API calls 86228->86229 86230 35929c 86229->86230 86231 349940 164 API calls 86230->86231 86234 3592ac 86231->86234 86233 359307 86232->86233 86239 359366 86232->86239 86235 349bb0 125 API calls 86233->86235 86236 341b84 79 API calls 86234->86236 86237 35930c 86235->86237 86238 3592c8 86236->86238 86240 349940 164 API calls 86237->86240 86241 341be0 76 API calls 86238->86241 86242 349bb0 125 API calls 86239->86242 86252 3592e0 std::ios_base::_Ios_base_dtor codecvt 86239->86252 86243 35931c 86240->86243 86244 3592d8 86241->86244 86245 35937e 86242->86245 86246 341b84 79 API calls 86243->86246 86247 34b8a0 163 API calls 86244->86247 86248 349940 164 API calls 86245->86248 86249 359338 86246->86249 86247->86252 86250 35938e 86248->86250 86251 341be0 76 API calls 86249->86251 86254 341b84 79 API calls 86250->86254 86255 359348 86251->86255 86253 3b8367 codecvt 5 API calls 86252->86253 86256 35944c 86253->86256 86257 3593aa 86254->86257 86303 344190 86255->86303 86259 349ab0 76 API calls 86257->86259 86261 3593ba 86259->86261 86263 34b8a0 163 API calls 86261->86263 86262 34b8a0 163 API calls 86262->86252 86263->86252 86265 359155 86264->86265 86266 358fd6 StringFromCLSID 86264->86266 86268 3b8367 codecvt 5 API calls 86265->86268 86266->86265 86267 358fee 86266->86267 86267->86265 86270 358ffe 86267->86270 86269 359163 86268->86269 86269->86227 86271 359169 86270->86271 86276 359050 86270->86276 86288 359020 codecvt collate 86270->86288 86307 3434d0 21 API calls collate 86271->86307 86273 35916e 86274 3bd60f 11 API calls 86273->86274 86275 359173 Concurrency::cancel_current_task 86274->86275 86278 359180 86275->86278 86276->86275 86279 3590a6 86276->86279 86280 3590cd 86276->86280 86277 359134 CoTaskMemFree 86281 3b8367 codecvt 5 API calls 86277->86281 86282 36d900 27 API calls 86278->86282 86279->86275 86284 3b8713 moneypunct 27 API calls 86279->86284 86285 3b8713 moneypunct 27 API calls 86280->86285 86286 3590b7 codecvt 86280->86286 86283 35914f 86281->86283 86287 3591cd __cftof 86282->86287 86283->86227 86284->86286 86285->86286 86286->86273 86286->86288 86289 349bb0 125 API calls 86287->86289 86288->86277 86290 359213 86289->86290 86291 349940 164 API calls 86290->86291 86292 359223 86291->86292 86293 341b84 79 API calls 86292->86293 86294 35923f 86293->86294 86295 349ab0 76 API calls 86294->86295 86296 35924f 86295->86296 86297 344190 5 API calls 86296->86297 86298 35925f 86297->86298 86299 34b8a0 163 API calls 86298->86299 86300 359267 std::ios_base::_Ios_base_dtor 86299->86300 86301 3b8367 codecvt 5 API calls 86300->86301 86302 35944c 86301->86302 86302->86227 86304 3441d8 86303->86304 86305 3441cc 86303->86305 86304->86262 86306 344300 5 API calls 86305->86306 86306->86304 86308 3b8aa2 86309 3b8aae __FrameHandler3::FrameUnwindToState 86308->86309 86336 3b83f9 86309->86336 86311 3b8ab5 86312 3b8c08 86311->86312 86320 3b8adf ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 86311->86320 86355 3b93f2 4 API calls 2 library calls 86312->86355 86314 3b8c0f 86348 3ce9fc 86314->86348 86318 3b8c1d 86319 3b8afe 86320->86319 86321 3b8b80 86320->86321 86324 3b8b78 86320->86324 86344 3b950d GetStartupInfoW __cftof 86321->86344 86323 3b8b85 86345 3459aa 86323->86345 86351 3cc768 54 API calls 2 library calls 86324->86351 86326 3b8b7f 86326->86321 86330 3b8ba1 86330->86314 86331 3b8ba5 86330->86331 86332 3b8bae 86331->86332 86353 3ce9b1 23 API calls std::locale::_Setgloballocale 86331->86353 86354 3b856a 79 API calls ___scrt_uninitialize_crt 86332->86354 86335 3b8bb6 86335->86319 86337 3b8402 86336->86337 86357 3b9215 IsProcessorFeaturePresent 86337->86357 86339 3b840e 86358 3bbd89 10 API calls 2 library calls 86339->86358 86341 3b8413 86342 3b8417 86341->86342 86359 3bbda8 7 API calls 2 library calls 86341->86359 86342->86311 86344->86323 86360 344e1f 86345->86360 89456 3ce89a 86348->89456 86351->86326 86352 3b9543 GetModuleHandleW 86352->86330 86353->86332 86354->86335 86355->86314 86356 3ce9c0 23 API calls std::locale::_Setgloballocale 86356->86318 86357->86339 86358->86341 86359->86342 86603 36d6d0 GetModuleHandleW 86360->86603 86362 344e6c 86363 344ec6 86362->86363 86365 349bb0 125 API calls 86362->86365 86607 344d63 86363->86607 86367 344e7a 86365->86367 86370 349940 164 API calls 86367->86370 86368 344ee0 86371 349bb0 125 API calls 86368->86371 86369 344f39 CoInitializeEx 86373 344f48 86369->86373 86372 344e8a 86370->86372 86375 344ee5 86371->86375 86376 341b84 79 API calls 86372->86376 86377 344f56 86373->86377 86627 345a4f 86373->86627 86379 349940 164 API calls 86375->86379 86380 344eab 86376->86380 86378 3b8760 27 API calls 86377->86378 86381 344f78 86378->86381 86382 344ef5 86379->86382 86383 341be0 76 API calls 86380->86383 86664 345d57 86381->86664 86384 341b84 79 API calls 86382->86384 86385 344ebb 86383->86385 86386 344f16 86384->86386 86854 34136c 86385->86854 86389 341be0 76 API calls 86386->86389 86391 344f26 86389->86391 86390 344f91 86392 344ff1 86390->86392 86393 344f9b 86390->86393 86394 34136c 163 API calls 86391->86394 86395 3b8760 27 API calls 86392->86395 86396 349bb0 125 API calls 86393->86396 86397 344f31 86394->86397 86403 345004 86395->86403 86398 344fa0 86396->86398 86400 3458e3 CloseHandle 86397->86400 86401 3458ef 86397->86401 86399 349940 164 API calls 86398->86399 86404 344fb0 86399->86404 86400->86401 86402 3b8367 codecvt 5 API calls 86401->86402 86405 34590c 86402->86405 86668 345db6 86403->86668 86407 341b84 79 API calls 86404->86407 86405->86352 86409 344fd1 86407->86409 86408 345020 86411 34502e 86408->86411 86412 34507b __cftof 86408->86412 86410 341be0 76 API calls 86409->86410 86413 344fe1 86410->86413 86414 349bb0 125 API calls 86411->86414 86417 3b8760 27 API calls 86412->86417 86415 34136c 163 API calls 86413->86415 86416 345033 86414->86416 86424 344fec 86415->86424 86418 349940 164 API calls 86416->86418 86420 3450c0 86417->86420 86419 345043 86418->86419 86421 341b84 79 API calls 86419->86421 86422 3450d6 86420->86422 86857 356bd0 29 API calls 3 library calls 86420->86857 86423 34505b 86421->86423 86672 345e16 86422->86672 86428 341be0 76 API calls 86423->86428 86853 3459c2 ReleaseMutex 86424->86853 86431 34506b 86428->86431 86429 3458ce 86429->86397 86432 3458d4 CoUninitialize 86429->86432 86430 3450e7 86433 3450f2 86430->86433 86437 345143 86430->86437 86434 34136c 163 API calls 86431->86434 86432->86397 86435 349bb0 125 API calls 86433->86435 86434->86424 86436 3450f7 86435->86436 86438 349940 164 API calls 86436->86438 86678 373670 86437->86678 86440 345107 86438->86440 86442 341b84 79 API calls 86440->86442 86445 345123 86442->86445 86443 3451f7 CommandLineToArgvW 86454 345284 __cftof 86443->86454 86455 345235 86443->86455 86444 3451ab 86446 349bb0 125 API calls 86444->86446 86447 341be0 76 API calls 86445->86447 86448 3451b0 86446->86448 86449 345133 86447->86449 86450 349940 164 API calls 86448->86450 86451 34136c 163 API calls 86449->86451 86460 34513e 86451->86460 86459 345296 GetModuleFileNameW 86454->86459 86457 349bb0 125 API calls 86455->86457 86462 34523a 86457->86462 86464 3452b2 86459->86464 86465 34531d 86459->86465 86712 34d730 86465->86712 86604 36d6df GetProcAddress 86603->86604 86605 36d6fd 86603->86605 86604->86605 86606 36d6ef 86604->86606 86605->86362 86606->86362 86871 344c8e GetCurrentProcessId 86607->86871 86610 344d7f CreateMutexW 86611 344df4 WaitForSingleObject 86610->86611 86612 344d92 86610->86612 86613 344e06 86611->86613 86615 344df0 86611->86615 86614 349bb0 125 API calls 86612->86614 86613->86615 86616 344e0b CloseHandle 86613->86616 86617 344d97 86614->86617 86615->86368 86615->86369 86616->86615 86618 349940 164 API calls 86617->86618 86619 344da5 86618->86619 86620 341b84 79 API calls 86619->86620 86621 344dc2 86620->86621 86622 341be0 76 API calls 86621->86622 86623 344dd0 GetLastError 86622->86623 86624 346140 75 API calls 86623->86624 86625 344de7 86624->86625 86626 34136c 163 API calls 86625->86626 86626->86615 86628 345a5e __EH_prolog3_GS 86627->86628 86992 345c1e 86628->86992 86631 345a78 86633 349bb0 125 API calls 86631->86633 86632 345b92 _com_issue_error 86634 345a7d 86633->86634 86635 349940 164 API calls 86634->86635 86636 345a8d 86635->86636 86638 341b84 79 API calls 86636->86638 86637 345acc 86637->86632 86639 345af5 86637->86639 86640 345b38 86637->86640 86641 345aa9 86638->86641 86643 349bb0 125 API calls 86639->86643 86642 349bb0 125 API calls 86640->86642 86644 341be0 76 API calls 86641->86644 86646 345b3d 86642->86646 86647 345afa 86643->86647 86645 345ab9 86644->86645 86999 346300 75 API calls 86645->86999 86649 349940 164 API calls 86646->86649 86650 349940 164 API calls 86647->86650 86652 345b4d 86649->86652 86653 345b0a 86650->86653 86651 345ac7 86657 34136c 163 API calls 86651->86657 86654 341b84 79 API calls 86652->86654 86655 341b84 79 API calls 86653->86655 86656 345b69 86654->86656 86658 345b26 86655->86658 86660 341be0 76 API calls 86656->86660 86661 345b84 86657->86661 86659 341be0 76 API calls 86658->86659 86659->86645 86660->86651 87000 3b8def 5 API calls codecvt 86661->87000 86665 345d63 __EH_prolog3 86664->86665 86666 3b8713 moneypunct 27 API calls 86665->86666 86667 345d7c moneypunct collate 86666->86667 86667->86390 86669 345dc2 __EH_prolog3 86668->86669 86670 3b8713 moneypunct 27 API calls 86669->86670 86671 345ddb moneypunct 86670->86671 86671->86408 86673 345e22 __EH_prolog3 86672->86673 86674 3b8713 moneypunct 27 API calls 86673->86674 86675 345e3b 86674->86675 87001 345eee 86675->87001 86677 345e6c moneypunct 86677->86430 86679 3736ae 86678->86679 86710 373977 86679->86710 87006 356d24 86679->87006 86681 373750 86682 3b8713 moneypunct 27 API calls 86681->86682 86681->86710 86683 37375f 86682->86683 86686 373799 86683->86686 87173 378ba0 27 API calls moneypunct 86683->87173 86685 3739df 86687 3b8367 codecvt 5 API calls 86685->86687 87052 379400 GetModuleHandleW 86686->87052 86690 3451a7 86687->86690 86690->86443 86690->86444 86710->86685 87180 378650 86710->87180 86853->86429 86855 34b8a0 163 API calls 86854->86855 86856 34139a std::ios_base::_Ios_base_dtor 86855->86856 86856->86363 86857->86422 86872 344cb0 CreateToolhelp32Snapshot 86871->86872 86873 344cc5 Process32FirstW 86872->86873 86874 344cdd 86872->86874 86873->86874 86874->86872 86876 344ce3 Process32NextW 86874->86876 86877 344cf9 CloseHandle 86874->86877 86880 3c2041 49 API calls 86874->86880 86881 343899 5 API calls 86874->86881 86882 344d44 86874->86882 86883 354590 86874->86883 86876->86874 86877->86874 86878 3b8367 codecvt 5 API calls 86879 344d58 86878->86879 86879->86610 86879->86615 86880->86874 86881->86874 86882->86878 86894 354760 86883->86894 86886 354650 collate 86887 3b8367 codecvt 5 API calls 86886->86887 86888 35468c 86887->86888 86888->86874 86889 354693 86890 3bd60f 11 API calls 86889->86890 86891 354698 86890->86891 86892 3546b3 86891->86892 86893 3546ac CloseHandle 86891->86893 86892->86874 86893->86892 86905 354200 OpenProcess 86894->86905 86896 3547a8 86899 3547b2 86896->86899 86977 34daa0 29 API calls 3 library calls 86896->86977 86898 3547e2 collate 86900 3b8367 codecvt 5 API calls 86898->86900 86899->86898 86901 354935 86899->86901 86902 354604 86900->86902 86903 3bd60f 11 API calls 86901->86903 86902->86886 86902->86889 86904 35493a 86903->86904 86906 354267 86905->86906 86914 354310 86905->86914 86907 349bb0 125 API calls 86906->86907 86908 35426c 86907->86908 86910 349940 164 API calls 86908->86910 86909 3546c0 28 API calls 86911 354351 QueryFullProcessImageNameW 86909->86911 86912 35427c 86910->86912 86913 354375 GetLastError 86911->86913 86911->86914 86917 341b84 79 API calls 86912->86917 86913->86914 86915 354387 86913->86915 86914->86909 86916 35447f 86914->86916 86918 349bb0 125 API calls 86915->86918 86919 349bb0 125 API calls 86916->86919 86920 354298 86917->86920 86921 35438c 86918->86921 86922 354484 86919->86922 86988 341cc0 76 API calls 86920->86988 86925 349940 164 API calls 86921->86925 86926 349940 164 API calls 86922->86926 86924 3542a3 86927 346140 75 API calls 86924->86927 86928 35439c 86925->86928 86929 354494 86926->86929 86931 3542b1 86927->86931 86932 341b84 79 API calls 86928->86932 86930 341b84 79 API calls 86929->86930 86933 3544b0 86930->86933 86934 354940 76 API calls 86931->86934 86935 3543b8 86932->86935 86936 341be0 76 API calls 86933->86936 86937 3542bc GetLastError 86934->86937 86978 3549d0 86935->86978 86939 3544c0 86936->86939 86940 346140 75 API calls 86937->86940 86942 346140 75 API calls 86939->86942 86943 3542d3 86940->86943 86941 3543c3 86944 346140 75 API calls 86941->86944 86945 3544ce 86942->86945 86946 34b8a0 163 API calls 86943->86946 86947 3543d1 86944->86947 86989 354a60 76 API calls 86945->86989 86955 3542de std::ios_base::_Ios_base_dtor 86946->86955 86983 354940 86947->86983 86950 3544d9 86952 344190 5 API calls 86950->86952 86951 3543dc 86953 346140 75 API calls 86951->86953 86954 3544f5 86952->86954 86956 3543ea 86953->86956 86958 34b8a0 163 API calls 86954->86958 86957 3b8367 codecvt 5 API calls 86955->86957 86959 34b8a0 163 API calls 86956->86959 86960 35457a 86957->86960 86962 354462 std::ios_base::_Ios_base_dtor collate 86958->86962 86961 3543f5 std::ios_base::_Ios_base_dtor 86959->86961 86960->86896 86961->86962 86964 354581 86961->86964 86962->86955 86963 35455a CloseHandle 86962->86963 86963->86955 86965 3bd60f 11 API calls 86964->86965 86966 354586 86965->86966 86967 354760 203 API calls 86966->86967 86969 354604 86967->86969 86968 3b8367 codecvt 5 API calls 86970 35468c 86968->86970 86971 354693 86969->86971 86972 354650 collate 86969->86972 86970->86896 86973 3bd60f 11 API calls 86971->86973 86972->86968 86974 354698 86973->86974 86975 3546b3 86974->86975 86976 3546ac CloseHandle 86974->86976 86975->86896 86976->86975 86977->86899 86979 354a0c 86978->86979 86980 354a3e 86978->86980 86990 3420a0 76 API calls 4 library calls 86979->86990 86980->86941 86982 354a1e 86982->86941 86984 35497c 86983->86984 86985 3549ae 86983->86985 86991 3420a0 76 API calls 4 library calls 86984->86991 86985->86951 86987 35498e 86987->86951 86988->86924 86989->86950 86990->86982 86991->86987 86993 345c64 CoCreateInstance 86992->86993 86995 345c54 86992->86995 86994 345c86 OleRun 86993->86994 86996 345c95 86993->86996 86994->86996 86995->86993 86997 3b8367 codecvt 5 API calls 86996->86997 86998 345a71 86997->86998 86998->86631 86998->86637 86999->86651 87002 345ef5 87001->87002 87004 345efc collate 87001->87004 87005 345f8a 5 API calls 2 library calls 87002->87005 87004->86677 87007 356d30 87006->87007 87012 356ec8 std::ios_base::_Ios_base_dtor __Mtx_unlock 87006->87012 87008 356dff 87007->87008 87009 356d3e 87007->87009 87010 3b8760 27 API calls 87008->87010 87011 3b8760 27 API calls 87009->87011 87013 356e09 87010->87013 87014 356d48 87011->87014 87012->86681 87025 356db6 87013->87025 87213 35ce00 87013->87213 87016 35ce00 210 API calls 87014->87016 87014->87025 87017 356d63 87016->87017 87018 3a3b8a __Mtx_init_in_situ 2 API calls 87017->87018 87019 356e52 87021 349bb0 125 API calls 87019->87021 87023 356ed1 87051 35e380 224 API calls 87023->87051 87025->87019 87025->87023 87053 379485 GetProcAddress 87052->87053 87055 3794c2 87052->87055 87053->87055 87173->86686 87181 378b75 87180->87181 87190 3786ab swprintf 87180->87190 87429 378400 91 API calls 3 library calls 87181->87429 87183 378b89 87200 3788f1 collate 87183->87200 87185 3b8367 codecvt 5 API calls 87186 378b71 87185->87186 87186->86685 87187 3c1faa swprintf 54 API calls 87187->87190 87188 37870d __cftof 87423 361820 87188->87423 87190->87187 87190->87188 87194 378895 87190->87194 87422 349050 28 API calls 87190->87422 87409 344880 87194->87409 87200->87185 87214 3b8713 moneypunct 27 API calls 87213->87214 87215 35ce81 87214->87215 87410 349bb0 125 API calls 87409->87410 87411 3448ad 87410->87411 87412 349940 164 API calls 87411->87412 87422->87190 87424 361858 87423->87424 87425 34be30 78 API calls 87424->87425 87426 3618c7 87425->87426 87429->87183 89457 3ce8a8 89456->89457 89458 3ce8ba 89456->89458 89484 3b9543 GetModuleHandleW 89457->89484 89468 3ce741 89458->89468 89461 3ce8ad 89461->89458 89485 3ce940 GetModuleHandleExW 89461->89485 89463 3b8c15 89463->86356 89469 3ce74d __FrameHandler3::FrameUnwindToState 89468->89469 89491 3ccd41 EnterCriticalSection 89469->89491 89471 3ce757 89492 3ce7ad 89471->89492 89473 3ce764 89496 3ce782 89473->89496 89476 3ce8fe 89501 3d7cf2 GetPEB 89476->89501 89479 3ce92d 89482 3ce940 std::locale::_Setgloballocale 3 API calls 89479->89482 89480 3ce90d GetPEB 89480->89479 89481 3ce91d GetCurrentProcess TerminateProcess 89480->89481 89481->89479 89483 3ce935 ExitProcess 89482->89483 89484->89461 89486 3ce95f GetProcAddress 89485->89486 89487 3ce982 89485->89487 89488 3ce974 89486->89488 89489 3ce988 FreeLibrary 89487->89489 89490 3ce8b9 89487->89490 89488->89487 89489->89490 89490->89458 89491->89471 89494 3ce7b9 __FrameHandler3::FrameUnwindToState 89492->89494 89493 3ce81a std::locale::_Setgloballocale 89493->89473 89494->89493 89499 3cf40b 14 API calls std::locale::_Setgloballocale 89494->89499 89500 3ccd91 LeaveCriticalSection 89496->89500 89498 3ce770 89498->89463 89498->89476 89499->89493 89500->89498 89502 3d7d0c 89501->89502 89504 3ce908 89501->89504 89505 3d42b4 5 API calls _unexpected 89502->89505 89504->89479 89504->89480 89505->89504 89506 3a14c6 89507 3a14d0 89506->89507 89508 3a293c ___delayLoadHelper2@8 16 API calls 89507->89508 89509 3a14dd 89508->89509

                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                    Function 00373AC0 Relevance: 75.4, APIs: 3, Strings: 39, Instructions: 1934COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 00373CE8
                                                                                                                                                                                                                                                      • Part of subcall function 003A3084: __EH_prolog3.LIBCMT ref: 003A308B
                                                                                                                                                                                                                                                      • Part of subcall function 003A3084: std::_Lockit::_Lockit.LIBCPMT ref: 003A3096
                                                                                                                                                                                                                                                      • Part of subcall function 003A3084: std::locale::_Setgloballocale.LIBCPMT ref: 003A30B1
                                                                                                                                                                                                                                                      • Part of subcall function 003A3084: std::_Lockit::~_Lockit.LIBCPMT ref: 003A3107
                                                                                                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 00374934
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00374CD5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::locale::_$InitLockitstd::_$H_prolog3Ios_base_dtorLockit::_Lockit::~_Setgloballocalestd::ios_base::_
                                                                                                                                                                                                                                                    • String ID: $+@$$+@$2$Command "%s" failed$Couldn't find the ReturnCode attribute of EXIT command$EXIT$EXIT_UPDATE$EXIT_XML$Exit update command triggered. Exiting...$Malformed XML, no UPDATEARRAY element$NWebAdvisor::NXmlUpdater::CUpdater::Process$NWebAdvisor::NXmlUpdater::Hound::End$NWebAdvisor::NXmlUpdater::Hound::ExitResult$NWebAdvisor::NXmlUpdater::Hound::Start$PRECONDITION$PRECONDITIONARRAY$Precondition "%s" evaluated to false$Precondition "%s" evaluated to true$ReturnCode$TAG$UPDATE$UPDATEARRAY$UPDATECOMMANDS$Unable to convert ReturnCode into int$Unable to substitute the return code$XML precondition array returned false due to sniffer actions$XML precondition array returned true due to sniffer actions$XML precondition array with tag %s returned false$XML precondition array with tag %s returned false due to sniffer actions$XML precondition array with tag %s returned true due to sniffer actions$XML precondition failed - no Type specified$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.h$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\xmlUpdater.cpp$false$true$unknown$*@$*@$+@
                                                                                                                                                                                                                                                    • API String ID: 3544396713-2720874585
                                                                                                                                                                                                                                                    • Opcode ID: 94347639938e58f712ea22e4998e5d65acd264e2c6689eb23bb1e931fa2499b6
                                                                                                                                                                                                                                                    • Instruction ID: c6930e02cce3b86adb95db9b196382ae8328cb8c3cfa6de09de334e4f5e8e60a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94347639938e58f712ea22e4998e5d65acd264e2c6689eb23bb1e931fa2499b6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4137A71D012299BDB26DF64C949BDDB7B4AF09304F1481E9E40DBB291DB78AE84CF90
                                                                                                                                                                                                                                                    Function 0035F110 Relevance: 75.3, APIs: 21, Strings: 21, Instructions: 1782COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035F268
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035F307
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035F37E
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035F8B0
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035FBBD
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035FDB6
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003600BA
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0036015F
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 003605D7
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00360614
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,?,?,00000004), ref: 0036086A
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003608A7
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,0000018F,00000000,X-Api-Key: ,0000000B,00000000,00000000,?,?,00000004), ref: 00360A90
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00360ACD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$ErrorLast$InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                                    • String ID: 0Ywx4MUvRidmWf74nsIlBPIxJYIG9Nf0lSnge8SvgvY3RVy4E6gFLp3VDBcDO830QhXvfpgCb55sRtnVqKb2zUO3Vq7ko1b$AWS Adhoc Telemetry Payload = $AWS Response Code received $AdhocTelemetryAWS$Failed to convert the x_api_key string to wide$Failed to initialize buffer for AWS$HTTP add request header failed for AWS x_api_key: $HTTP connection failed for AWS: $HTTP open request failed for AWS: $HTTP receive response failed for AWS: $HTTP send request failed for AWS: $HTTP status error for AWS: $NO_REGVALUE$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$X-Api-Key: $`ato$`A$`A$`A$`A
                                                                                                                                                                                                                                                    • API String ID: 1658547907-2390692628
                                                                                                                                                                                                                                                    • Opcode ID: 24576f90610e758901712ef272e913262c27d57c98acc60673b4c003482e38ac
                                                                                                                                                                                                                                                    • Instruction ID: 63a712583e1c1d7c30e1324598d5d0137d835d2e480f68821d3755a712e384c3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24576f90610e758901712ef272e913262c27d57c98acc60673b4c003482e38ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06F2A2709102589BDB2ADF24CC89BDEB7B5AF45304F1081E8E44DAB296DB759EC8CF50
                                                                                                                                                                                                                                                    Function 00365318 Relevance: 72.7, APIs: 12, Strings: 29, Instructions: 928COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1169 365318-36532c call 3b88fa 1172 365332-3653a2 call 3b8713 call 364a40 1169->1172 1173 36571d-365b7a call 366440 GetModuleHandleW call 366440 call 3665c0 call 366440 * 2 call 359180 1169->1173 1181 3653a7-36571a call 364a40 * 2 call 3661f0 call 3b85d4 call 364a40 * 3 call 3661f0 call 3b85d4 call 364a40 * 3 call 3661f0 call 3b85d4 call 364a40 * 3 call 3661f0 call 3b85d4 call 3b8713 call 3b85bf call 3b88b0 1172->1181 1231 365b7f-365b81 1173->1231 1232 365b7a call 359180 1173->1232 1181->1173 1234 365bc4-365be0 call 3411f3 1231->1234 1235 365b83-365b8d 1231->1235 1232->1231 1245 365be6-365c59 call 349bb0 call 349940 call 341b84 call 341be0 call 34b8a0 call 3a2bfd 1234->1245 1246 365cfc-365d06 1234->1246 1237 365b93-365ba5 1235->1237 1238 365c8d-365ccd call 366440 1235->1238 1243 365c83-365c8a call 3b8375 1237->1243 1244 365bab-365bbf 1237->1244 1253 365db3-365dc0 1238->1253 1254 365cd3-365cd8 1238->1254 1243->1238 1244->1243 1245->1238 1349 365c5b-365c6d 1245->1349 1256 365d3a-365d67 call 366440 1246->1256 1257 365d08-365d1a 1246->1257 1262 365dc2-365dc7 1253->1262 1263 365dc9-365dce 1253->1263 1260 365cdc-365cf7 call 3ba3a0 1254->1260 1261 365cda 1254->1261 1274 365d78-365d82 1256->1274 1275 365d69-365d73 call 35aad0 1256->1275 1265 365d30-365d37 call 3b8375 1257->1265 1266 365d1c-365d2a 1257->1266 1286 365e8e-365e98 1260->1286 1261->1260 1270 365dd1-365de5 1262->1270 1263->1270 1265->1256 1266->1265 1278 365de7-365dec 1270->1278 1279 365e30-365e32 1270->1279 1274->1238 1285 365d88-365d94 1274->1285 1275->1274 1287 366085 Concurrency::cancel_current_task 1278->1287 1288 365df2-365dfd call 3b8713 1278->1288 1281 365e64-365e86 1279->1281 1282 365e34-365e62 call 3b8713 1279->1282 1294 365e8c 1281->1294 1282->1294 1285->1243 1295 365d9a-365dae 1285->1295 1296 365ec6-365ee7 call 359980 1286->1296 1297 365e9a-365ea6 1286->1297 1298 36608a call 3bd60f 1287->1298 1288->1298 1309 365e03-365e2e 1288->1309 1294->1286 1295->1243 1308 365eec-365eee 1296->1308 1305 365ebc-365ec3 call 3b8375 1297->1305 1306 365ea8-365eb6 1297->1306 1313 36608f-3660aa call 3bd60f 1298->1313 1305->1296 1306->1298 1306->1305 1315 365ef4-365f34 call 366440 1308->1315 1316 365f7f 1308->1316 1309->1294 1325 3660ac-3660b6 1313->1325 1326 3660d8-3660fc call 3667b0 1313->1326 1335 365f36-365f40 call 35aad0 1315->1335 1336 365f45-365f4f 1315->1336 1324 365f82-365f93 GetModuleHandleW 1316->1324 1330 365f95-365fa5 GetProcAddress 1324->1330 1331 365fd1 1324->1331 1333 3660ce-3660d5 call 3b8375 1325->1333 1334 3660b8-3660c6 1325->1334 1357 366144-366149 1326->1357 1358 3660fe-366106 1326->1358 1330->1331 1332 365fa7-365fc5 GetCurrentProcess 1330->1332 1338 365fd3-36605c call 366440 call 3436db call 34372a * 3 call 3b8367 1331->1338 1332->1331 1379 365fc7-365fcb 1332->1379 1333->1326 1341 3661d4-3661d9 call 3bd60f 1334->1341 1342 3660cc 1334->1342 1335->1336 1336->1324 1346 365f51-365f5d 1336->1346 1342->1333 1353 365f73-365f7d call 3b8375 1346->1353 1354 365f5f-365f6d 1346->1354 1349->1243 1359 365c6f-365c7d 1349->1359 1353->1324 1354->1313 1354->1353 1360 36618f-366197 1357->1360 1361 36614b-366151 1357->1361 1366 36613d 1358->1366 1367 366108-36610c 1358->1367 1359->1243 1368 3661c0-3661d3 1360->1368 1369 366199-3661a2 1360->1369 1371 366153-366157 1361->1371 1372 366188 1361->1372 1366->1357 1375 36610e-366115 SysFreeString 1367->1375 1376 36611b-366120 1367->1376 1377 3661b6-3661bd call 3b8375 1369->1377 1378 3661a4-3661b2 1369->1378 1380 366166-36616b 1371->1380 1381 366159-366160 SysFreeString 1371->1381 1372->1360 1375->1376 1383 366132-36613a call 3b8375 1376->1383 1384 366122-36612b call 3b874c 1376->1384 1377->1368 1378->1341 1387 3661b4 1378->1387 1379->1331 1388 365fcd-365fcf 1379->1388 1390 36617d-366185 call 3b8375 1380->1390 1391 36616d-366176 call 3b874c 1380->1391 1381->1380 1383->1366 1384->1383 1387->1377 1388->1338 1390->1372 1391->1390
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003B88FA: EnterCriticalSection.KERNEL32(0043742C,?,?,?,0035402B,0043827C,A2199216,?,00351171,?), ref: 003B8905
                                                                                                                                                                                                                                                      • Part of subcall function 003B88FA: LeaveCriticalSection.KERNEL32(0043742C,?,?,?,0035402B,0043827C,A2199216,?,00351171,?), ref: 003B8942
                                                                                                                                                                                                                                                      • Part of subcall function 00364A40: _com_issue_error.COMSUPP ref: 00364AD2
                                                                                                                                                                                                                                                      • Part of subcall function 00364A40: SysFreeString.OLEAUT32(-00000001), ref: 00364AFD
                                                                                                                                                                                                                                                      • Part of subcall function 003661F0: Concurrency::cancel_current_task.LIBCPMT ref: 003662BF
                                                                                                                                                                                                                                                      • Part of subcall function 003B88B0: EnterCriticalSection.KERNEL32(0043742C,?,?,00354086,0043827C,003F68E0,?), ref: 003B88BA
                                                                                                                                                                                                                                                      • Part of subcall function 003B88B0: LeaveCriticalSection.KERNEL32(0043742C,?,?,00354086,0043827C,003F68E0,?), ref: 003B88ED
                                                                                                                                                                                                                                                      • Part of subcall function 003B88B0: RtlWakeAllConditionVariable.NTDLL ref: 003B8964
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,A2199216,?,?), ref: 003657B4
                                                                                                                                                                                                                                                    • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 003657C5
                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 003657D1
                                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 003657DC
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00366067
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00366085
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32 ref: 0036610F
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0036615A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$Concurrency::cancel_current_taskFreeResourceString$EnterLeave$ConditionFindHandleLoadLockModuleVariableWake_com_issue_error
                                                                                                                                                                                                                                                    • String ID: (error)$)$0.0.0.0$0A$4.1.1.865$4A$EstimatedRunTime$Failed to convert wuuid to string$IsWow64Process$NO_REGKEY$PCSystemTypeEx$PowerState$PredictFailure$Root\CIMV2$Time$UUID$UUID$Version$ery)$kState$kernel32$kernel32.dll$orm$root\wmi$select EstimatedRunTime from Win32_Battery$select PCSystemTypeEx from Win32_ComputerSystem$select PowerState from Win32_ComputerSystem$select PredictFailure from MSStorageDriver_FailurePredictStatus$t
                                                                                                                                                                                                                                                    • API String ID: 2830066208-3152743398
                                                                                                                                                                                                                                                    • Opcode ID: dbbf1497ec55f746ef22670a702dbbc0efbb9fe50da0c9744b63fc87ab0c3c3e
                                                                                                                                                                                                                                                    • Instruction ID: d449fb30261a5ae26c39840a311d68bf48e26a0215ca22e8954330474b6fd1c1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dbbf1497ec55f746ef22670a702dbbc0efbb9fe50da0c9744b63fc87ab0c3c3e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67822374900344DBEB16DFA4DC497EDBBB5AF45304F20826CE804AB3D2DB799A84CB65
                                                                                                                                                                                                                                                    Function 00355870 Relevance: 60.3, APIs: 22, Strings: 12, Instructions: 780encryptionfilethreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1938 355870-3558d0 GetCurrentProcessId GetCurrentThreadId call 3c594f 1941 3558d6-355943 CreateFileW 1938->1941 1942 356170-356185 call 34c900 1938->1942 1943 355945-355965 CreateFileW 1941->1943 1944 35596f-355973 1941->1944 1950 3561a5-3561ab 1942->1950 1951 356187-356189 1942->1951 1943->1944 1946 355967-35596d 1943->1946 1948 355975 1944->1948 1949 35597a-35599c CreateFileW 1944->1949 1946->1948 1948->1949 1952 355a05-355a49 call 3ba920 UuidCreate 1949->1952 1953 35599e-3559c0 CreateFileW 1949->1953 1957 3561ad-3561ba 1950->1957 1958 3561be-3561c4 1950->1958 1951->1950 1954 35618b-35618e 1951->1954 1967 355a4f-355a5f UuidCreate 1952->1967 1968 35620b-35621b call 34c900 1952->1968 1953->1952 1955 3559c2-3559e4 CreateFileW 1953->1955 1954->1950 1961 356190-356194 1954->1961 1955->1952 1962 3559e6-355a03 CreateFileW 1955->1962 1957->1958 1959 3561d7-3561dd 1958->1959 1960 3561c6-3561d3 1958->1960 1964 3561f0-356206 call 3b8367 1959->1964 1965 3561df-3561ec 1959->1965 1960->1959 1961->1950 1966 356196-35619a 1961->1966 1962->1952 1965->1964 1966->1950 1972 35619c-3561a3 call 3569a0 1966->1972 1967->1968 1974 355a65-355a87 call 355790 1967->1974 1968->1954 1972->1950 1982 355a89 1974->1982 1983 355aea-355af2 1974->1983 1985 355a90-355a96 1982->1985 1983->1968 1984 355af8-355b30 1983->1984 2002 356207 1984->2002 2003 355b36-355b3e 1984->2003 1986 355a9f-355aa5 1985->1986 1987 355a98-355a9d 1985->1987 1990 355aa7-355aac 1986->1990 1991 355aae-355ab4 1986->1991 1989 355ad9-355ae1 call 355790 1987->1989 1998 355ae6-355ae8 1989->1998 1990->1989 1992 355ab6-355abb 1991->1992 1993 355abd-355ac3 1991->1993 1992->1989 1996 355ac5-355aca 1993->1996 1997 355acc-355ad2 1993->1997 1996->1989 1997->1983 1999 355ad4 1997->1999 1998->1983 1998->1985 1999->1989 2002->1968 2003->2002 2004 355b44-355b5c 2003->2004 2004->2002 2007 355b62-355b66 2004->2007 2007->2002 2008 355b6c-355c01 call 354cc0 2007->2008 2008->2002 2021 355c07-355c4a 2008->2021 2026 355c50-355c54 2021->2026 2027 35616c 2021->2027 2026->2027 2028 355c5a-355c74 2026->2028 2027->1942 2028->2027 2031 355c7a-355c7e 2028->2031 2031->2027 2032 355c84-355cd4 call 354cc0 2031->2032 2039 355cd7-355ce0 2032->2039 2039->2039 2040 355ce2-355d16 CryptAcquireContextW 2039->2040 2041 355d65-355d6b 2040->2041 2042 355d18-355d32 CryptCreateHash 2040->2042 2044 355d74-355d7a 2041->2044 2045 355d6d-355d6e CryptDestroyHash 2041->2045 2042->2041 2043 355d34-355d4b CryptHashData 2042->2043 2043->2041 2046 355d4d-355d5f CryptGetHashParam 2043->2046 2047 355d85-355ef5 2044->2047 2048 355d7c-355d7f CryptReleaseContext 2044->2048 2045->2044 2046->2041 2047->2027 2077 355efb-355f4e call 354cc0 2047->2077 2048->2047 2084 355f50-355f59 2077->2084 2084->2084 2085 355f5b-355f8f CryptAcquireContextW 2084->2085 2086 355f91-355fab CryptCreateHash 2085->2086 2087 355fde-355fe4 2085->2087 2086->2087 2088 355fad-355fc4 CryptHashData 2086->2088 2089 355fe6-355fe7 CryptDestroyHash 2087->2089 2090 355fed-355ff3 2087->2090 2088->2087 2091 355fc6-355fd8 CryptGetHashParam 2088->2091 2089->2090 2092 355ff5-355ff8 CryptReleaseContext 2090->2092 2093 355ffe-356166 2090->2093 2091->2087 2092->2093 2093->2027
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 003558AA
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 003558B4
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 0035593A
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 0035595C
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(\\.\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 00355991
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,80000000,00000000,00000000,00000003,40000000,00000000), ref: 003559B5
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(\\.\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 003559D9
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(\\.\Global\WGUARDNT,C0000000,00000000,00000000,00000003,40000000,00000000), ref: 003559FD
                                                                                                                                                                                                                                                    • UuidCreate.RPCRT4(00000000), ref: 00355A41
                                                                                                                                                                                                                                                    • UuidCreate.RPCRT4(00000000), ref: 00355A57
                                                                                                                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(?), ref: 00355D0E
                                                                                                                                                                                                                                                    • CryptCreateHash.ADVAPI32(00000010,00008003,00000000,00000000,?), ref: 00355D2A
                                                                                                                                                                                                                                                    • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00355D43
                                                                                                                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00355D5F
                                                                                                                                                                                                                                                    • CryptDestroyHash.ADVAPI32(?), ref: 00355D6E
                                                                                                                                                                                                                                                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00355D7F
                                                                                                                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(?), ref: 00355F87
                                                                                                                                                                                                                                                    • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,?), ref: 00355FA3
                                                                                                                                                                                                                                                    • CryptHashData.ADVAPI32(?,?,00000000,00000000), ref: 00355FBC
                                                                                                                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,?,?,00000000), ref: 00355FD8
                                                                                                                                                                                                                                                    • CryptDestroyHash.ADVAPI32(?), ref: 00355FE7
                                                                                                                                                                                                                                                    • CryptReleaseContext.ADVAPI32(?,00000000), ref: 00355FF8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Crypt$Create$Hash$File$Context$AcquireCurrentDataDestroyParamReleaseUuid$ProcessThread
                                                                                                                                                                                                                                                    • String ID: AacControl$AacControl2$AacControl3$AacControl4$AacControl5$AacControl6$Created access handle %p$\\.\Global\WGUARDNT$\\.\WGUARDNT$accesslib policy %x:%x$al delete policy on terminate process 0x%x (%d) rule$al disable rules on terminate thread 0x%x (%d) rule
                                                                                                                                                                                                                                                    • API String ID: 4128897270-3926088020
                                                                                                                                                                                                                                                    • Opcode ID: b0e02410a1ec2d51125c1ad4f602a7f3c57b6b8df7da7c0768f974528229d971
                                                                                                                                                                                                                                                    • Instruction ID: 9fad1d039eca5528433b10acbd3e99a5b8d46bad27270ec9b432124fb87aa4a0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0e02410a1ec2d51125c1ad4f602a7f3c57b6b8df7da7c0768f974528229d971
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F35247356043119FDB129F14CC98F2AB7EABB88714F190559FA45AB3A0CBB4ED05CF86
                                                                                                                                                                                                                                                    Function 00391840 Relevance: 60.3, APIs: 5, Strings: 29, Instructions: 754registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegCreateKeyExW.KERNEL32(80000002,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,-00000028,?,?,-00000028,00000000,?), ref: 00391932
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,-00000028,?), ref: 00391DAD
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,?,?,-00000028,?,?,-00000028,00000000,?), ref: 00391DD3
                                                                                                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 003920C4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$CreateInitstd::locale::_
                                                                                                                                                                                                                                                    • String ID: to $$+@$(Default)$BIN$DWORD$Error (%d) creating registry key: %s$Error (%d) setting value (%s) under registry key: %s$Key$NUM$NWebAdvisor::NXmlUpdater::CSetVariableCommand::Execute$NWebAdvisor::NXmlUpdater::SetRegistryKey$QWORD$STR$Setting variable $Unable to convert %s to hex$Unable to read key or value attribute of SETVAR command$Unable to set the variable$Unable to substitute variables for the SETVAR command$Unknown registry key type: %s$Value$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\RegistryCommand.cpp$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SetVariableCommand.cpp$invalid stoul argument$invalid stoull argument$invalid substitutor$memcpy_s failed in NWebAdvisor::NXmlUpdater::SetRegistryKey$stoul argument out of range$stoull argument out of range$*@
                                                                                                                                                                                                                                                    • API String ID: 3662814871-2947810676
                                                                                                                                                                                                                                                    • Opcode ID: 8b7d8151d7b1c90e1ed6e117082b51458a0897636699539a4c688f9c51965967
                                                                                                                                                                                                                                                    • Instruction ID: 0cdf23da9da1f1f2884ab2741c8a615fdbb41f54c0bf35d8f2ed6f8db2c2a173
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b7d8151d7b1c90e1ed6e117082b51458a0897636699539a4c688f9c51965967
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B852B171A00309AFEF22DF54CC45BAEB7B5BF04704F1441A9E9097B281E775AA44CFA5
                                                                                                                                                                                                                                                    Function 003A17A0 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 353encryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 3020 3a17a0-3a17e9 3021 3a17eb-3a181d CryptQueryObject 3020->3021 3022 3a184f 3020->3022 3024 3a181f-3a1824 3021->3024 3025 3a186d-3a18ae call 3a14f0 3021->3025 3023 3a1851-3a186c call 3b8367 3022->3023 3028 3a182d-3a1832 3024->3028 3029 3a1826-3a1827 CryptMsgClose 3024->3029 3035 3a18b0-3a18bd call 38e680 3025->3035 3036 3a18e4-3a18ea 3025->3036 3032 3a1842-3a1848 3028->3032 3033 3a1834-3a183f CertCloseStore 3028->3033 3029->3028 3032->3022 3034 3a184a-3a184b 3032->3034 3033->3032 3034->3022 3045 3a18bf-3a18c0 CryptMsgClose 3035->3045 3046 3a18c6-3a18cb 3035->3046 3037 3a18f0-3a18f6 3036->3037 3039 3a18fc-3a1944 3037->3039 3040 3a1b40-3a1b4d call 38e680 3037->3040 3043 3a198e-3a19d5 CryptQueryObject 3039->3043 3044 3a1946-3a1951 3039->3044 3055 3a1b4f-3a1b50 CryptMsgClose 3040->3055 3056 3a1b52-3a1b57 3040->3056 3050 3a1a39-3a1a5c call 3a14f0 3043->3050 3051 3a19d7-3a19dc 3043->3051 3048 3a1969-3a198b call 3b8375 3044->3048 3049 3a1953-3a1961 3044->3049 3045->3046 3052 3a18db-3a18df 3046->3052 3053 3a18cd-3a18d8 CertCloseStore 3046->3053 3048->3043 3057 3a1b7c-3a1b81 call 3bd60f 3049->3057 3058 3a1967 3049->3058 3075 3a1ac8-3a1aca 3050->3075 3076 3a1a5e-3a1a60 3050->3076 3060 3a19de-3a19df CryptMsgClose 3051->3060 3061 3a19e1-3a19ec 3051->3061 3054 3a1ab8-3a1aba 3052->3054 3053->3052 3063 3a1abc-3a1abd 3054->3063 3064 3a1ac1-3a1ac3 3054->3064 3055->3056 3065 3a1b59-3a1b64 CertCloseStore 3056->3065 3066 3a1b67 3056->3066 3058->3048 3060->3061 3069 3a19f8-3a19fe 3061->3069 3070 3a19ee-3a19f5 CertCloseStore 3061->3070 3063->3064 3064->3023 3065->3066 3066->3057 3072 3a1a00-3a1a01 3069->3072 3073 3a1a05-3a1a1a call 38e630 call 38e680 3069->3073 3070->3069 3072->3073 3095 3a1a1f-3a1a24 3073->3095 3096 3a1a1c-3a1a1d CryptMsgClose 3073->3096 3080 3a1acf-3a1ad4 3075->3080 3081 3a1acc-3a1acd CryptMsgClose 3075->3081 3077 3a1a62-3a1a63 CryptMsgClose 3076->3077 3078 3a1a65-3a1a70 3076->3078 3077->3078 3082 3a1a7c-3a1a82 3078->3082 3083 3a1a72-3a1a79 CertCloseStore 3078->3083 3085 3a1ad6-3a1ae1 CertCloseStore 3080->3085 3086 3a1ae4-3a1aea 3080->3086 3081->3080 3087 3a1a89-3a1a9e call 38e630 call 38e680 3082->3087 3088 3a1a84-3a1a85 3082->3088 3083->3082 3085->3086 3090 3a1aec-3a1aed 3086->3090 3091 3a1af1-3a1af7 3086->3091 3107 3a1aa3-3a1aa8 3087->3107 3108 3a1aa0-3a1aa1 CryptMsgClose 3087->3108 3088->3087 3090->3091 3091->3037 3094 3a1afd-3a1b08 3091->3094 3098 3a1b0a-3a1b18 3094->3098 3099 3a1b1c-3a1b3b call 3b8375 3094->3099 3100 3a1a30 3095->3100 3101 3a1a26-3a1a2d CertCloseStore 3095->3101 3096->3095 3098->3057 3103 3a1b1a 3098->3103 3099->3037 3100->3050 3101->3100 3103->3099 3109 3a1aaa-3a1ab1 CertCloseStore 3107->3109 3110 3a1ab4 3107->3110 3108->3107 3109->3110 3110->3054
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000001, %:,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003A1815
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 003A1827
                                                                                                                                                                                                                                                      • Part of subcall function 003A14F0: CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 003A1581
                                                                                                                                                                                                                                                      • Part of subcall function 003A14F0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 003A15B2
                                                                                                                                                                                                                                                      • Part of subcall function 003A14F0: CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 003A15DD
                                                                                                                                                                                                                                                      • Part of subcall function 003A14F0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 003A1625
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 003A1837
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 003A18C0
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 003A18D0
                                                                                                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003A19CD
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 003A19DF
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 003A19F1
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 003A1A1D
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 003A1A29
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 003A1A63
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 003A1A75
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 003A1AA1
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 003A1AAD
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 003A1ACD
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 003A1AD9
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 003A1B50
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 003A1B5C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$Crypt$CertStore$Param$ObjectQuery$CertificateFromSubject
                                                                                                                                                                                                                                                    • String ID: %:
                                                                                                                                                                                                                                                    • API String ID: 2648890560-3925055143
                                                                                                                                                                                                                                                    • Opcode ID: 93a96ab0e221b1de9c1ba83e351f7d5e93b7a54060483f03c775d601c141726f
                                                                                                                                                                                                                                                    • Instruction ID: e3bf710955f133247a8bbeadc3660c69258ec9766313c89fdb6ad57e2d3999c5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93a96ab0e221b1de9c1ba83e351f7d5e93b7a54060483f03c775d601c141726f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CC12C71E10249ABEF11DFA9CD89BAEBBF8EF05704F154529E504F7280EB749904CBA4
                                                                                                                                                                                                                                                    Function 0038FFE0 Relevance: 31.9, APIs: 9, Strings: 9, Instructions: 368COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 3111 38ffe0-39002d 3112 39002f-39004c call 378650 3111->3112 3113 390051-390055 3111->3113 3126 390557-390571 call 3b8367 3112->3126 3115 3900ae-39010d 3113->3115 3116 390057-39005d 3113->3116 3120 39010f-39011b 3115->3120 3121 390122-390135 3115->3121 3118 39005f 3116->3118 3119 390061-39006a 3116->3119 3118->3119 3122 39006c-390073 call 3a21d0 3119->3122 3123 390077-39007c call 38eb20 3119->3123 3120->3121 3124 39013b-390145 3121->3124 3125 390574-390579 call 3434d0 3121->3125 3134 390075 3122->3134 3140 39007f-390081 3123->3140 3127 39014f-390187 3124->3127 3128 390147-390149 3124->3128 3132 390189-390194 3127->3132 3133 3901d3-390283 call 3ba3a0 call 34e9c0 3127->3133 3128->3127 3138 39019d-3901a4 3132->3138 3139 390196-39019b 3132->3139 3153 390285 3133->3153 3154 390287-390318 call 34e9c0 call 3438d0 * 2 call 3ba920 3133->3154 3134->3140 3142 3901a7-3901cd call 3433c3 3138->3142 3139->3142 3140->3115 3143 390083-390087 3140->3143 3142->3133 3146 390089 3143->3146 3147 39008b-3900a9 call 378650 3143->3147 3146->3147 3147->3126 3153->3154 3163 390320-390328 3154->3163 3164 39032a-390331 3163->3164 3165 39033e-390355 3163->3165 3164->3165 3166 390333-39033c 3164->3166 3167 390359-390383 CreateProcessW 3165->3167 3168 390357 3165->3168 3166->3163 3166->3165 3169 3903ba-3903ca WaitForSingleObject 3167->3169 3170 390385-3903b5 GetLastError call 378650 3167->3170 3168->3167 3171 3903cc-3903d0 3169->3171 3172 3903de-3903fd GetExitCodeProcess 3169->3172 3179 390526-39053f call 3438d0 3170->3179 3175 3903d2 3171->3175 3176 3903d4-3903dc 3171->3176 3177 3903ff-39040b GetLastError 3172->3177 3178 390430-390434 3172->3178 3175->3176 3180 390410-39042b call 378650 3176->3180 3177->3180 3181 39046e-390477 3178->3181 3182 390436-39043a 3178->3182 3192 390541-390542 CloseHandle 3179->3192 3193 390544-39054c 3179->3193 3180->3179 3184 390480-39049e 3181->3184 3186 39043c 3182->3186 3187 39043e-390447 DeleteFileW 3182->3187 3184->3184 3189 3904a0-3904c4 3184->3189 3186->3187 3187->3181 3191 390449-39046b GetLastError call 378650 3187->3191 3194 3904d7-39051f call 3414a1 call 37a350 call 3438d0 * 2 3189->3194 3195 3904c6-3904d2 call 34347e 3189->3195 3191->3181 3192->3193 3199 39054e-39054f CloseHandle 3193->3199 3200 390551 3193->3200 3194->3179 3195->3194 3199->3200 3200->3126
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: D$Failed to delete executable (%d)$Failed to get process exit code (%d)$NWebAdvisor::NXmlUpdater::CExecuteLocalCommand::ExecuteLocalCommand$Signature check failed for command %s$Unable to run %s, error (%d)$Wait for process failed for command %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExecuteLocalCommand.cpp$invalid substitutor
                                                                                                                                                                                                                                                    • API String ID: 0-284121414
                                                                                                                                                                                                                                                    • Opcode ID: 6bd32c016d475ad2195c47315fbc4feb1a3ea9583005900afcf74e203e0bc2f6
                                                                                                                                                                                                                                                    • Instruction ID: 8b1b26cf2cbd31b6256443580e8f9b4b15537edbdedef32ad9452d3ad74315b7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bd32c016d475ad2195c47315fbc4feb1a3ea9583005900afcf74e203e0bc2f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FE1BE71A01219DFDF2ADF24CC49BADB7B8AF55304F1041EAE409AB291EB749E84CF51
                                                                                                                                                                                                                                                    Function 00355204 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 345registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 3384 355204-35523e RegOpenKeyExW 3385 355244-355273 RegQueryValueExW 3384->3385 3386 3552e2-355311 call 3be960 GetLastError 3384->3386 3388 355275-35527d 3385->3388 3389 3552ca-3552dc RegCloseKey 3385->3389 3392 35538b-3553dc 3386->3392 3388->3389 3391 35527f-355292 call 354c10 3388->3391 3389->3386 3389->3392 3404 3552b4-3552c8 SetLastError RegCloseKey 3391->3404 3405 355294-35529c 3391->3405 3393 3553fd-355401 3392->3393 3394 3553de-3553eb OutputDebugStringW call 354f50 3392->3394 3397 355403-355449 call 3ba920 * 2 call 356ae0 3393->3397 3398 35547e-355481 3393->3398 3402 3553f0-3553f8 3394->3402 3397->3398 3439 35544b-355471 3397->3439 3400 355483-355489 3398->3400 3401 35548f-355496 3398->3401 3400->3401 3406 3555d1-3555d7 3400->3406 3401->3406 3407 35549c-3554b8 OutputDebugStringW call 354e60 3401->3407 3402->3398 3404->3386 3405->3389 3409 35529e-3552b2 call 354c10 3405->3409 3410 3555f3 3406->3410 3411 3555d9 3406->3411 3424 3554be-3554d8 call 354e60 3407->3424 3425 3555cb 3407->3425 3409->3389 3409->3404 3418 3555f5 3410->3418 3415 355703-35570a 3411->3415 3416 3555df-3555e5 3411->3416 3421 35570c-35571b LoadLibraryExW 3415->3421 3422 355739 3415->3422 3416->3415 3423 3555eb-3555f1 3416->3423 3418->3415 3426 3555fb-355606 3418->3426 3428 35571d-355737 GetLastError call 3be960 3421->3428 3429 35573e-355743 3421->3429 3422->3429 3423->3418 3441 3554f2-355516 call 3c594f 3424->3441 3442 3554da-3554e0 3424->3442 3425->3406 3431 355610-35561c call 354dc0 3426->3431 3432 355608-35560a 3426->3432 3428->3429 3436 355745-35574b call 3b874c 3429->3436 3437 35574e-355753 3429->3437 3451 355622-35562a 3431->3451 3452 3556ea-3556ef 3431->3452 3432->3431 3436->3437 3445 355755-35575b call 3b874c 3437->3445 3446 35575e-355784 call 3b8367 3437->3446 3439->3398 3449 355518-35551f 3441->3449 3448 3554e2-3554eb call 3be960 3442->3448 3442->3449 3445->3446 3448->3441 3449->3426 3455 355525-35554b call 354e60 call 354cc0 3449->3455 3451->3452 3458 355630 3451->3458 3452->3429 3459 3556f1-355701 call 3be960 3452->3459 3476 3555c4-3555c9 3455->3476 3477 35554d-35557f call 3ba920 * 2 call 356ae0 3455->3477 3466 355635-355639 3458->3466 3459->3429 3467 355643-35565a 3466->3467 3468 35563b-355641 3466->3468 3467->3452 3471 355660-3556a2 call 354dc0 call 3c594f 3467->3471 3468->3466 3468->3467 3471->3452 3482 3556a4-3556e2 call 354dc0 call 354cc0 OutputDebugStringW call 3be960 3471->3482 3476->3426 3489 355584-35558d 3477->3489 3493 3556e7 3482->3493 3489->3406 3491 35558f-3555c2 3489->3491 3491->3406 3493->3452
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,Software\McAfee\SystemCore,00000000,00020219,?), ref: 00355225
                                                                                                                                                                                                                                                    • RegQueryValueExW.ADVAPI32(?,szInstallDir32,00000000,?,?,?), ref: 00355265
                                                                                                                                                                                                                                                    • SetLastError.KERNEL32(0000006F,?,?,0041A17C), ref: 003552B6
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 003552C2
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 003552D0
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 003552F6
                                                                                                                                                                                                                                                    • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in current directory), ref: 003553E3
                                                                                                                                                                                                                                                    • OutputDebugStringW.KERNEL32(NCPrivateLoadAndValidateMPTDll: Looking in EXE directory), ref: 003554A1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Software\McAfee\SystemCore, xrefs: 0035521B
                                                                                                                                                                                                                                                    • NCPrivateLoadAndValidateMPTDll: Looking in current directory, xrefs: 003553DE
                                                                                                                                                                                                                                                    • szInstallDir32, xrefs: 0035525F
                                                                                                                                                                                                                                                    • NCPrivateLoadAndValidateMPTDll: Looking in EXE directory, xrefs: 0035549C
                                                                                                                                                                                                                                                    • NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x, xrefs: 003556B7
                                                                                                                                                                                                                                                    • %ls\%ls, xrefs: 00355533
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseDebugErrorLastOutputString$OpenQueryValue
                                                                                                                                                                                                                                                    • String ID: %ls\%ls$NCPrivateLoadAndValidateMPTDll: Looking in EXE directory$NCPrivateLoadAndValidateMPTDll: Looking in current directory$NotComDllGetInterface: %ls loading %ls, WinVerifyTrust failed with %08x$Software\McAfee\SystemCore$szInstallDir32
                                                                                                                                                                                                                                                    • API String ID: 901107078-3767168787
                                                                                                                                                                                                                                                    • Opcode ID: 2f0b1ba64ddc3975c4cce55cc9e73c290c64de9b7d7dc49115791971ffd80553
                                                                                                                                                                                                                                                    • Instruction ID: b8fc781814971c22315312c7bb2b98d007c9e4d907009845b005456fb28d11ec
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f0b1ba64ddc3975c4cce55cc9e73c290c64de9b7d7dc49115791971ffd80553
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03D1F771E00619AFEF26CF64CC55FAEB7B5BF04305F0540A5E909AA261DB70AD88CF91
                                                                                                                                                                                                                                                    Function 003570D9 Relevance: 27.2, APIs: 4, Strings: 11, Instructions: 977COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00364B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0036521E
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00357D3D
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00357DFC
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00357DC8
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00357EBB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Failed to add event category (, xrefs: 003571F0
                                                                                                                                                                                                                                                    • Service has not been initialized, xrefs: 00357E88
                                                                                                                                                                                                                                                    • Failed to add reserved 3 dimension (, xrefs: 003579CD
                                                                                                                                                                                                                                                    • Failed to add reserved 4 dimension (, xrefs: 00357B63
                                                                                                                                                                                                                                                    • Failed to add reserved 2 dimension (, xrefs: 00357834
                                                                                                                                                                                                                                                    • Failed to add reserved 1 dimension (, xrefs: 0035769E
                                                                                                                                                                                                                                                    • u, xrefs: 00357B57
                                                                                                                                                                                                                                                    • Failed to add event action (, xrefs: 00357379
                                                                                                                                                                                                                                                    • Failed to add reserved 5 dimension (, xrefs: 00357CFD
                                                                                                                                                                                                                                                    • z, xrefs: 00357CF1
                                                                                                                                                                                                                                                    • Failed to add event label (, xrefs: 00357508
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                                                                                    • String ID: Failed to add event action ($Failed to add event category ($Failed to add event label ($Failed to add reserved 1 dimension ($Failed to add reserved 2 dimension ($Failed to add reserved 3 dimension ($Failed to add reserved 4 dimension ($Failed to add reserved 5 dimension ($Service has not been initialized$u$z
                                                                                                                                                                                                                                                    • API String ID: 342047005-3525645681
                                                                                                                                                                                                                                                    • Opcode ID: ccd2b1df8bde50c0ec6399f8c302302086ef0147efa949677874435c375b8994
                                                                                                                                                                                                                                                    • Instruction ID: 23db14669f3627e2c9a45addb2e1aa38ae7f0666466c075581fdc28bd7ab3948
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccd2b1df8bde50c0ec6399f8c302302086ef0147efa949677874435c375b8994
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2482EF70614244CFDB1AEF24D895FEE7BA4EF45304F1141A9EC068F292DB75DA48CBA2
                                                                                                                                                                                                                                                    Function 00358FB0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoCreateGuid.OLE32(?), ref: 00358FC8
                                                                                                                                                                                                                                                    • StringFromCLSID.OLE32(?,?), ref: 00358FE0
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 00359138
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00359173
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003593D1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Could not create registry key , xrefs: 0035923F
                                                                                                                                                                                                                                                    • SOFTWARE\McAfee\WebAdvisor, xrefs: 003591FB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_taskCreateFreeFromGuidIos_base_dtorStringTaskstd::ios_base::_
                                                                                                                                                                                                                                                    • String ID: Could not create registry key $SOFTWARE\McAfee\WebAdvisor
                                                                                                                                                                                                                                                    • API String ID: 3741506170-3627174789
                                                                                                                                                                                                                                                    • Opcode ID: b567a34e03294b1422a8f47ccc39912969924567ffd17745cafe2366da97df28
                                                                                                                                                                                                                                                    • Instruction ID: 3375d53d168cde748e32dcc530150b4ce2a2c8395ec72ab44a6d6d4ce885cde1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b567a34e03294b1422a8f47ccc39912969924567ffd17745cafe2366da97df28
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8811571A00205DBDB15EF64DC49FAFB3E8EF44314F50462EF9169B691EB34AA08CB91
                                                                                                                                                                                                                                                    Function 003A14F0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 215encryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(?,00000005,00000000,?,?), ref: 003A1581
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 003A15B2
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(?,00000006,?,00000000,?), ref: 003A15DD
                                                                                                                                                                                                                                                    • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 003A1625
                                                                                                                                                                                                                                                    • CertFreeCRLContext.CRYPT32(?), ref: 003A175E
                                                                                                                                                                                                                                                      • Part of subcall function 003BE960: _free.LIBCMT ref: 003BE973
                                                                                                                                                                                                                                                    • CertFreeCRLContext.CRYPT32(?), ref: 003A1738
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CertCryptParam$ContextFree$CertificateFromStoreSubject_free
                                                                                                                                                                                                                                                    • String ID: %:
                                                                                                                                                                                                                                                    • API String ID: 4059466977-3925055143
                                                                                                                                                                                                                                                    • Opcode ID: b2fadbc09cc590af6cebabfb7684931be1b78659aeeac1eceb910b21645706d8
                                                                                                                                                                                                                                                    • Instruction ID: ee174f51bee63e82dfdd17e889ffb05a8490e5124a7e8c80a3681cbdc009d5ed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b2fadbc09cc590af6cebabfb7684931be1b78659aeeac1eceb910b21645706d8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E816D75900248EFDF22DF64D841BEEBBB8FF0A354F144129EC55A7251D7329A08CBA1
                                                                                                                                                                                                                                                    Function 00344C8E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73processCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00344CA6
                                                                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00344CB8
                                                                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00344CD3
                                                                                                                                                                                                                                                    • Process32NextW.KERNEL32(00000000,0000022C), ref: 00344CE9
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00344CFA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process32$CloseCreateCurrentFirstHandleNextProcessSnapshotToolhelp32
                                                                                                                                                                                                                                                    • String ID: saBSI.exe
                                                                                                                                                                                                                                                    • API String ID: 592884611-3955546181
                                                                                                                                                                                                                                                    • Opcode ID: ad30b24fc25a88a741a0018d1f9f822d67bf4f90387ea6eacf00dc9025f7ce67
                                                                                                                                                                                                                                                    • Instruction ID: 35e32c33a89bf04d53cca3af60957af8a0fc008f68224d04110195ea5a7c202e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad30b24fc25a88a741a0018d1f9f822d67bf4f90387ea6eacf00dc9025f7ce67
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C4212B31505300AFC222AB24EC89B7F77D8EB86324F150639F915CF1E1E730AD49CA92
                                                                                                                                                                                                                                                    Function 003773B0 Relevance: 10.4, Strings: 8, Instructions: 433COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: HeapProcess
                                                                                                                                                                                                                                                    • String ID: &$&$CObfuscatedIniReader cannot load file: %s$Key was not found: %s$NWebAdvisor::CSubInfoDatReader::ReadString$No section found for %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubInfoDataReader.cpp$d6@
                                                                                                                                                                                                                                                    • API String ID: 54951025-2847523246
                                                                                                                                                                                                                                                    • Opcode ID: 61828811ad5edc5ba7ae955097ac81a018a6fcbb2bf477ec818190ca1cc85d85
                                                                                                                                                                                                                                                    • Instruction ID: 12446eb077f14518f1a3a41a5924d3c136e03fe0185b67ad35d87dd7ea722f5e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61828811ad5edc5ba7ae955097ac81a018a6fcbb2bf477ec818190ca1cc85d85
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B7F1F270A04309DBDB21DF68CC45BAEBBB5BF05314F15C2ACE509AB291EB749A44CF51
                                                                                                                                                                                                                                                    Function 00354F50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000,A2199216), ref: 00354FB5
                                                                                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00354FDF
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00354FF2
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0035500B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CurrentDirectoryErrorLast
                                                                                                                                                                                                                                                    • String ID: %ls\%ls
                                                                                                                                                                                                                                                    • API String ID: 152501406-2125769799
                                                                                                                                                                                                                                                    • Opcode ID: 1a8907641a046692184fe540bceaf30c7c27fe06fbfa30ef8f711750612c63f2
                                                                                                                                                                                                                                                    • Instruction ID: 7f5b51d09e74a2546e971bc1493b3acfee4c0770537cab18c1ff1fdb872ebaa2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a8907641a046692184fe540bceaf30c7c27fe06fbfa30ef8f711750612c63f2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA4105B1E006059BDB16DF75CC46BAFB6B8AF44701F25413AE806EB291EB30D904CF91
                                                                                                                                                                                                                                                    Function 0038D540 Relevance: 7.2, Strings: 5, Instructions: 925COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp, xrefs: 0038DB6A, 0038E17A
                                                                                                                                                                                                                                                    • NEQ, xrefs: 0038D892
                                                                                                                                                                                                                                                    • Unable to substitute the arguments, xrefs: 0038E16E
                                                                                                                                                                                                                                                    • invalid substitutor, xrefs: 0038DB5E
                                                                                                                                                                                                                                                    • NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied, xrefs: 0038DB65, 0038E175
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: NEQ$NWebAdvisor::NXmlUpdater::CVersionPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\VersionPrecondition.cpp$invalid substitutor
                                                                                                                                                                                                                                                    • API String ID: 0-4090108046
                                                                                                                                                                                                                                                    • Opcode ID: 15db27e511ea05bee2da5525f33091ff58ffa4a779f45a2a6b0b9f2469ab2d5c
                                                                                                                                                                                                                                                    • Instruction ID: 584ccefb76704852a704021ba781edc070918e2415c091a7670ce487517b25c4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15db27e511ea05bee2da5525f33091ff58ffa4a779f45a2a6b0b9f2469ab2d5c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F82AF71D003588BDF16DFA8C845BEDBBB1BF45308F244299D419AF291EB74AA85CF50
                                                                                                                                                                                                                                                    Function 003CE8FE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,003CE8FD,00000002,00000002,?,00000002), ref: 003CE920
                                                                                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,003CE8FD,00000002,00000002,?,00000002), ref: 003CE927
                                                                                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 003CE939
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                                                                                    • Opcode ID: 2068ed49bca593fa4c90032df05b37a2b13941b86fa4fb204eef6f589cb98191
                                                                                                                                                                                                                                                    • Instruction ID: 7f3308514a7e1d6849ef1e1dc91338a39e609fb9b3699fca370484883c82ed05
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2068ed49bca593fa4c90032df05b37a2b13941b86fa4fb204eef6f589cb98191
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70E0BD32010109AFCF936F65ED49E6C3B6EEB44751F054819F909CA231DB79ED82CB92
                                                                                                                                                                                                                                                    Function 00345C1E Relevance: 3.1, APIs: 2, Instructions: 76comCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CoCreateInstance.OLE32(0040D808,00000000,00000017,0041B024,00000000,A2199216,?,?,?,00000000,00000000,00000000,003E8687,000000FF), ref: 00345C7A
                                                                                                                                                                                                                                                    • OleRun.OLE32(00000000), ref: 00345C89
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateInstance
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 542301482-0
                                                                                                                                                                                                                                                    • Opcode ID: 59d76469bad679d1bd52c52986c59e4df16239b5d2916d38a5591d928395cb38
                                                                                                                                                                                                                                                    • Instruction ID: 66c669487c1be6af37fb38a385a4bbd9eb586a6444d6553432d081516ed84f44
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 59d76469bad679d1bd52c52986c59e4df16239b5d2916d38a5591d928395cb38
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9321607AA00614AFC706DB58CC85F6EB7F9EF88B20F25416AF515E73A0DB74AD00CA54
                                                                                                                                                                                                                                                    Function 00344E1F Relevance: 65.5, APIs: 9, Strings: 28, Instructions: 767COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1406 344e1f-344e73 call 36d6d0 1409 344e75-344ec1 call 349bb0 call 349940 call 341b84 call 341be0 call 34136c 1406->1409 1410 344ec6-344ede call 344d63 1406->1410 1409->1410 1415 344ee0-344f34 call 349bb0 call 349940 call 341b84 call 341be0 call 34136c 1410->1415 1416 344f39-344f46 CoInitializeEx 1410->1416 1451 3458da-3458e1 1415->1451 1420 344f4d-344f51 call 345a4f 1416->1420 1421 344f48-344f4b 1416->1421 1425 344f56-344f7c call 3b8760 1420->1425 1421->1420 1421->1425 1432 344f86 1425->1432 1433 344f7e-344f84 1425->1433 1436 344f88-344f99 call 345d57 1432->1436 1433->1436 1443 344ff1-345008 call 3b8760 1436->1443 1444 344f9b-344fec call 349bb0 call 349940 call 341b84 call 341be0 call 34136c 1436->1444 1452 345012 1443->1452 1453 34500a-345010 1443->1453 1478 3458ba-3458bf 1444->1478 1455 3458e3-3458e9 CloseHandle 1451->1455 1456 3458ef-345913 call 3b8367 1451->1456 1458 345014-34502c call 345db6 1452->1458 1453->1458 1455->1456 1466 34502e-345076 call 349bb0 call 349940 call 341b84 call 341be0 call 34136c 1458->1466 1467 34507b-3450cc call 3ba920 call 3b8760 1458->1467 1507 3458ab-3458b3 1466->1507 1483 3450ce-3450d6 call 356bd0 1467->1483 1484 3450d8 1467->1484 1481 3458c6-3458d2 call 3459c2 1478->1481 1482 3458c1 call 347d21 1478->1482 1481->1451 1496 3458d4 CoUninitialize 1481->1496 1482->1481 1485 3450da-3450f0 call 345e16 1483->1485 1484->1485 1497 3450f2-34513e call 349bb0 call 349940 call 341b84 call 341be0 call 34136c 1485->1497 1498 345143-345154 1485->1498 1496->1451 1533 345897-34589c 1497->1533 1502 345156 1498->1502 1503 34515a-345176 1498->1503 1502->1503 1504 34517c-345194 1503->1504 1505 345178 1503->1505 1508 345196 1504->1508 1509 34519a-3451a9 call 373670 1504->1509 1505->1504 1507->1478 1510 3458b5 call 347d21 1507->1510 1508->1509 1517 3451f7-345233 CommandLineToArgvW 1509->1517 1518 3451ab-3451f2 call 349bb0 call 349940 call 341b84 call 341be0 1509->1518 1510->1478 1530 345284-3452b0 call 3ba920 GetModuleFileNameW 1517->1530 1531 345235-345282 call 349bb0 call 349940 call 341b84 call 341be0 GetLastError 1517->1531 1548 345310-345318 call 34136c 1518->1548 1544 3452b2-3452fc call 349bb0 call 349940 call 341b84 call 341be0 GetLastError 1530->1544 1545 34531d-345367 call 34d730 call 3ba920 GetLongPathNameW 1530->1545 1570 3452ff-34530a call 346140 1531->1570 1534 3458a3-3458a6 call 345946 1533->1534 1535 34589e call 347d21 1533->1535 1534->1507 1535->1534 1544->1570 1563 34536d-345416 call 349bb0 call 349940 call 341b84 call 341be0 GetLastError call 346140 call 3461b0 call 344190 call 34136c call 3bea46 1545->1563 1564 345419-345520 call 34171d * 2 call 375b70 call 343899 * 2 call 3449d2 call 34171d * 2 call 375b70 call 343899 * 2 call 3449d2 1545->1564 1548->1533 1563->1564 1615 345596-3455a8 call 3449d2 1564->1615 1616 345522-345591 call 344a04 call 34171d call 375b70 call 343899 * 2 1564->1616 1570->1548 1622 345611-34564f call 344a4a 1615->1622 1623 3455aa-34560c call 34171d * 2 call 375b70 call 343899 * 2 1615->1623 1616->1615 1641 345651-345693 call 349bb0 call 349940 call 341b84 call 346220 call 34136c 1622->1641 1642 345698-3456a9 call 344b92 1622->1642 1623->1622 1641->1642 1650 34571b-345729 call 343a88 1642->1650 1651 3456ab-345716 call 349bb0 call 349940 call 341b84 call 341be0 1642->1651 1655 34572e-345733 1650->1655 1691 345887-34588c call 34136c 1651->1691 1658 3457ed-345802 call 347d7c 1655->1658 1659 345739-34573b 1655->1659 1672 345804 1658->1672 1673 345806-345881 call 34372a call 349bb0 call 349940 call 341b84 call 341be0 call 346290 1658->1673 1663 345746-34575b call 347d7c 1659->1663 1664 34573d-345740 1659->1664 1674 34575d 1663->1674 1675 34575f-3457e8 call 34372a call 349bb0 call 349940 call 341b84 call 341be0 call 346290 call 34136c 1663->1675 1664->1658 1664->1663 1672->1673 1673->1691 1674->1675 1700 34588f-345892 call 343899 1675->1700 1691->1700 1700->1533
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0036D6D0: GetModuleHandleW.KERNEL32(kernel32.dll,00344E6C,A2199216), ref: 0036D6D5
                                                                                                                                                                                                                                                      • Part of subcall function 0036D6D0: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 0036D6E5
                                                                                                                                                                                                                                                    • CoInitializeEx.COMBASE(00000000,00000000,A2199216), ref: 00344F3E
                                                                                                                                                                                                                                                    • CommandLineToArgvW.SHELL32(?,?), ref: 00345226
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001), ref: 00345276
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104), ref: 003452A8
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001), ref: 003452F3
                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 0034535F
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000002), ref: 003453AE
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000001), ref: 003458E9
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                      • Part of subcall function 0034136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003413A5
                                                                                                                                                                                                                                                    • CoUninitialize.OLE32(?,00000001), ref: 003458D4
                                                                                                                                                                                                                                                      • Part of subcall function 00356BD0: __Mtx_init_in_situ.LIBCPMT ref: 00356CC0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$HandleInitInitializeIos_base_dtorModuleNameOncestd::ios_base::_$AddressArgvBeginCloseCommandCompleteFileLineLongMtx_init_in_situPathProcUninitialize
                                                                                                                                                                                                                                                    • String ID: /no_self_update$/store_xml_on_disk$/xml$BSI installation success. Exit code: $BootStrapInstaller$CommandLineToArgvW failed: $Ended$FALSE$Failed$Failed to allocate memory for event sender service$Failed to create xml updater logger$Failed to create xml updater signature verifier$GetLongPathName failed ($GetModuleFileName failed: $InitSecureDllLoading failed.$Install$InvalidArguments$MAIN_XML$Process$SA/WA installation failed with exit code: $SELF_UPDATE_ALLOWED$STORE_XML_ON_DISK$SaBsi.cpp$Some command line BSI variables are invalid.$Started$TRUE$WaitForOtherBSIToExit failed$failed to initialize updater
                                                                                                                                                                                                                                                    • API String ID: 126520999-360321973
                                                                                                                                                                                                                                                    • Opcode ID: 4a6c02a6081200b7e3635dc5e5f9d81872e0ae5432834c6a4992f9d801b02914
                                                                                                                                                                                                                                                    • Instruction ID: 8148b7cc1af7ca3b004880a84b597c6e3c6cbb4ff257cc56545da3377d9e7c4b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a6c02a6081200b7e3635dc5e5f9d81872e0ae5432834c6a4992f9d801b02914
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D625170904648DFDF16DFA4D895BED7BB4EF04304F50805AF8096F292EB746A88CBA5
                                                                                                                                                                                                                                                    Function 0037EFC0 Relevance: 65.5, APIs: 13, Strings: 24, Instructions: 743COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 1717 37efc0-37f053 call 3941f0 call 394430 1722 37f055-37f06b call 378650 1717->1722 1723 37f07f-37f13b call 37ea50 call 3ba920 * 2 1717->1723 1726 37f070-37f07a 1722->1726 1738 37f13d-37f163 GetLastError call 37e9b0 1723->1738 1739 37f168-37f170 1723->1739 1728 37fa58-37fa83 call 394210 call 3b8367 1726->1728 1745 37f3cb-37f3e6 call 378650 1738->1745 1741 37f172-37f186 1739->1741 1742 37f18d-37f1ab call 394280 1739->1742 1741->1742 1748 37f1ad-37f1d3 GetLastError call 37e9b0 1742->1748 1749 37f1d8-37f209 call 394480 1742->1749 1745->1728 1748->1745 1755 37f236-37f255 call 394250 1749->1755 1756 37f20b-37f231 GetLastError call 37e9b0 1749->1756 1761 37f257-37f286 call 378650 1755->1761 1762 37f289-37f29a call 394640 1755->1762 1756->1745 1761->1762 1767 37f2f3-37f300 call 394620 1762->1767 1768 37f29c-37f2ee GetLastError call 37e9b0 call 378650 1762->1768 1775 37f302-37f324 GetLastError call 37e9b0 1767->1775 1776 37f329-37f33f call 394560 1767->1776 1768->1728 1775->1745 1782 37f341-37f384 GetLastError call 37e9b0 call 378650 1776->1782 1783 37f389-37f3a7 call 3944c0 1776->1783 1782->1728 1788 37f3eb-37f41a call 3c594f 1783->1788 1789 37f3a9-37f3c6 GetLastError call 37e9b0 1783->1789 1796 37f41c-37f455 call 37e9b0 call 378650 1788->1796 1797 37f45a-37f461 1788->1797 1789->1745 1810 37fa4f-37fa50 call 3be960 1796->1810 1798 37f463-37f48f 1797->1798 1799 37f4c2-37f4db call 3808c0 1797->1799 1801 37f495-37f49e 1798->1801 1809 37f4e0-37f501 call 3444b2 1799->1809 1801->1801 1804 37f4a0-37f4c0 call 34347e 1801->1804 1804->1809 1816 37f503-37f517 call 3438d0 1809->1816 1817 37f51d-37f523 1809->1817 1815 37fa55 1810->1815 1815->1728 1816->1817 1818 37f525-37f52b call 3438d0 1817->1818 1819 37f530-37f537 1817->1819 1818->1819 1822 37f5a0-37f5de call 380230 1819->1822 1823 37f539-37f53f 1819->1823 1831 37f657-37f669 call 3438d0 1822->1831 1832 37f5e0-37f5e6 1822->1832 1825 37f561-37f582 call 378650 1823->1825 1826 37f541-37f55f call 378650 1823->1826 1837 37f585-37f59b call 37e9b0 1825->1837 1826->1837 1846 37f66d-37f676 PathFileExistsW 1831->1846 1847 37f66b 1831->1847 1835 37f625-37f654 1832->1835 1836 37f5e8-37f5f7 1832->1836 1835->1831 1839 37f60f-37f61f call 3b8375 1836->1839 1840 37f5f9-37f607 1836->1840 1853 37fa44-37fa4a call 3438d0 1837->1853 1839->1835 1843 37fadf-37fb00 call 3bd60f 1840->1843 1844 37f60d 1840->1844 1866 37fb02-37fb0a call 3b8375 1843->1866 1867 37fb0d-37fb11 1843->1867 1844->1839 1851 37f83d-37f844 1846->1851 1852 37f67c-37f68b 1846->1852 1847->1846 1856 37f846 1851->1856 1857 37f848-37f86a CreateFileW 1851->1857 1858 37f691-37f6a4 1852->1858 1859 37f8b8-37f8bc 1852->1859 1853->1810 1856->1857 1860 37f870-37f8b3 call 37e9b0 call 378650 1857->1860 1861 37f8fa-37f942 call 3935a0 call 3945f0 1857->1861 1862 37fada call 3434d0 1858->1862 1863 37f6aa-37f6ae 1858->1863 1864 37f8c0-37f8f5 call 378650 call 37e9b0 1859->1864 1865 37f8be 1859->1865 1860->1853 1891 37f9d6-37fa1a CloseHandle call 3935f0 call 34149c 1861->1891 1892 37f948 1861->1892 1862->1843 1868 37f6b0-37f6b2 1863->1868 1869 37f6b8-37f6f2 1863->1869 1864->1853 1865->1864 1866->1867 1868->1869 1877 37f6f4-37f6ff 1869->1877 1878 37f739-37f7ba call 3ba3a0 DeleteFileW 1869->1878 1882 37f701-37f706 1877->1882 1883 37f708-37f70f 1877->1883 1895 37f7be-37f7ca call 3c65f0 1878->1895 1896 37f7bc 1878->1896 1888 37f712-37f733 call 3433c3 1882->1888 1883->1888 1888->1878 1914 37fa24-37fa33 call 37e9b0 1891->1914 1915 37fa1c-37fa1f 1891->1915 1897 37f950-37f958 1892->1897 1906 37f82e-37f838 call 3438d0 1895->1906 1907 37f7cc-37f7ee call 3bd73d call 37e9b0 1895->1907 1896->1895 1897->1891 1902 37f95a-37f973 WriteFile 1897->1902 1908 37fa86-37fad5 call 37e9b0 call 378650 CloseHandle 1902->1908 1909 37f979-37f9c9 call 37e990 call 394140 call 3945f0 1902->1909 1906->1851 1927 37f7f2-37f829 call 378650 call 3438d0 1907->1927 1928 37f7f0 1907->1928 1929 37fa3a 1908->1929 1934 37f9ce-37f9d0 1909->1934 1914->1929 1915->1914 1927->1853 1928->1927 1929->1853 1934->1891 1934->1897
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0037F13D
                                                                                                                                                                                                                                                      • Part of subcall function 00378650: std::locale::_Init.LIBCPMT ref: 0037882F
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,00000006,00000000,?,?,?,00000000,?,?,?,00000000,00000000), ref: 0037FAC8
                                                                                                                                                                                                                                                      • Part of subcall function 003BE960: _free.LIBCMT ref: 003BE973
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleInitLast_freestd::locale::_
                                                                                                                                                                                                                                                    • String ID: <$<Z@$Cache-Control: no-cache$CreateFile failed (%d)$File already exists: %s$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, ignore proxy flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk::<lambda_2af623cb1b195cc2505e5df23daadde2>::operator ()$Unable to allocate %d bytes$Unable to extract the filename from url (%s)$Unable to open HTTP transaction$Unable to rename the old file (%d): %s$WinHttpCrackUrl failed (%d), url: %s$WriteFile failed (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$empty filename$false$true
                                                                                                                                                                                                                                                    • API String ID: 2292809486-1852885183
                                                                                                                                                                                                                                                    • Opcode ID: 9a495efe5f18fb93f7d5b79f61447133e8c9d9ce05197a38f3527fbf20ea224d
                                                                                                                                                                                                                                                    • Instruction ID: 746269997a2f59bd4412745b2460cfe9dc41557c03c026b5d84c2359fc12f7ba
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a495efe5f18fb93f7d5b79f61447133e8c9d9ce05197a38f3527fbf20ea224d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D62AEB0A40619AFDB25DB14CC45FAAB7B4BF45304F1041E9F61C6B2D1DB78AA84CF98
                                                                                                                                                                                                                                                    Function 003865F0 Relevance: 38.9, APIs: 4, Strings: 18, Instructions: 416COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2370 3865f0-386642 2371 386644 2370->2371 2372 386646-38664a 2370->2372 2371->2372 2373 386650-386662 call 341b0c 2372->2373 2374 3868c4-3868de 2372->2374 2373->2374 2382 386668-386690 2373->2382 2376 386a8f-386aa3 call 3b88fa 2374->2376 2377 3868e4-386900 call 371ac0 2374->2377 2376->2377 2384 386aa9-386cc3 call 3860c0 * 3 call 34347e call 3860c0 * 2 call 34347e * 4 call 386400 call 3b85d4 call 3b85bf call 3b88b0 2376->2384 2387 38695a-386960 2377->2387 2388 386902-386912 2377->2388 2385 386712 2382->2385 2386 386696-3866be 2382->2386 2384->2377 2390 386719-386727 2385->2390 2393 3866c4-3866cd 2386->2393 2391 386962 2387->2391 2392 386964-3869a1 call 378650 2387->2392 2394 386914 2388->2394 2395 386916-386923 2388->2395 2400 386729-38672f call 3438d0 2390->2400 2401 386734-38673b 2390->2401 2391->2392 2415 3869a4-3869ad 2392->2415 2393->2393 2396 3866cf-386710 call 34347e call 3793a0 2393->2396 2394->2395 2397 38692d-38694e call 341b0c 2395->2397 2398 386925-386927 2395->2398 2396->2385 2396->2390 2417 3869db-3869e4 2397->2417 2418 386954 2397->2418 2398->2397 2400->2401 2407 3867a8-3867df call 3ba920 2401->2407 2408 38673d-38677c call 378650 2401->2408 2425 38681d 2407->2425 2426 3867e1-3867f5 2407->2426 2428 386780-386789 2408->2428 2415->2415 2422 3869af-3869b7 call 34347e 2415->2422 2417->2387 2423 3869ea-3869f6 2417->2423 2418->2387 2418->2423 2435 3869bc-3869d8 call 3b8367 2422->2435 2423->2387 2430 3869fc-386a1c SHGetKnownFolderPath 2423->2430 2432 38681f-386843 GetEnvironmentVariableW 2425->2432 2426->2425 2431 3867f7-3867fd 2426->2431 2428->2428 2434 38678b-3867a3 call 34347e call 3438d0 2428->2434 2436 386a1e-386a22 2430->2436 2437 386a54-386a8a call 3414a1 CoTaskMemFree call 3444b2 call 3438d0 2430->2437 2438 386800 2431->2438 2439 38686e-3868b1 GetLastError call 378650 2432->2439 2440 386845-38684a 2432->2440 2434->2435 2446 386a24 2436->2446 2447 386a26-386a4f call 378650 call 3414a1 2436->2447 2437->2435 2438->2425 2449 386802-386805 2438->2449 2464 3868b4-3868bd 2439->2464 2440->2439 2451 38684c-386865 call 3414a1 call 3438d0 2440->2451 2446->2447 2447->2435 2456 38686a-38686c 2449->2456 2457 386807-38681b 2449->2457 2451->2435 2456->2432 2457->2425 2457->2438 2464->2464 2469 3868bf 2464->2469 2469->2374
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetEnvironmentVariableW.KERNEL32(ProgramW6432,?,00000104), ref: 0038683B
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0038686E
                                                                                                                                                                                                                                                    • SHGetKnownFolderPath.SHELL32(?,00000000,00000000,?,?,?,?), ref: 00386A15
                                                                                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000000,?,?,?,?), ref: 00386A6B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EnvironmentErrorFolderFreeKnownLastPathTaskVariable
                                                                                                                                                                                                                                                    • String ID: CSIDL_COMMON_APPDATA$CSIDL_COMMON_DOCUMENTS$CSIDL_COMMON_STARTUP$CSIDL_PROGRAM_FILES$CSIDL_PROGRAM_FILESX64$CSIDL_PROGRAM_FILESX86$CSIDL_PROGRAM_FILES_COMMON$CSIDL_SYSTEM$CSIDL_SYSTEMX86$CSIDL_WINDOWS$Error retrieving directory %s$GetEnvironmentVariable failed (%d)$NWebAdvisor::NXmlUpdater::CDirSubstitution::Substitute$ProgramFiles$ProgramW6432$Unable to get the platform$Unknown folder identifier: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DirSubstitution.cpp
                                                                                                                                                                                                                                                    • API String ID: 3946049928-1874136459
                                                                                                                                                                                                                                                    • Opcode ID: ad7557336c7c01ad15f2dea0e94abc8b2f1bff71afa5821ae3656710ffaf74b7
                                                                                                                                                                                                                                                    • Instruction ID: 3ac9c5efa7009c534a088df606164ed937eb8fa55ce282b37d53da19ea80fa25
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ad7557336c7c01ad15f2dea0e94abc8b2f1bff71afa5821ae3656710ffaf74b7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E02A170E003589ADB21EF64CC4ABDDB7B0AF14704F6045E9E4097B2D1EBB96A88CF55
                                                                                                                                                                                                                                                    Function 0037EAA0 Relevance: 37.8, APIs: 8, Strings: 17, Instructions: 326COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2492 37eaa0-37eb46 call 3941f0 call 394430 2497 37eb4c-37ebf6 call 3ba920 * 2 2492->2497 2498 37ec1b-37ec28 2492->2498 2509 37ec2d-37ec35 2497->2509 2510 37ebf8-37ec18 GetLastError call 378650 2497->2510 2499 37ef5b-37ef83 call 394210 call 3b8367 2498->2499 2511 37ec37-37ec4b 2509->2511 2512 37ec52-37ec6d call 394280 2509->2512 2510->2498 2511->2512 2517 37eca4-37ecd5 call 394480 2512->2517 2518 37ec6f-37ec9f GetLastError call 378650 2512->2518 2523 37ecd7-37ed07 GetLastError call 378650 2517->2523 2524 37ed0c-37ed2b call 394250 2517->2524 2518->2499 2523->2499 2529 37ed2d-37ed49 GetLastError call 378650 2524->2529 2530 37ed4c-37ed5d call 394640 2524->2530 2529->2530 2535 37eda5-37edb2 call 394620 2530->2535 2536 37ed5f-37eda0 GetLastError call 378650 2530->2536 2541 37ede5-37edfb call 394560 2535->2541 2542 37edb4-37ede0 GetLastError call 378650 2535->2542 2536->2499 2547 37ee34-37ee52 call 3944c0 2541->2547 2548 37edfd-37ee2f GetLastError call 378650 2541->2548 2542->2499 2553 37ee54-37ee83 GetLastError call 378650 2547->2553 2554 37ee88-37eea4 call 3c594f 2547->2554 2548->2499 2553->2499 2559 37eea6-37eed5 call 378650 call 3be960 2554->2559 2560 37eeda-37ef01 call 3945f0 2554->2560 2559->2499 2564 37ef06-37ef08 2560->2564 2566 37ef46-37ef58 call 3be960 2564->2566 2567 37ef0a 2564->2567 2566->2499 2570 37ef10-37ef18 2567->2570 2570->2566 2572 37ef1a-37ef22 2570->2572 2573 37ef86-37efb9 call 378650 call 3be960 2572->2573 2574 37ef24-37ef44 call 3945f0 2572->2574 2573->2499 2574->2566 2574->2570
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(A2199216), ref: 0037EBF9
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(A2199216,?,00000000,?), ref: 0037EC70
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(A2199216,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0037ECD8
                                                                                                                                                                                                                                                      • Part of subcall function 00378650: std::locale::_Init.LIBCPMT ref: 0037882F
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(A2199216,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0037ED2E
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(A2199216,true,00000000,00000000,Cache-Control: no-cache,000000FF,40000000,GET,?,00000000,00000000,00000000,00000000,?,00000000,?), ref: 0037ED75
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$Initstd::locale::_
                                                                                                                                                                                                                                                    • String ID: @]7$Cache-Control: no-cache$GET$HTTP GET request failed (%d), url: %s$HTTP add request headers failed (%d), url: %s$HTTP connection failed (%d), url: %s$HTTP query content length (%d), url: %s$HTTP receive response failed (%d), url: %s$HTTP send request failed (%d), url: %s, proxy ignore flag %s$HTTP status (%d) error (%d), url: %s$NWebAdvisor::NHttp::NDownloadFile::From::<lambda_1effc98e56da47b46c9f3c737083b6c0>::operator ()$Not enough space in buffer: bufferLength(%d) Read(%d)$Unable to allocate %d bytes$WinHttpCrackUrl failed (%d), url: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp$false$true
                                                                                                                                                                                                                                                    • API String ID: 1579124236-395283932
                                                                                                                                                                                                                                                    • Opcode ID: 0053e427946f388a457706d3638f3c48e0bfb6ca18acc644d1ce1a211a1e215f
                                                                                                                                                                                                                                                    • Instruction ID: 5c1b36c5b072071c237c96074454987be8541be6553e59fefa82585298a8e0fa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0053e427946f388a457706d3638f3c48e0bfb6ca18acc644d1ce1a211a1e215f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7C1A2B0A40719AAEB219F50CC46FEAB778EB14704F5041E9F60D771C1E7B86A848F69
                                                                                                                                                                                                                                                    Function 00379400 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 871libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2581 379400-379483 GetModuleHandleW 2582 379485-379495 GetProcAddress 2581->2582 2583 3794c2 2581->2583 2582->2583 2585 379497-3794b3 GetCurrentProcess 2582->2585 2584 3794c4-3794dc 2583->2584 2586 3794e0-3794e9 2584->2586 2585->2583 2590 3794b5-3794bc 2585->2590 2586->2586 2587 3794eb-37952f call 34347e 2586->2587 2593 379530-379539 2587->2593 2590->2583 2591 3794be-3794c0 2590->2591 2591->2584 2593->2593 2594 37953b-379567 call 34347e call 378c60 2593->2594 2599 379585-379592 2594->2599 2600 379569-379580 call 34347e 2594->2600 2601 379594-3795a9 2599->2601 2602 3795c9-3795f6 2599->2602 2600->2599 2604 3795bf-3795c6 call 3b8375 2601->2604 2605 3795ab-3795b9 2601->2605 2606 37962d-379674 call 3791a0 2602->2606 2607 3795f8-37960d 2602->2607 2604->2602 2605->2604 2608 37a108-37a121 call 3bd60f 2605->2608 2619 379677-379680 2606->2619 2610 379623-37962a call 3b8375 2607->2610 2611 37960f-37961d 2607->2611 2610->2606 2611->2608 2611->2610 2619->2619 2620 379682-3796a8 call 34347e call 378c60 2619->2620 2625 3796be-3796cb 2620->2625 2626 3796aa-3796b1 2620->2626 2629 379702-37972f 2625->2629 2630 3796cd-3796e2 2625->2630 2627 3796b5-3796b9 call 34347e 2626->2627 2628 3796b3 2626->2628 2627->2625 2628->2627 2634 379766-3797c9 call 3ba920 GetModuleFileNameW 2629->2634 2635 379731-379746 2629->2635 2632 3796e4-3796f2 2630->2632 2633 3796f8-3796ff call 3b8375 2630->2633 2632->2633 2633->2629 2644 379816-379884 call 380750 call 343f22 call 3438d0 call 3ba920 GetLongPathNameW 2634->2644 2645 3797cb-3797fb GetLastError call 378650 2634->2645 2636 37975c-379763 call 3b8375 2635->2636 2637 379748-379756 2635->2637 2636->2634 2637->2636 2663 379886-3798e8 GetLastError call 378650 call 3bea46 2644->2663 2664 3798eb-3798f1 2644->2664 2650 379800-379809 2645->2650 2650->2650 2653 37980b-379811 2650->2653 2655 37990b-379948 call 34347e 2653->2655 2660 379950-379959 2655->2660 2660->2660 2662 37995b-379987 call 34347e call 378c60 2660->2662 2675 3799a5-3799b2 2662->2675 2676 379989-3799a0 call 34347e 2662->2676 2663->2664 2667 3798f4-3798fd 2664->2667 2667->2667 2670 3798ff-37990a 2667->2670 2670->2655 2678 3799b4-3799c9 2675->2678 2679 3799e9-379a16 2675->2679 2676->2675 2680 3799df-3799e6 call 3b8375 2678->2680 2681 3799cb-3799d9 2678->2681 2682 379a4d-379abf call 34347e 2679->2682 2683 379a18-379a2d 2679->2683 2680->2679 2681->2680 2692 379ac0-379ac9 2682->2692 2684 379a43-379a4a call 3b8375 2683->2684 2685 379a2f-379a3d 2683->2685 2684->2682 2685->2684 2692->2692 2693 379acb-379af7 call 34347e call 378c60 2692->2693 2698 379b15-379b22 2693->2698 2699 379af9-379b10 call 34347e 2693->2699 2700 379b24-379b39 2698->2700 2701 379b59-379b86 2698->2701 2699->2698 2703 379b4f-379b56 call 3b8375 2700->2703 2704 379b3b-379b49 2700->2704 2705 379bbd-379c2f call 34347e 2701->2705 2706 379b88-379b9d 2701->2706 2703->2701 2704->2703 2715 379c30-379c39 2705->2715 2708 379bb3-379bba call 3b8375 2706->2708 2709 379b9f-379bad 2706->2709 2708->2705 2709->2708 2715->2715 2716 379c3b-379c67 call 34347e call 378c60 2715->2716 2721 379c85-379c92 2716->2721 2722 379c69-379c80 call 34347e 2716->2722 2724 379c94-379ca9 2721->2724 2725 379cc9-379cf6 2721->2725 2722->2721 2726 379cbf-379cc6 call 3b8375 2724->2726 2727 379cab-379cb9 2724->2727 2728 379d2d-379d69 call 378f20 call 37a130 2725->2728 2729 379cf8-379d0d 2725->2729 2726->2725 2727->2726 2740 379d72-379dae call 378f60 call 37a130 2728->2740 2741 379d6b-379d6d 2728->2741 2732 379d23-379d2a call 3b8375 2729->2732 2733 379d0f-379d1d 2729->2733 2732->2728 2733->2732 2746 379db7-379df3 call 378ee0 call 37a130 2740->2746 2747 379db0-379db2 2740->2747 2741->2740 2752 379df5-379df7 2746->2752 2753 379dfc-379e38 call 379120 call 37a130 2746->2753 2747->2746 2752->2753 2758 379e41-379e7d call 379120 call 37a130 2753->2758 2759 379e3a-379e3c 2753->2759 2764 379e86-379ec2 call 3790e0 call 37a130 2758->2764 2765 379e7f-379e81 2758->2765 2759->2758 2770 379ec4-379ec6 2764->2770 2771 379ecb-379f07 call 379160 call 37a130 2764->2771 2765->2764 2770->2771 2776 379f10-379f4c call 379060 call 37a130 2771->2776 2777 379f09-379f0b 2771->2777 2782 379f55-379f91 call 379060 call 37a130 2776->2782 2783 379f4e-379f50 2776->2783 2777->2776 2788 379f93-379f95 2782->2788 2789 379f9a-379fd6 call 379020 call 37a130 2782->2789 2783->2782 2788->2789 2794 379fdf-37a01b call 3790a0 call 37a130 2789->2794 2795 379fd8-379fda 2789->2795 2800 37a024-37a060 call 378fa0 call 37a130 2794->2800 2801 37a01d-37a01f 2794->2801 2795->2794 2806 37a062-37a064 2800->2806 2807 37a069-37a0a5 call 378fe0 call 37a130 2800->2807 2801->2800 2806->2807 2812 37a0a7-37a0a9 2807->2812 2813 37a0ae-37a0e3 call 378ea0 call 37a130 2807->2813 2812->2813 2818 37a0e5-37a0e7 2813->2818 2819 37a0ec-37a107 call 3b8367 2813->2819 2818->2819
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32,A2199216,?), ref: 0037947B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0037948B
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?), ref: 003794A8
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,0041A52C,0041A52A), ref: 003797C1
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,0041A52C,0041A52A), ref: 003797CB
                                                                                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(00000000,?,00000104), ref: 0037987C
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0037989A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLastModuleName$AddressCurrentFileHandleLongPathProcProcess
                                                                                                                                                                                                                                                    • String ID: $w@$0p@$0w@$1.1$<w@$GetLongPathName failed (%d) for %s$GetModuleFileName failed (%d)$IsWow64Process$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetExtractDir$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32$>@$r@$v@
                                                                                                                                                                                                                                                    • API String ID: 891933594-232001292
                                                                                                                                                                                                                                                    • Opcode ID: 6fe6b624d2589e33068ca138e53c0b3dea61e43dffc36a89615f0297b94ed2d4
                                                                                                                                                                                                                                                    • Instruction ID: 3bfef158f3982f2adb3e1e3fd76cc323a7fec33745cd5a2834065afc6f987cf9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6fe6b624d2589e33068ca138e53c0b3dea61e43dffc36a89615f0297b94ed2d4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8472BFB0A002189FDB25DF24CC85B9DB7B5AF49304F5082DCE20DAB291DB78AE85CF55
                                                                                                                                                                                                                                                    Function 0037BC60 Relevance: 33.8, APIs: 2, Strings: 17, Instructions: 570fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 2822 37bc60-37bd0a call 34347e 2825 37bd0e-37bd14 2822->2825 2826 37bd0c 2822->2826 2827 37bd16 2825->2827 2828 37bd18-37bd39 call 37fbe0 2825->2828 2826->2825 2827->2828 2831 37bd6e-37bd94 PathFindExtensionW call 3c2041 2828->2831 2832 37bd3b-37bd3f 2828->2832 2839 37bd96-37bda8 call 3c2041 2831->2839 2840 37bdaa-37bdbe 2831->2840 2834 37bd43-37bd63 call 378650 2832->2834 2835 37bd41 2832->2835 2841 37be5d-37be5f 2834->2841 2842 37bd69 2834->2842 2835->2834 2839->2840 2852 37bdea-37bdfa call 37bbf0 2839->2852 2844 37bdc0-37bdc5 call 3a21d0 2840->2844 2845 37bdc9-37bdce call 38eb20 2840->2845 2849 37be63-37be69 2841->2849 2846 37be4b-37be57 DeleteFileW 2842->2846 2853 37bdc7 2844->2853 2860 37bdd1-37bdd3 2845->2860 2846->2841 2850 37be6b-37be7d 2849->2850 2851 37be99-37beb3 2849->2851 2855 37be8f-37be96 call 3b8375 2850->2855 2856 37be7f-37be8d 2850->2856 2858 37beb5-37bec7 2851->2858 2859 37bee3-37bf00 call 3b8367 2851->2859 2871 37be61 2852->2871 2872 37bdfc-37be0e 2852->2872 2853->2860 2855->2851 2856->2855 2862 37bf03-37bf63 call 3bd60f 2856->2862 2865 37bed9-37bee0 call 3b8375 2858->2865 2866 37bec9-37bed7 2858->2866 2860->2852 2861 37bdd5-37bde8 2860->2861 2868 37be37-37be48 call 378650 2861->2868 2880 37bf65-37bf6f 2862->2880 2881 37bf74-37c0e0 call 34347e call 3767e0 call 3438d0 call 34347e call 3767e0 call 3438d0 call 34347e call 3767e0 call 3438d0 call 34347e call 3767e0 call 3438d0 call 34347e call 3767e0 call 3438d0 2862->2881 2865->2859 2866->2862 2866->2865 2868->2846 2871->2849 2876 37be12-37be1f call 3c2041 2872->2876 2877 37be10 2872->2877 2876->2871 2888 37be21-37be32 2876->2888 2877->2876 2884 37c387-37c39d call 378650 2880->2884 2927 37c0e6-37c0ee 2881->2927 2928 37c37d-37c382 2881->2928 2892 37c39f-37c3a4 2884->2892 2888->2868 2894 37c3c7-37c3e4 call 3b8367 2892->2894 2895 37c3a6-37c3b0 2892->2895 2895->2894 2897 37c3b2-37c3be 2895->2897 2897->2894 2904 37c3c0-37c3c2 2897->2904 2904->2894 2927->2928 2929 37c0f4-37c0fc 2927->2929 2928->2884 2930 37c115-37c121 call 3414c1 2929->2930 2931 37c0fe-37c113 call 3414a1 2929->2931 2936 37c126-37c13c call 3444b2 2930->2936 2931->2936 2939 37c13e-37c147 call 3438d0 2936->2939 2940 37c14c-37c153 2936->2940 2939->2940 2941 37c166-37c171 2940->2941 2942 37c155-37c161 call 3438d0 2940->2942 2945 37c173-37c186 call 3414a1 2941->2945 2946 37c188-37c197 call 3414c1 2941->2946 2942->2941 2951 37c19a-37c1b0 call 3444b2 2945->2951 2946->2951 2954 37c1c3-37c1ca 2951->2954 2955 37c1b2-37c1be call 3438d0 2951->2955 2957 37c1dd-37c1e5 2954->2957 2958 37c1cc-37c1d8 call 3438d0 2954->2958 2955->2954 2960 37c1e7-37c1fa call 3414a1 2957->2960 2961 37c1fc-37c20b call 3414c1 2957->2961 2958->2957 2966 37c20e-37c221 call 3444b2 2960->2966 2961->2966 2969 37c223-37c22c call 3438d0 2966->2969 2970 37c231-37c238 2966->2970 2969->2970 2972 37c245-37c25e call 37a380 2970->2972 2973 37c23a-37c240 call 3438d0 2970->2973 2977 37c346-37c34b 2972->2977 2978 37c264-37c271 call 37a380 2972->2978 2973->2972 2979 37c34d-37c35e call 378650 2977->2979 2978->2977 2984 37c277-37c284 call 37a380 2978->2984 2985 37c361 2979->2985 2984->2977 2990 37c28a-37c297 2984->2990 2987 37c363-37c37b call 3438d0 * 3 2985->2987 2987->2892 2992 37c29b-37c2aa call 3e4db0 2990->2992 2993 37c299 2990->2993 2999 37c2cf-37c301 call 3414a1 call 3767e0 call 3438d0 2992->2999 3000 37c2ac-37c2ca call 378650 2992->3000 2993->2992 3010 37c323-37c33d call 37bc60 2999->3010 3011 37c303-37c310 call 37a380 2999->3011 3000->2985 3014 37c342-37c344 3010->3014 3016 37c312-37c319 3011->3016 3017 37c31b-37c31f 3011->3017 3014->2987 3016->2979 3017->3010 3018 37c321 3017->3018 3018->3010
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • PathFindExtensionW.SHLWAPI(00000000,?,?,?,?,0041BFD0,00000000,A2199216), ref: 0037BD7A
                                                                                                                                                                                                                                                    • DeleteFileW.KERNEL32(00000000), ref: 0037BE57
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DeleteExtensionFileFindPath
                                                                                                                                                                                                                                                    • String ID: .cab$.exe$DestDir$DestFile$Location$MD5$NWebAdvisor::NXmlUpdater::CDownloadCommand::DownloadCommand$NWebAdvisor::NXmlUpdater::CDownloadCommand::Execute$Unable to create destination directory (%d)$Unable to download %s$Unable to get substitute download variables$Unable to read Location and/or DestDir attribute of DOWNLOAD command$Unable to verify MD5, deleting file: %s$Unable to verify signature, deleting file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DownloadCommand.cpp$extra$invalid substitutor
                                                                                                                                                                                                                                                    • API String ID: 3618814920-733304951
                                                                                                                                                                                                                                                    • Opcode ID: 186542c41237a28e9f06235596ea61b543b476977739f5df3f351c71c9654e6c
                                                                                                                                                                                                                                                    • Instruction ID: 77b72b74827a9edb731a0ede02365a558846eb52755b4601dec9ab89db689b88
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 186542c41237a28e9f06235596ea61b543b476977739f5df3f351c71c9654e6c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A228171E00208DBDB25DFA4DC95BEDB7B5EF44304F108529E519BB282DB78AA48CF60
                                                                                                                                                                                                                                                    Function 00350890 Relevance: 30.3, APIs: 13, Strings: 4, Instructions: 560COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 3210 350890-3508e2 call 3a3bab 3213 351045-351046 call 3a3faf 3210->3213 3214 3508e8-3508ee 3210->3214 3218 35104b call 3bd60f 3213->3218 3216 3508f4-35090b ConvertStringSecurityDescriptorToSecurityDescriptorW 3214->3216 3217 350a53-350a70 call 3ba920 3214->3217 3220 350911-350939 3216->3220 3221 35101f-351042 call 3a3bbc call 3b8367 3216->3221 3228 350a75-350ab6 call 353110 3217->3228 3229 350a72 3217->3229 3227 351050-351053 3218->3227 3224 35093d-350942 3220->3224 3225 35093b 3220->3225 3230 350945-35094e 3224->3230 3225->3224 3232 351055-35105a 3227->3232 3233 35105c-351069 3227->3233 3242 350abc-350ac0 3228->3242 3243 350fa9-35101c call 352b90 call 3a2bfd 3228->3243 3229->3228 3230->3230 3235 350950-35099f call 34f520 call 34e640 3230->3235 3237 35106c-351098 call 342a82 call 3428d1 call 3ba332 3232->3237 3233->3237 3250 3509a4-3509bf 3235->3250 3247 350ac6-350bba call 3b8713 call 3ba920 call 3a3367 call 3a3184 call 3a33f6 call 343128 call 3a3084 call 3a31e9 3242->3247 3248 350d19-350d26 3242->3248 3243->3221 3332 350bbc-350bcc call 3a3367 3247->3332 3333 350bef-350c12 call 3a5688 3247->3333 3251 350d28 3248->3251 3252 350d2a-350d53 call 3489b0 3248->3252 3257 3509c1-3509d6 3250->3257 3258 3509fc-350a1b 3250->3258 3251->3252 3275 350e00-350e0a 3252->3275 3276 350d59-350d70 call 342c9c 3252->3276 3263 3509ec-3509f9 call 3b8375 3257->3263 3264 3509d8-3509e6 3257->3264 3265 350a31-350a40 3258->3265 3266 350a1d-350a1f 3258->3266 3263->3258 3264->3218 3264->3263 3272 350a51 3265->3272 3273 350a42-350a4f LocalFree 3265->3273 3266->3221 3274 350a25-350a2c LocalFree 3266->3274 3272->3217 3273->3217 3274->3221 3275->3243 3281 350e10-350e3a call 342c9c 3275->3281 3287 350d72-350d8a 3276->3287 3288 350db8-350dc3 call 3a38a1 3276->3288 3289 350e3c-350e6c call 352380 3281->3289 3290 350e89-350eb2 call 3a38a1 3281->3290 3287->3288 3310 350d8c-350db2 3287->3310 3298 350dc5-350dc8 call 342510 3288->3298 3299 350dcd-350de5 3288->3299 3312 350e6e-350e79 call 3a38a1 3289->3312 3307 350eb4-350eb7 call 342510 3290->3307 3308 350ebc 3290->3308 3298->3299 3304 350de7-350df4 3299->3304 3305 350dfc 3299->3305 3304->3305 3305->3275 3307->3308 3311 350ec0-350ed4 3308->3311 3310->3227 3310->3288 3314 350ed6-350ee3 3311->3314 3315 350eeb-350f0d 3311->3315 3325 350e83-350e87 3312->3325 3326 350e7b-350e7e call 342510 3312->3326 3314->3315 3315->3243 3319 350f13 3315->3319 3323 350f15-350f18 3319->3323 3324 350f1e-350f2b call 353030 3319->3324 3323->3243 3323->3324 3336 350f2d-350f63 3324->3336 3337 350f78-350f82 3324->3337 3325->3311 3326->3325 3343 350bde-350bec call 3a33bf 3332->3343 3344 350bce-350bd9 3332->3344 3346 350c14-350c16 3333->3346 3347 350c5f-350c7e call 352c50 3333->3347 3336->3337 3342 350f65-350f68 3336->3342 3339 350f84 3337->3339 3340 350f86-350fa4 call 34e790 call 351740 3337->3340 3339->3340 3340->3243 3342->3233 3348 350f6e-350f73 3342->3348 3343->3333 3344->3343 3352 350c21-350c2d 3346->3352 3353 350c18-350c1e call 3be960 3346->3353 3359 350c80-350c9a 3347->3359 3360 350caf-350cb4 3347->3360 3348->3237 3358 350c30-350c34 3352->3358 3353->3352 3358->3358 3362 350c36-350c4e call 3c594f 3358->3362 3359->3360 3376 350c9c-350caa 3359->3376 3364 350cb6-350ccd 3360->3364 3365 350ce2-350ceb 3360->3365 3362->3347 3369 350c50-350c5c call 3ba3a0 3362->3369 3364->3365 3378 350ccf-350cdd 3364->3378 3365->3248 3368 350ced-350d04 3365->3368 3368->3248 3379 350d06-350d14 3368->3379 3369->3347 3376->3360 3378->3365 3379->3248
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00350903
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?), ref: 00350A26
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?), ref: 00350A43
                                                                                                                                                                                                                                                      • Part of subcall function 00342510: __EH_prolog3_catch.LIBCMT ref: 00342517
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00350B08
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00350B50
                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00350B86
                                                                                                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 00350B97
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 00350BA4
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00350BC0
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00350BE1
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 00350BF2
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00351017
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00351020
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockitstd::locale::_$DescriptorFreeLocalLocimp::_Lockit::_Security$AddfacConvertH_prolog3_catchInitIos_base_dtorLocimpLocimp_LocinfoLocinfo::_Locinfo::~_Locinfo_ctorLockit::~_Mtx_unlockNew_Stringstd::ios_base::_
                                                                                                                                                                                                                                                    • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                    • API String ID: 4127577005-3388121372
                                                                                                                                                                                                                                                    • Opcode ID: a4883863aebd4cb27e19cd84d7a8d36bef6029c0fb5e9e9a43c2681c47f2b2d8
                                                                                                                                                                                                                                                    • Instruction ID: c41538d60cb84852e8180ae8f9aaed6cc4d6df198b58320b5e3e13177c28165c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a4883863aebd4cb27e19cd84d7a8d36bef6029c0fb5e9e9a43c2681c47f2b2d8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29326F70D002588FDB16DFA4C985BEDB7F4BF05304F1440A9E949AB2A1DB75AE88CF91
                                                                                                                                                                                                                                                    Function 003659AA Relevance: 28.4, APIs: 7, Strings: 9, Instructions: 407COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 3495 3659aa-365b7a call 366440 call 359180 3508 365b7f-365b81 3495->3508 3509 365b7a call 359180 3495->3509 3510 365bc4-365be0 call 3411f3 3508->3510 3511 365b83-365b8d 3508->3511 3509->3508 3519 365be6-365c59 call 349bb0 call 349940 call 341b84 call 341be0 call 34b8a0 call 3a2bfd 3510->3519 3520 365cfc-365d06 3510->3520 3512 365b93-365ba5 3511->3512 3513 365c8d-365ccd call 366440 3511->3513 3517 365c83-365c8a call 3b8375 3512->3517 3518 365bab-365bbf 3512->3518 3526 365db3-365dc0 3513->3526 3527 365cd3-365cd8 3513->3527 3517->3513 3518->3517 3519->3513 3609 365c5b-365c6d 3519->3609 3528 365d3a-365d67 call 366440 3520->3528 3529 365d08-365d1a 3520->3529 3534 365dc2-365dc7 3526->3534 3535 365dc9-365dce 3526->3535 3532 365cdc-365cf7 call 3ba3a0 3527->3532 3533 365cda 3527->3533 3544 365d78-365d82 3528->3544 3545 365d69-365d73 call 35aad0 3528->3545 3536 365d30-365d37 call 3b8375 3529->3536 3537 365d1c-365d2a 3529->3537 3555 365e8e-365e98 3532->3555 3533->3532 3541 365dd1-365de5 3534->3541 3535->3541 3536->3528 3537->3536 3548 365de7-365dec 3541->3548 3549 365e30-365e32 3541->3549 3544->3513 3554 365d88-365d94 3544->3554 3545->3544 3556 366085 Concurrency::cancel_current_task 3548->3556 3557 365df2-365dfd call 3b8713 3548->3557 3550 365e64-365e86 3549->3550 3551 365e34-365e62 call 3b8713 3549->3551 3561 365e8c 3550->3561 3551->3561 3554->3517 3562 365d9a-365dae 3554->3562 3563 365ec6-365eee call 359980 3555->3563 3564 365e9a-365ea6 3555->3564 3565 36608a call 3bd60f 3556->3565 3557->3565 3575 365e03-365e2e 3557->3575 3561->3555 3562->3517 3580 365ef4-365f34 call 366440 3563->3580 3581 365f7f 3563->3581 3571 365ebc-365ec3 call 3b8375 3564->3571 3572 365ea8-365eb6 3564->3572 3578 36608f-3660aa call 3bd60f 3565->3578 3571->3563 3572->3565 3572->3571 3575->3561 3588 3660ac-3660b6 3578->3588 3589 3660d8-3660fc call 3667b0 3578->3589 3597 365f36-365f40 call 35aad0 3580->3597 3598 365f45-365f4f 3580->3598 3587 365f82-365f93 GetModuleHandleW 3581->3587 3592 365f95-365fa5 GetProcAddress 3587->3592 3593 365fd1 3587->3593 3595 3660ce-3660d5 call 3b8375 3588->3595 3596 3660b8-3660c6 3588->3596 3616 366144-366149 3589->3616 3617 3660fe-366106 3589->3617 3592->3593 3594 365fa7-365fc5 GetCurrentProcess 3592->3594 3599 365fd3-36605c call 366440 call 3436db call 34372a * 3 call 3b8367 3593->3599 3594->3593 3637 365fc7-365fcb 3594->3637 3595->3589 3602 3661d4-3661d9 call 3bd60f 3596->3602 3603 3660cc 3596->3603 3597->3598 3598->3587 3606 365f51-365f5d 3598->3606 3603->3595 3612 365f73-365f7d call 3b8375 3606->3612 3613 365f5f-365f6d 3606->3613 3609->3517 3618 365c6f-365c7d 3609->3618 3612->3587 3613->3578 3613->3612 3619 36618f-366197 3616->3619 3620 36614b-366151 3616->3620 3624 36613d 3617->3624 3625 366108-36610c 3617->3625 3618->3517 3626 3661c0-3661d3 3619->3626 3627 366199-3661a2 3619->3627 3629 366153-366157 3620->3629 3630 366188 3620->3630 3624->3616 3633 36610e-366115 SysFreeString 3625->3633 3634 36611b-366120 3625->3634 3635 3661b6-3661bd call 3b8375 3627->3635 3636 3661a4-3661b2 3627->3636 3638 366166-36616b 3629->3638 3639 366159-366160 SysFreeString 3629->3639 3630->3619 3633->3634 3641 366132-36613a call 3b8375 3634->3641 3642 366122-36612b call 3b874c 3634->3642 3635->3626 3636->3602 3645 3661b4 3636->3645 3637->3593 3646 365fcd-365fcf 3637->3646 3648 36617d-366185 call 3b8375 3638->3648 3649 36616d-366176 call 3b874c 3638->3649 3639->3638 3641->3624 3642->3641 3645->3635 3646->3599 3648->3630 3649->3648
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00366067
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00366085
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32 ref: 0036610F
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0036615A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_taskFreeString
                                                                                                                                                                                                                                                    • String ID: )$0A$4A$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                                                                                    • API String ID: 3597043392-4286809940
                                                                                                                                                                                                                                                    • Opcode ID: d357a46276045dc70e673563bc47ac5a3c70004ccc5c9e460948dc950fbd30c4
                                                                                                                                                                                                                                                    • Instruction ID: 2460e690529958dc1c6bcc89d7c1880e2fb8a74a8cb18748e752c6fe7ea04df5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d357a46276045dc70e673563bc47ac5a3c70004ccc5c9e460948dc950fbd30c4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03E134749003049FEB2ADFB4CC4979DBBB5AF41304F24862CE415AB7D6DB749A84CB91
                                                                                                                                                                                                                                                    Function 00376560 Relevance: 25.7, APIs: 14, Strings: 3, Instructions: 211memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 4028 376560-37658d 4029 37658f-376592 GlobalFree 4028->4029 4030 376599-37659e 4028->4030 4029->4030 4031 3765a0-3765a3 GlobalFree 4030->4031 4032 3765aa-3765af 4030->4032 4031->4032 4033 3765b1-3765b4 GlobalFree 4032->4033 4034 3765bb-3765c8 4032->4034 4033->4034 4036 3765ce-3765d3 4034->4036 4037 37668c 4034->4037 4039 3766cd-3766d1 4036->4039 4040 3765d9-3765de 4036->4040 4038 37668e-376693 4037->4038 4041 376695-376698 GlobalFree 4038->4041 4042 37669f-3766a4 4038->4042 4043 3766d3-3766d7 4039->4043 4044 3766dd-3766ef 4039->4044 4045 3765e0-3765e3 GlobalFree 4040->4045 4046 3765ea-3765ec 4040->4046 4041->4042 4049 3766a6-3766a9 GlobalFree 4042->4049 4050 3766b0-3766b6 4042->4050 4043->4044 4051 3767d0-3767d2 4043->4051 4052 3766f1-3766fb 4044->4052 4053 3766fd-376704 4044->4053 4045->4046 4047 3765ee-3765f0 4046->4047 4048 37662b-376633 4046->4048 4054 3765f3-3765fc 4047->4054 4057 376635-376638 GlobalFree 4048->4057 4058 37663f-376641 4048->4058 4049->4050 4055 3766bb-3766cc call 3b8367 4050->4055 4056 3766b8-3766b9 GlobalFree 4050->4056 4051->4038 4059 37670b-37672a 4052->4059 4053->4059 4054->4054 4060 3765fe-376618 GlobalAlloc 4054->4060 4056->4055 4057->4058 4058->4051 4062 376647-37664c 4058->4062 4059->4037 4067 376730-376751 4059->4067 4060->4037 4064 37661a-376629 call 3bd660 4060->4064 4066 376650-376659 4062->4066 4064->4037 4064->4048 4066->4066 4069 37665b-376675 GlobalAlloc 4066->4069 4072 37675e-37676b 4067->4072 4069->4037 4071 376677-376686 call 3bd660 4069->4071 4071->4037 4071->4051 4076 376794-376798 4072->4076 4077 37676d-376779 4072->4077 4080 3767ae-3767ba 4076->4080 4081 37679a-3767a9 call 376a70 call 376af0 4076->4081 4078 376781-376786 4077->4078 4079 37677b-37677e GlobalFree 4077->4079 4078->4037 4084 37678c-37678f GlobalFree 4078->4084 4079->4078 4082 3767c6-3767cb 4080->4082 4083 3767bc-3767bf GlobalFree 4080->4083 4081->4080 4082->4051 4086 3767cd-3767ce GlobalFree 4082->4086 4083->4082 4084->4037 4086->4051
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00376590
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 003765A1
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000101), ref: 003765B2
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 003765E1
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000000,?), ref: 0037660D
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000101), ref: 00376636
                                                                                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000000,?), ref: 0037666A
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00376696
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 003766A7
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 003766B9
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0037677C
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0037678D
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 003767BD
                                                                                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 003767CE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Global$Free$Alloc
                                                                                                                                                                                                                                                    • String ID: Temp$\$@$`ato
                                                                                                                                                                                                                                                    • API String ID: 1780285237-581788660
                                                                                                                                                                                                                                                    • Opcode ID: 0c2d6c282b0de9806f455a2f31b03b35da4c95f50122a3aef5a3d547dba139fd
                                                                                                                                                                                                                                                    • Instruction ID: 3b4ccfde6baa78411fd33d18c5b4f1e2e245bd9e9a86f05a7a06f74b7f122013
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c2d6c282b0de9806f455a2f31b03b35da4c95f50122a3aef5a3d547dba139fd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8715E70E007199BDF219FA5CC95BAEF7B8AF04704F158169EC09BB241D779D904CE60
                                                                                                                                                                                                                                                    Function 0035CE00 Relevance: 25.0, APIs: 2, Strings: 12, Instructions: 545COMMON
                                                                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                                                                    control_flow_graph 4089 35ce00-35d2f7 call 3b8713 * 6 call 3a3b8a call 3ba920 * 2 call 361770 call 34bbb0 call 34bed0 4114 35d32e-35d3ac call 344300 * 5 call 34ba20 4089->4114 4115 35d2f9-35d30e 4089->4115 4141 35d414-35d41d 4114->4141 4142 35d3ae-35d3b4 4114->4142 4116 35d324-35d32b call 3b8375 4115->4116 4117 35d310-35d31e 4115->4117 4116->4114 4117->4116 4119 35d707-35d71d call 3bd60f call 359c10 4117->4119 4131 35d72d-35d730 4119->4131 4132 35d71f-35d72a call 3b8375 4119->4132 4132->4131 4143 35d454-35d46c call 3ba920 call 35ccb0 4141->4143 4144 35d41f-35d434 4141->4144 4145 35d3b6-35d3c5 4142->4145 4146 35d3ed-35d412 4142->4146 4162 35d471-35d481 4143->4162 4147 35d436-35d444 4144->4147 4148 35d44a-35d451 call 3b8375 4144->4148 4150 35d3c7-35d3d5 4145->4150 4151 35d3dd-35d3ea call 3b8375 4145->4151 4146->4143 4147->4148 4152 35d6f8 call 3bd60f 4147->4152 4148->4143 4150->4152 4155 35d3db 4150->4155 4151->4146 4161 35d6fd call 3434d0 4152->4161 4155->4151 4166 35d702 call 3434d0 4161->4166 4164 35d483-35d494 4162->4164 4165 35d4d8-35d4e9 4162->4165 4164->4161 4168 35d49a-35d4a0 4164->4168 4165->4166 4167 35d4ef-35d4f5 4165->4167 4166->4119 4169 35d4f7 4167->4169 4170 35d4f9-35d4fd 4167->4170 4172 35d4a4-35d4a8 4168->4172 4173 35d4a2 4168->4173 4169->4170 4174 35d501-35d522 call 3440e8 4170->4174 4175 35d4ff 4170->4175 4176 35d4ac-35d4d6 call 3440e8 4172->4176 4177 35d4aa 4172->4177 4173->4172 4182 35d527-35d52f 4174->4182 4175->4174 4176->4182 4177->4176 4183 35d597-35d59f 4182->4183 4184 35d531-35d537 4182->4184 4185 35d5a1-35d5b3 4183->4185 4186 35d5f0-35d5f9 4183->4186 4187 35d539-35d548 4184->4187 4188 35d56a-35d594 4184->4188 4185->4186 4189 35d5b5-35d5ca 4185->4189 4190 35d63b-35d689 call 349bb0 call 349940 call 341b84 call 344200 4186->4190 4191 35d5fb-35d604 4186->4191 4192 35d560-35d567 call 3b8375 4187->4192 4193 35d54a-35d558 4187->4193 4188->4183 4196 35d5e0-35d5ed call 3b8375 4189->4196 4197 35d5cc-35d5da 4189->4197 4214 35d68d-35d6f7 call 344190 call 34b8a0 call 3a2bfd call 35d740 call 3b8367 4190->4214 4215 35d68b 4190->4215 4191->4190 4198 35d606-35d61b 4191->4198 4192->4188 4193->4119 4199 35d55e 4193->4199 4196->4186 4197->4119 4197->4196 4203 35d631-35d638 call 3b8375 4198->4203 4204 35d61d-35d62b 4198->4204 4199->4192 4203->4190 4204->4119 4204->4203 4215->4214
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_init_in_situ.LIBCPMT ref: 0035D1E6
                                                                                                                                                                                                                                                      • Part of subcall function 0034BBB0: std::locale::_Init.LIBCPMT ref: 0034BBFC
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035D6C4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitIos_base_dtorMtx_init_in_situstd::ios_base::_std::locale::_
                                                                                                                                                                                                                                                    • String ID: $+@$$A$.servicebus.windows.net/$/messages?timeout=60&api-version=2014-01$<A$@A$AWS m_url_aws = $Content-Type: application/atom+xml;type=entry;charset=utf-8$`A$https://$u$*@
                                                                                                                                                                                                                                                    • API String ID: 655687434-96075320
                                                                                                                                                                                                                                                    • Opcode ID: 0cae03cb283ba0fad7cbcd5c7c3f95726800e77ca12cbbe1028133f6b1e50fb9
                                                                                                                                                                                                                                                    • Instruction ID: 34566d1cd9fc0c325efe76b97f0f0e26e3d479ac80857cbef5ef22e3001cde62
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cae03cb283ba0fad7cbcd5c7c3f95726800e77ca12cbbe1028133f6b1e50fb9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70428D70900745CBDB25CF24DD45BA9B7B0BF54308F1086A9E94CAB6A2EB74A6C8CF54
                                                                                                                                                                                                                                                    Function 0035E380 Relevance: 21.3, APIs: 5, Strings: 7, Instructions: 271COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035E4A1
                                                                                                                                                                                                                                                      • Part of subcall function 0035DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035DF0C
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0035E3DE
                                                                                                                                                                                                                                                      • Part of subcall function 0035E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035E161
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0035E4FB
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035E665
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035E6F8
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$InitMtx_unlockOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                                    • String ID: AdhocTelemetryAzure$Event string is empty$Querying AdhocTelemetryAzure value failed: $SOFTWARE\McAfee\WebAdvisor$]$`A$`A]
                                                                                                                                                                                                                                                    • API String ID: 1670716954-1530873638
                                                                                                                                                                                                                                                    • Opcode ID: 40ee0925f6774d3762fd0723d624f727b9fddd1c82c866c826db4d60eb600799
                                                                                                                                                                                                                                                    • Instruction ID: 5499d9fae06f6526b46260e32f25ed10c071c500af3a823a3de00bcc33f10bbd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40ee0925f6774d3762fd0723d624f727b9fddd1c82c866c826db4d60eb600799
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8691E571D00218DBDB16EF54DD42BEEB3B8EF15310F4041AAE805AB281EB746B48CFA1
                                                                                                                                                                                                                                                    Function 00365A23 Relevance: 21.3, APIs: 3, Strings: 9, Instructions: 265COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00366085
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32 ref: 0036610F
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 0036615A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeString$Concurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID: )$0A$4A$IsWow64Process$NO_REGKEY$UUID$UUID$kernel32$orm
                                                                                                                                                                                                                                                    • API String ID: 2663709405-4286809940
                                                                                                                                                                                                                                                    • Opcode ID: 4076a15f5eff1a6b8995f6ed7ce787dabd7fc04bdfc5873323879ce493f6f939
                                                                                                                                                                                                                                                    • Instruction ID: 024da64f7099706e7a97d25ee178fab5dc04440c5421ed3dead37f27cc673dab
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4076a15f5eff1a6b8995f6ed7ce787dabd7fc04bdfc5873323879ce493f6f939
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58B10274914348DBEF16CFA4C9487DDBBB6AF41304F20826CE404AB3D6DB799A84CB51
                                                                                                                                                                                                                                                    Function 00354200 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 337COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • OpenProcess.KERNEL32(00000400,00000000,?,A2199216,?,?), ref: 00354257
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,?,?), ref: 003542BC
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003542F2
                                                                                                                                                                                                                                                    • QueryFullProcessImageNameW.KERNEL32(00000000,00000000,00000000,?,00000104,00000000,?,?), ref: 00354367
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 00354375
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035440A
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?), ref: 0035455B
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Filename for process with id , xrefs: 003544B0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$ErrorInitLastOnceProcess$BeginCloseCompleteFullHandleImageInitializeNameOpenQuery
                                                                                                                                                                                                                                                    • String ID: Filename for process with id
                                                                                                                                                                                                                                                    • API String ID: 563014942-4200337779
                                                                                                                                                                                                                                                    • Opcode ID: e8db575527eec7b783498e0ce85d0475a57886fe8c92760926e99a3faa8305c9
                                                                                                                                                                                                                                                    • Instruction ID: 4e42bdff89309799dc58a966b2fc8d63a4cd90d54335c6b3861d925620a56a1d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8db575527eec7b783498e0ce85d0475a57886fe8c92760926e99a3faa8305c9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7D1A170D10219DBCB25DFA4DC45BEEB7B4FF44308F104669E809AB691EB746A88CB91
                                                                                                                                                                                                                                                    Function 003E00DE Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003DFE25: CreateFileW.KERNEL32(00000000,00000000,?,003E0187,?,?,00000000,?,003E0187,00000000,0000000C), ref: 003DFE42
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 003E01F2
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003E01F9
                                                                                                                                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 003E0205
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 003E020F
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003E0218
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 003E0238
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 003E0385
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 003E03B7
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003E03BE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                    • String ID: is=
                                                                                                                                                                                                                                                    • API String ID: 4237864984-3829223321
                                                                                                                                                                                                                                                    • Opcode ID: bbc04543bfbe5597a55a8c08bc1ca9677dbee697d9796af5490afdd854833687
                                                                                                                                                                                                                                                    • Instruction ID: 9797b45db6672710278e9c15576788a6ae6fca0b2df37447a5ec180095c721e6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbc04543bfbe5597a55a8c08bc1ca9677dbee697d9796af5490afdd854833687
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1A12572A041988FCF1E9F69DC92BAD3BE1AB06324F140259E811EF3E1DB758D52CB51
                                                                                                                                                                                                                                                    Function 00353D80 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 188COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WTSGetActiveConsoleSessionId.KERNEL32(0000003C,?), ref: 00353E00
                                                                                                                                                                                                                                                    • OutputDebugStringW.KERNEL32(WTSQuerySessionInformation failed to retrieve current user name for the log name.), ref: 00353F9C
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00353FCA
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Error retrieving session id for generating log name., xrefs: 00353E0B
                                                                                                                                                                                                                                                    • WTSQuerySessionInformation failed to retrieve current user name for the log name., xrefs: 00353F97
                                                                                                                                                                                                                                                    • UNKNOWN, xrefs: 00353DD2
                                                                                                                                                                                                                                                    • WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name., xrefs: 00353F81
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ActiveConcurrency::cancel_current_taskConsoleDebugOutputSessionString
                                                                                                                                                                                                                                                    • String ID: Error retrieving session id for generating log name.$UNKNOWN$WTSQuerySessionInformation failed to retrieve current user name for the log name.$WTSQuerySessionInformation failed to retrieve the size of the current user name for the log name.
                                                                                                                                                                                                                                                    • API String ID: 1186403813-1860316991
                                                                                                                                                                                                                                                    • Opcode ID: 15eefc5be5b72f2d078e52c202e28ec41af6160baa3c0ad16820f7a40f873ffd
                                                                                                                                                                                                                                                    • Instruction ID: 171bdcfad16429d077ea8c96e646a2368ed915a9d194fc3c587f15e2cc479572
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15eefc5be5b72f2d078e52c202e28ec41af6160baa3c0ad16820f7a40f873ffd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A51E571E00205DBCB199F74DC89BAEBBB8FF04355F200629E916D76A0D7749A44CBA4
                                                                                                                                                                                                                                                    Function 003B9900 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00364AA5,00364AA7,00000000,00000000,A2199216,?,00000000,?,003BBE00,0042BF08,000000FE,?,00364AA5,?), ref: 003B9989
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00364AA5,?,00000000,00000000,?,003BBE00,0042BF08,000000FE,?,00364AA5), ref: 003B9A04
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 003B9A0F
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 003B9A38
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 003B9A42
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(80070057,A2199216,?,00000000,?,003BBE00,0042BF08,000000FE,?,00364AA5,?), ref: 003B9A47
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 003B9A5A
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000000,?,003BBE00,0042BF08,000000FE,?,00364AA5,?), ref: 003B9A70
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 003B9A83
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1353541977-0
                                                                                                                                                                                                                                                    • Opcode ID: add0b3116978e0d3219717ee0ab60ab4eb7b78916b13dd16e9900e50808d36f8
                                                                                                                                                                                                                                                    • Instruction ID: c8fbc48602b7a6a5a8a77747e234a4fc66160309bb9d2fecc593e2c24b814652
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: add0b3116978e0d3219717ee0ab60ab4eb7b78916b13dd16e9900e50808d36f8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0412971A002099FD712DF69DC45BEEB7A8EB49718F10462BF705EBA91DB349800C7A5
                                                                                                                                                                                                                                                    Function 0035EEC0 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 323COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0035CCB0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035CDBB
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0035F0FC
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035F268
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035F307
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$Concurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID: AdhocTelemetryAWS$Querying AdhocTelemetryAWS value failed: $SOFTWARE\McAfee\WebAdvisor$`A
                                                                                                                                                                                                                                                    • API String ID: 1722207485-226458884
                                                                                                                                                                                                                                                    • Opcode ID: e50bd6890b78324cb4e383ec029c32af0b863176b9d9eab60c59c392d8412720
                                                                                                                                                                                                                                                    • Instruction ID: 33998656057543d31dc1056885eadd1966133191ec8392299475a5973c6a4726
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e50bd6890b78324cb4e383ec029c32af0b863176b9d9eab60c59c392d8412720
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBC1E470D002589FCB16EF64CC45BEEB7B8EF04304F1442A9E815AB2D1DB74AE89CB95
                                                                                                                                                                                                                                                    Function 00349C50 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0034E310: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0034E36C
                                                                                                                                                                                                                                                    • __Mtx_init_in_situ.LIBCPMT ref: 00349DD4
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0034A06D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DescriptorSecurity$Concurrency::cancel_current_taskConvertMtx_init_in_situString
                                                                                                                                                                                                                                                    • String ID: LogLevel$LogRotationCount$LogRotationFileSize$SOFTWARE\McAfee\WebAdvisor$log
                                                                                                                                                                                                                                                    • API String ID: 239504998-2017128786
                                                                                                                                                                                                                                                    • Opcode ID: e2c750fa6f02dd8f1f8db0acc4c31ab33ea256eeb7ad94c7ffada859909fbf0f
                                                                                                                                                                                                                                                    • Instruction ID: 05983f8fbcbd841caeffad6f003b7dbef61fa987da62e10cb401abbe2bbc302c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2c750fa6f02dd8f1f8db0acc4c31ab33ea256eeb7ad94c7ffada859909fbf0f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97C1BF71E00249DFDB06DFA4C945BEEBBF4FF48304F20815AE415AB291EB75AA44CB91
                                                                                                                                                                                                                                                    Function 0035E0D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 171COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035E161
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001), ref: 0035E278
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035E351
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • `A, xrefs: 0035E30E
                                                                                                                                                                                                                                                    • Event Sender already initialized for AWS, xrefs: 0035E137
                                                                                                                                                                                                                                                    • WinHttpCrackUrl failed for AWS: , xrefs: 0035E268
                                                                                                                                                                                                                                                    • Unable to open HTTP session for AWS, xrefs: 0035E327
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                                                    • String ID: Event Sender already initialized for AWS$Unable to open HTTP session for AWS$WinHttpCrackUrl failed for AWS: $`A
                                                                                                                                                                                                                                                    • API String ID: 2211357200-2831953137
                                                                                                                                                                                                                                                    • Opcode ID: 7046bdbd6d1ecf946835a3d2e90440c89887c55bf8a5dbd1bb4274a16e06782f
                                                                                                                                                                                                                                                    • Instruction ID: b637d0b07aaf7a5b8198455d91fea8168bbea1d0cf546203f8557e4cfad6c706
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7046bdbd6d1ecf946835a3d2e90440c89887c55bf8a5dbd1bb4274a16e06782f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1619270900B08DBDB25DFA0DC45BEAB7F9FB44305F404569E819AB290DBB47A48CF55
                                                                                                                                                                                                                                                    Function 00356D24 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 166COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_init_in_situ.LIBCPMT ref: 00356D7B
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00356F75
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00356F88
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorMtx_init_in_situMtx_unlockstd::ios_base::_
                                                                                                                                                                                                                                                    • String ID: event sender$=$Failed to initialize $async
                                                                                                                                                                                                                                                    • API String ID: 3676452600-816272291
                                                                                                                                                                                                                                                    • Opcode ID: f1e7811fccbc7592864f6dcd1ec0e8f4adc3fd7221cfedb7907de253366932f3
                                                                                                                                                                                                                                                    • Instruction ID: 1ba0cf6e25f17aa295d9f37352080929efa4bfced5c3af85382c0fdbb0369769
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1e7811fccbc7592864f6dcd1ec0e8f4adc3fd7221cfedb7907de253366932f3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB6191B0911305CFDB06DF60C896BEEBBF5AF44304F5440AAD805AF392DB759A48CBA1
                                                                                                                                                                                                                                                    Function 0035DE80 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 147COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035DF0C
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001), ref: 0035DFD7
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035E0A2
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Event Sender already initialized for Azure, xrefs: 0035DEE2
                                                                                                                                                                                                                                                    • WinHttpCrackUrl failed for Azure: , xrefs: 0035DFC7
                                                                                                                                                                                                                                                    • `A, xrefs: 0035E05F
                                                                                                                                                                                                                                                    • Unable to open HTTP session for Azure, xrefs: 0035E078
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                                                    • String ID: Event Sender already initialized for Azure$Unable to open HTTP session for Azure$WinHttpCrackUrl failed for Azure: $`A
                                                                                                                                                                                                                                                    • API String ID: 2211357200-1188532952
                                                                                                                                                                                                                                                    • Opcode ID: 52fb51e22d4fc56c390ce4335ca345930ea5a99dd3da29ec5b0e3534b1b1399e
                                                                                                                                                                                                                                                    • Instruction ID: 07e0f4273b7265c89a79d339fc349f4475c8c7e65cf55bbcc9f95efade4540d2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52fb51e22d4fc56c390ce4335ca345930ea5a99dd3da29ec5b0e3534b1b1399e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 115150709007589FDB26DF60C855BDEB7F8FB08304F4045AEE8456B690EBB4AA88CB55
                                                                                                                                                                                                                                                    Function 0035928D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 130COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00358FB0: CoCreateGuid.OLE32(?), ref: 00358FC8
                                                                                                                                                                                                                                                      • Part of subcall function 00358FB0: StringFromCLSID.OLE32(?,?), ref: 00358FE0
                                                                                                                                                                                                                                                      • Part of subcall function 00358FB0: CoTaskMemFree.OLE32(?), ref: 00359138
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003593D1
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteCreateFreeFromGuidInitializeStringTask
                                                                                                                                                                                                                                                    • String ID: Could not set registry value $Could not set registry value InstallerFlags$Failed to create new UUID$InstallerFlags$UUID$]
                                                                                                                                                                                                                                                    • API String ID: 598746661-2174109026
                                                                                                                                                                                                                                                    • Opcode ID: d68a161d7c1db982a200eb90433ff2c7d4e3a9e2a7bef429e4c8e6e252c0f371
                                                                                                                                                                                                                                                    • Instruction ID: 39bc102ed9f4cfe3c166b1d5945b948c1bb51856fc81f63fa1f9b98f91072f2a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d68a161d7c1db982a200eb90433ff2c7d4e3a9e2a7bef429e4c8e6e252c0f371
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E518274A00608DEDF16EF60D891BEE77B4EF55305F50805AEC095F281EB74AA88CBA5
                                                                                                                                                                                                                                                    Function 00355790 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,NotComDllGetInterface), ref: 00355808
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00355828
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00355830
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00355839
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLibrary$AddressErrorLastProc
                                                                                                                                                                                                                                                    • String ID: NotComDllGetInterface$mfeaaca.dll
                                                                                                                                                                                                                                                    • API String ID: 1092183831-2777911605
                                                                                                                                                                                                                                                    • Opcode ID: 20010c5c6d856e2df5bcf5a83c82234399aa2c2132f529f6e751ae6f8055124d
                                                                                                                                                                                                                                                    • Instruction ID: 2c70080493fae25ea3eea825c9922979be5e43513dcf26fa54ebd99f33b62143
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20010c5c6d856e2df5bcf5a83c82234399aa2c2132f529f6e751ae6f8055124d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 01212832E006199BDB129FA8DC58A7EBBB8FF55351F050169EC01E7260EB709D04CBD0
                                                                                                                                                                                                                                                    Function 00344D63 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 55synchronizationCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00344C8E: GetCurrentProcessId.KERNEL32 ref: 00344CA6
                                                                                                                                                                                                                                                      • Part of subcall function 00344C8E: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00344CB8
                                                                                                                                                                                                                                                      • Part of subcall function 00344C8E: Process32FirstW.KERNEL32(00000000,?), ref: 00344CD3
                                                                                                                                                                                                                                                      • Part of subcall function 00344C8E: Process32NextW.KERNEL32(00000000,0000022C), ref: 00344CE9
                                                                                                                                                                                                                                                      • Part of subcall function 00344C8E: CloseHandle.KERNEL32(00000000), ref: 00344CFA
                                                                                                                                                                                                                                                    • CreateMutexW.KERNEL32(00000000,00000000,Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}), ref: 00344D88
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00344DD0
                                                                                                                                                                                                                                                      • Part of subcall function 0034136C: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003413A5
                                                                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00344DFC
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32 ref: 00344E0D
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • SaBsi.cpp, xrefs: 00344DA9
                                                                                                                                                                                                                                                    • Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}, xrefs: 00344D7F
                                                                                                                                                                                                                                                    • CreateMutex failed: , xrefs: 00344DC2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCreateHandleInitIos_base_dtorOnceProcess32std::ios_base::_$BeginCompleteCurrentErrorFirstInitializeLastMutexNextObjectProcessSingleSnapshotToolhelp32Wait
                                                                                                                                                                                                                                                    • String ID: CreateMutex failed: $Global\{48ca68e-e4ff-43ac-a993-6d162f33de7c}$SaBsi.cpp
                                                                                                                                                                                                                                                    • API String ID: 2598072538-1117126455
                                                                                                                                                                                                                                                    • Opcode ID: 58121a17fe002bc4938ea2988e62660b75337b4027f1055a8cbe17c25f57d5a9
                                                                                                                                                                                                                                                    • Instruction ID: 7b45bb4e323ef1b9288bc558804ed788e5cdc7631483bc9eb3772f102c9586f7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58121a17fe002bc4938ea2988e62660b75337b4027f1055a8cbe17c25f57d5a9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C011A330118342ABD722EF20D856BAAB7E8BF51711F104D2DB4914F1E2EB74B488CA67
                                                                                                                                                                                                                                                    Function 0037E580 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 131COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp, xrefs: 0037E5AF, 0037E6C8
                                                                                                                                                                                                                                                    • a7, xrefs: 0037E6A0
                                                                                                                                                                                                                                                    • Unable to convert XML buffer into wide characters, xrefs: 0037E6BC
                                                                                                                                                                                                                                                    • invalid input, xrefs: 0037E5A3
                                                                                                                                                                                                                                                    • NWebAdvisor::XMLParser::ParseBuffer, xrefs: 0037E5AA, 0037E6C3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __cftoe
                                                                                                                                                                                                                                                    • String ID: NWebAdvisor::XMLParser::ParseBuffer$Unable to convert XML buffer into wide characters$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XMLParser.cpp$invalid input$a7
                                                                                                                                                                                                                                                    • API String ID: 4189289331-3986041043
                                                                                                                                                                                                                                                    • Opcode ID: b15a5d64203096c72e7e0bfa95c2962fe381e0d41c416c9ba420f9640be7f5ff
                                                                                                                                                                                                                                                    • Instruction ID: a954f247d8e845575a9f63981158cc2186cf555f3ef8169406fc21088ec530dd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b15a5d64203096c72e7e0bfa95c2962fe381e0d41c416c9ba420f9640be7f5ff
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C04126B1A00304ABC725EF54D842BAFF7E4BF58704F51456EE90AAB6C1DBB8A904C794
                                                                                                                                                                                                                                                    Function 0035CCB0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035CDBB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                                                                                    • String ID: 5$AdhocAWSQAMode$Querying AdhocAWSQAMode value failed: $SOFTWARE\McAfee\WebAdvisor$`A
                                                                                                                                                                                                                                                    • API String ID: 539357862-4257643325
                                                                                                                                                                                                                                                    • Opcode ID: 6dbe36a250dee4e02d09993df26030f9d81fe57c7d787343908f07bf9b9903ed
                                                                                                                                                                                                                                                    • Instruction ID: 077a2428d197989c153c6c5a94100bb8651dcf2947b58974ce06872200784c8c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6dbe36a250dee4e02d09993df26030f9d81fe57c7d787343908f07bf9b9903ed
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 88318331D102489EDF11EFA0C852BEEB7F8FF08304F50456AE805BB281EB746A48CB61
                                                                                                                                                                                                                                                    Function 00345A4F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 00345A59
                                                                                                                                                                                                                                                      • Part of subcall function 00345C1E: CoCreateInstance.OLE32(0040D808,00000000,00000017,0041B024,00000000,A2199216,?,?,?,00000000,00000000,00000000,003E8687,000000FF), ref: 00345C7A
                                                                                                                                                                                                                                                      • Part of subcall function 00345C1E: OleRun.OLE32(00000000), ref: 00345C89
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00345B97
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • i, xrefs: 00345B5D
                                                                                                                                                                                                                                                    • Failed to set new option. Error , xrefs: 00345B26
                                                                                                                                                                                                                                                    • Failed to create Global Options object. Error , xrefs: 00345AA9
                                                                                                                                                                                                                                                    • Activation option is set successfuly, xrefs: 00345B69
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitOnce$BeginCompleteCreateH_prolog3_InitializeInstanceIos_base_dtor_com_issue_errorstd::ios_base::_
                                                                                                                                                                                                                                                    • String ID: Activation option is set successfuly$Failed to create Global Options object. Error $Failed to set new option. Error $i
                                                                                                                                                                                                                                                    • API String ID: 1362393928-3233122435
                                                                                                                                                                                                                                                    • Opcode ID: 12a9db8f55f1cdde57b7c662fcdc1db4c3267317b64347c0299cafa6ba04b87e
                                                                                                                                                                                                                                                    • Instruction ID: fb1e9cccd5b47eb9450b61509b396bade432231731cd7e8efa18a80ef5f825da
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12a9db8f55f1cdde57b7c662fcdc1db4c3267317b64347c0299cafa6ba04b87e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F314B30D11A19CBDF16EBA4C852BEDB3B5AF10304F404599E5016F682EB746A85CEA2
                                                                                                                                                                                                                                                    Function 00364B40 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 562COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00365182
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0036521E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_taskIos_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                    • String ID: 8A$Invalid arguements passed to AddDimension$N
                                                                                                                                                                                                                                                    • API String ID: 4106036149-2330809207
                                                                                                                                                                                                                                                    • Opcode ID: be6fad3c40e77b56e9323b297c8991de13b92cb8526d656dc68be6d94f159f61
                                                                                                                                                                                                                                                    • Instruction ID: bc1e4ef7d795a0b1348d6ef4baf87461d7083cc1ed7439fd0c294bff4eddc2f1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be6fad3c40e77b56e9323b297c8991de13b92cb8526d656dc68be6d94f159f61
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D932DD70D003489FEB26CF64C844BAEBBF1FF45304F15C2A9E459AB696D775A984CB80
                                                                                                                                                                                                                                                    Function 003C22D9 Relevance: 9.3, APIs: 6, Instructions: 264COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 003C2461
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003C247D
                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 003C2494
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003C24B2
                                                                                                                                                                                                                                                    • __allrem.LIBCMT ref: 003C24C9
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003C24E7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1992179935-0
                                                                                                                                                                                                                                                    • Opcode ID: f5f3a44ed8043a2ffd9b201dc5f07ecf71a3fa8d4abf09d185f58aaaf2be2bd1
                                                                                                                                                                                                                                                    • Instruction ID: 52b40ac67c1b4663e1462fbb58e8c3fca4332cd60abc9e615850a9e7d4ffccef
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5f3a44ed8043a2ffd9b201dc5f07ecf71a3fa8d4abf09d185f58aaaf2be2bd1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A811676A007069FE726AE29CC81FABB7A9AF41324F14413EF514DA6C1E774DE018750
                                                                                                                                                                                                                                                    Function 00378650 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 337COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 0037882F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp, xrefs: 00378AF6
                                                                                                                                                                                                                                                    • *@, xrefs: 003789A7
                                                                                                                                                                                                                                                    • Failed to create log message string. Error 0x, xrefs: 003789CF
                                                                                                                                                                                                                                                    • $+@, xrefs: 003787F3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Initstd::locale::_
                                                                                                                                                                                                                                                    • String ID: $+@$Failed to create log message string. Error 0x$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\XmlUpdaterLogger.cpp$*@
                                                                                                                                                                                                                                                    • API String ID: 1620887387-3636674465
                                                                                                                                                                                                                                                    • Opcode ID: ff1a57622cc8be3ac928736a306a937fc3f0674b2f8891c91c455503d3a997a2
                                                                                                                                                                                                                                                    • Instruction ID: a3d9bcb2a2ec1600742f175f8179936df64b8e55274349cb91eb46fd242e4ba5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff1a57622cc8be3ac928736a306a937fc3f0674b2f8891c91c455503d3a997a2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAE14C74E00259DFDB25CF58C889B9DB7B5BF48304F1081AAE50DAB280DB75AA84CF51
                                                                                                                                                                                                                                                    Function 003507C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Mtx_destroy_in_situ.LIBCPMT ref: 0035085F
                                                                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,?,00000000), ref: 00350903
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(?,?), ref: 00350A26
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00351020
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 003508FE
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DescriptorSecurity$ConvertFreeLocalMtx_destroy_in_situMtx_unlockString
                                                                                                                                                                                                                                                    • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                                                    • API String ID: 4147401711-3078421892
                                                                                                                                                                                                                                                    • Opcode ID: 1cea53f03e25a96cfac8d5431c5c5da72f7180d6ceea1f373083963bdebda0e1
                                                                                                                                                                                                                                                    • Instruction ID: 4cd1fd82bf58bad2217d7f6d71532112c6b2ac7fc05b5e52ee43ee5585bdd914
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cea53f03e25a96cfac8d5431c5c5da72f7180d6ceea1f373083963bdebda0e1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 506103719002548FDB1ACF64CC85BDEB7B5EF44304F0041ADE8099B7A1D779AA88CB90
                                                                                                                                                                                                                                                    Function 00347F60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __Xtime_get_ticks.LIBCPMT ref: 00347FAA
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00347FBC
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00347FD0
                                                                                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00347FE2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$Xtime_get_ticks
                                                                                                                                                                                                                                                    • String ID: [%Y%m%d %H:%M:%S.
                                                                                                                                                                                                                                                    • API String ID: 3638035285-2843400524
                                                                                                                                                                                                                                                    • Opcode ID: 93f1f64e0489ddfafe5f7f3a1f13250d185f951c7d806b20e87bfeeb656f7e3a
                                                                                                                                                                                                                                                    • Instruction ID: 03e57731d92cfb55fd7cd2112e3112200fb36b6addd75c96eb4dc583888d4a26
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93f1f64e0489ddfafe5f7f3a1f13250d185f951c7d806b20e87bfeeb656f7e3a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD316071E00254AFDB12EFA5CC42FAEBBF8EB45B10F114229F505AF281DB746905C795
                                                                                                                                                                                                                                                    Function 003E4DB0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 352COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: %s%s$%s\%s$\\?\
                                                                                                                                                                                                                                                    • API String ID: 0-2843747179
                                                                                                                                                                                                                                                    • Opcode ID: 23879ed21dfa557d8ded8303ce4abd853e8fff17cf28cec4faaace62426e3dfd
                                                                                                                                                                                                                                                    • Instruction ID: 60691bbf1ba98a53f2e456d0e63c6398ac909cd1f1e2d04f3bb9d1216e2a6a6e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23879ed21dfa557d8ded8303ce4abd853e8fff17cf28cec4faaace62426e3dfd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04D1C372D00268DFCF11DFE5C885AEEB7F8EF09314F540629E815AB281E7346A45CB91
                                                                                                                                                                                                                                                    Function 003839A0 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 270registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(80000002,SOFTWARE\WATesting,00000000,00000001,?,A2199216,00000000,00000001), ref: 003839FC
                                                                                                                                                                                                                                                      • Part of subcall function 00382820: RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,A2199216,?,?,?), ref: 003828AC
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00383D36
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseInfoOpenQuery
                                                                                                                                                                                                                                                    • String ID: SOFTWARE\WATesting$path
                                                                                                                                                                                                                                                    • API String ID: 2142960691-1550987622
                                                                                                                                                                                                                                                    • Opcode ID: 900e790685027b3ad3739c6ddd7f2d2616675c3f2bae1e13828450db19f95bab
                                                                                                                                                                                                                                                    • Instruction ID: 2e920b54a47e752e70df81208f271d9774b330e0cfbf712bbccee1c642691cea
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 900e790685027b3ad3739c6ddd7f2d2616675c3f2bae1e13828450db19f95bab
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D7B19171A00258DFCB26EB64CC49BDEBBB9AF44704F1401D9E409AB391DB74AB88CF51
                                                                                                                                                                                                                                                    Function 0037FBE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,0041BFD0,00000000,0041BFD0,00000000,?,0000001C,00000001,00000000,0000001C,?,?,00000014,0041BFD0,00000000,A2199216), ref: 0037FC1D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Destination directory does not exist, xrefs: 0037FC8F
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp, xrefs: 0037FC9E
                                                                                                                                                                                                                                                    • NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk, xrefs: 0037FC99
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                    • String ID: Destination directory does not exist$NWebAdvisor::NHttp::NDownloadFile::StoreOnDisk$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpsDownloadFile.cpp
                                                                                                                                                                                                                                                    • API String ID: 3188754299-3555079292
                                                                                                                                                                                                                                                    • Opcode ID: a490577187dbe0d30800aa002737d2e094e1fc8131994e078f40236cf9987a6f
                                                                                                                                                                                                                                                    • Instruction ID: 18b2030b03019e3bd28bbb1977c9b90f3e6a01291452d5fb66b22c9ee12491dd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a490577187dbe0d30800aa002737d2e094e1fc8131994e078f40236cf9987a6f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA213E75E0021C9BCB11DF68D841ADEB7F8EB08714F114266FC19B7280D774AA45CB94
                                                                                                                                                                                                                                                    Function 0036CC20 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 79COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001), ref: 0036CCBB
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0036CCEC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteErrorInitializeLast
                                                                                                                                                                                                                                                    • String ID: PA$Unable to set proxy option, error:
                                                                                                                                                                                                                                                    • API String ID: 879576418-2453671249
                                                                                                                                                                                                                                                    • Opcode ID: c69d1de2e8a5b35f53cff113aaac5f22cc462fa2c26b2b746306389ecf2ee86a
                                                                                                                                                                                                                                                    • Instruction ID: 2f946c410af0b758c07b8e76dc1182167a9f6446813b282bc160e197c23c86c1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c69d1de2e8a5b35f53cff113aaac5f22cc462fa2c26b2b746306389ecf2ee86a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04318E71A04319DFDB25DF60CC05BAEB7B9EB04710F00856AE815AB690EB746944CB61
                                                                                                                                                                                                                                                    Function 0034DC20 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 553COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 0034E367
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                                                    • API String ID: 0-3078421892
                                                                                                                                                                                                                                                    • Opcode ID: 306afd1b9e6792db2a8430acd7953719457fae8e79c8941f2e8a1829ba6ddca0
                                                                                                                                                                                                                                                    • Instruction ID: ae36232b2f7136963e74780056381ffa9080cb6189416dc9376efca2df33b50d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 306afd1b9e6792db2a8430acd7953719457fae8e79c8941f2e8a1829ba6ddca0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 59221471A102089BCB25DF64DC89BEDBBF5FF49304F10469DE409AB691DB74AA84CF90
                                                                                                                                                                                                                                                    Function 0034E310 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 206COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0034E36C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA), xrefs: 0034E367
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DescriptorSecurity$ConvertString
                                                                                                                                                                                                                                                    • String ID: D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)
                                                                                                                                                                                                                                                    • API String ID: 3907675253-3078421892
                                                                                                                                                                                                                                                    • Opcode ID: ba2810b4e523927cac4a564fcfc33ead3eb31ea7db8428628ca32c4c9b5588cf
                                                                                                                                                                                                                                                    • Instruction ID: a3a5aba2e3a56fdca43316eb83d9e8cb823ab6fcf34d75eec752327df75c0f7a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba2810b4e523927cac4a564fcfc33ead3eb31ea7db8428628ca32c4c9b5588cf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D81BF30A012599BDB25DF24DD88BDDB7B5FF85308F1046D9E008AB291EB79AB84CF54
                                                                                                                                                                                                                                                    Function 003D5FD8 Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D576D: GetConsoleCP.KERNEL32(?,0037860A,00000000), ref: 003D57B5
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,0042C218,A2199216,00000000,A2199216,0037860A,0037860A,0037860A,A2199216,00000000,?,003C591E,00000000,0042C218,00000010), ref: 003D6129
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,003C591E,00000000,0042C218,00000010,0037860A), ref: 003D6133
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003D6178
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 251514795-0
                                                                                                                                                                                                                                                    • Opcode ID: d261b52a16a5a76e55ed21b29b7306207f4f3d10233fd82562a34647db3c26de
                                                                                                                                                                                                                                                    • Instruction ID: 52ad7fca5a5347e9e2aeac78bbd2db0e69e3f410e3382971e970606d4773b730
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d261b52a16a5a76e55ed21b29b7306207f4f3d10233fd82562a34647db3c26de
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9451C372904209AFEB139FA8EC46BEEBBB9EF09314F150057E520AB352D7749D418B60
                                                                                                                                                                                                                                                    Function 0034E640 Relevance: 4.6, APIs: 3, Instructions: 120COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00000000,A2199216,0000005C,?,?,?,?,00000000,003E952D,000000FF,?,0034E09D), ref: 0034E681
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,?,00000000,003E952D,000000FF,?,0034E09D), ref: 0034E738
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00000000,003E952D,000000FF,?,0034E09D), ref: 0034E742
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesCreateDirectoryErrorFileLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 674977465-0
                                                                                                                                                                                                                                                    • Opcode ID: d9f77b6facffbc9faf818ec63417fc3688e65289d7b2c52c118e2550ba3efa2d
                                                                                                                                                                                                                                                    • Instruction ID: ae0b9e164fd8ef8bc4b53b30c4790ecd70f36f3b7e162f709120b1ff07487225
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9f77b6facffbc9faf818ec63417fc3688e65289d7b2c52c118e2550ba3efa2d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2310935A002049BDB16CF68E984BAEFBF5FF45724F14462DE4059B790D735B905CB90
                                                                                                                                                                                                                                                    Function 003A1F70 Relevance: 4.6, APIs: 3, Instructions: 104encryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CertGetCertificateChain.CRYPT32(00000000,?,?,?), ref: 003A206C
                                                                                                                                                                                                                                                    • CertVerifyCertificateChainPolicy.CRYPT32(00000003,?,?,?), ref: 003A20A4
                                                                                                                                                                                                                                                    • CertFreeCertificateChain.CRYPT32(?), ref: 003A20D0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CertCertificateChain$FreePolicyVerify
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1741975133-0
                                                                                                                                                                                                                                                    • Opcode ID: 2923a9dbf5cba9c5a4fe664299d024ae4b90adbb83d48a326a9ee2640fc3ef36
                                                                                                                                                                                                                                                    • Instruction ID: 724312aca0909b39d31700be78f705753a4825748cddeac9762486d1de33e684
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2923a9dbf5cba9c5a4fe664299d024ae4b90adbb83d48a326a9ee2640fc3ef36
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7F419E756083859BD720CF54C988B9BBBF8FF8A704F04091DF5889B250E775E948CB62
                                                                                                                                                                                                                                                    Function 003D6B6C Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,0037860A,?,003D6A9A,0037860A,0042C5B8,0000000C,003D6B4C,0042C218), ref: 003D6BC2
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,003D6A9A,0037860A,0042C5B8,0000000C,003D6B4C,0042C218), ref: 003D6BCC
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003D6BF7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2583163307-0
                                                                                                                                                                                                                                                    • Opcode ID: 2e9056a3673ffb855bfdc9e9744d7d6f18d6bb840cedf59523c973caabb8fab7
                                                                                                                                                                                                                                                    • Instruction ID: 4980ee39946b2810c85a220a339b13e9e9132cd492f4353dc172e7697d9614d2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e9056a3673ffb855bfdc9e9744d7d6f18d6bb840cedf59523c973caabb8fab7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33012B3360969016C627633AFD47B7E274D9F82734F26015BF939CB3D2DA708C409191
                                                                                                                                                                                                                                                    Function 003D68F6 Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetFilePointerEx.KERNEL32(00000000,00000000,?,00000000,003DF765,00000008,00000000,?,?,?,003D69A3,00000000,00000000,?,003DF765), ref: 003D692F
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,003D69A3,00000000,00000000,?,003DF765,?,003DF765,?,00000000,00000000,00000001,?,00000008), ref: 003D6939
                                                                                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 003D6940
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastPointer__dosmaperr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2336955059-0
                                                                                                                                                                                                                                                    • Opcode ID: fbbd830b40211f1fdb87cf3594c2a24af9fef82fbffccccf719d92987b304c8a
                                                                                                                                                                                                                                                    • Instruction ID: 25d7f3bda6eba9708eeb9a5030a29f5f4607217047c751aff824365c4ea683f9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbbd830b40211f1fdb87cf3594c2a24af9fef82fbffccccf719d92987b304c8a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F801FC73610515AFCB079FA9EC578AE3B2EEB85330B250245F5229B290FB70DE01D750
                                                                                                                                                                                                                                                    Function 00394C69 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394C81
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: yt
                                                                                                                                                                                                                                                    • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                                    • Opcode ID: e01907b610f4bc2d5cb3ab4aa4cb601f8daf1f72022b0c2c727ffbb4663f8f02
                                                                                                                                                                                                                                                    • Instruction ID: 3c1d9b46ded36eedd52d57dbe79848fa055baf513e2e54cda6d7e31d2e8a59bb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e01907b610f4bc2d5cb3ab4aa4cb601f8daf1f72022b0c2c727ffbb4663f8f02
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AB012E5359100BD330912186E06C37011CC5C1F20F70811FF440C4440A6850C951075
                                                                                                                                                                                                                                                    Function 00394CBA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394C81
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: yt
                                                                                                                                                                                                                                                    • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                                    • Opcode ID: 4cfa9ea123d82110b999676760cddbe8efaf4b1543880b85fd9210b80e5bb8ec
                                                                                                                                                                                                                                                    • Instruction ID: 5e14e1f480aa50a36966f5c9f85e1680c47a2acc0757a409b857664d830f7bad
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cfa9ea123d82110b999676760cddbe8efaf4b1543880b85fd9210b80e5bb8ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FFB012D1359010BD3649520C6D02D37015CC5C5F20F70C01FF444C4540E6850C511435
                                                                                                                                                                                                                                                    Function 00394CAA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394C81
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: yt
                                                                                                                                                                                                                                                    • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                                    • Opcode ID: afc7b1d34e8db20229e78d9616e43649307adf495aa3675ca9b8e7f30dbafa14
                                                                                                                                                                                                                                                    • Instruction ID: 115415c2b3ed4017e4bb304248ad05b33ac052f94367e029db3a7e93a5b9857f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: afc7b1d34e8db20229e78d9616e43649307adf495aa3675ca9b8e7f30dbafa14
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAB012D135A0007D3349520C6E02D37011CC1C5F10F70C01FF145C95C0E6850C521435
                                                                                                                                                                                                                                                    Function 00394C9A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394C81
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: yt
                                                                                                                                                                                                                                                    • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                                    • Opcode ID: c80a40caa5fd0340a33f4083f5ce83df38f133de4c8383bebaf180169830917f
                                                                                                                                                                                                                                                    • Instruction ID: 9a9007a1be36424c09bed8a50df4d5fccb121d0da26b993c8c7ea695b7eab420
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c80a40caa5fd0340a33f4083f5ce83df38f133de4c8383bebaf180169830917f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1B012D135A1007D3349520C6D02D37011CC1C5F10F70811FF444C9580E6840C951439
                                                                                                                                                                                                                                                    Function 00394C8A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394C81
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: yt
                                                                                                                                                                                                                                                    • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                                    • Opcode ID: 9cc1a020c038244ee3968abb0df8c0df5a9ef815753223360d4a4c05a9a0c798
                                                                                                                                                                                                                                                    • Instruction ID: 6b7a836a0fb56bd5194961095746be0d2b0e44356d9d6e0138413ee5cea8de9e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cc1a020c038244ee3968abb0df8c0df5a9ef815753223360d4a4c05a9a0c798
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A6B012D135A011BD3649520CAD02D37011CC1C5F10F70C41FF444C9580E6840C511435
                                                                                                                                                                                                                                                    Function 00394CFA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394C81
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: yt
                                                                                                                                                                                                                                                    • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                                    • Opcode ID: c7acd646914ab6674f1b5a7e3b843c92ec9ec46fceb3db3bd25a1a94d0c24617
                                                                                                                                                                                                                                                    • Instruction ID: 64de6c556ae59df5eb7257d0d03aeab2c65e3bd1d0ffdfbbf8bfb7b3523449de
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7acd646914ab6674f1b5a7e3b843c92ec9ec46fceb3db3bd25a1a94d0c24617
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8B012D135D000BD3249520C6F02E37012CC1C5F10F70801FF044C4540E7844C515036
                                                                                                                                                                                                                                                    Function 00394CEA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394C81
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: yt
                                                                                                                                                                                                                                                    • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                                    • Opcode ID: 83ac44a32049239cecce60eb8a6b0da2e6a07646b002db488d6d5bd5a79a4ec8
                                                                                                                                                                                                                                                    • Instruction ID: 6267cac11b38a2f2e5551492c192dab0829a02ca5dac0fc7a549a2b5934efaea
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83ac44a32049239cecce60eb8a6b0da2e6a07646b002db488d6d5bd5a79a4ec8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CB012D1359000BD3349520C6F02D37011CC1C5F10F70C01FF044C4540E7854C521036
                                                                                                                                                                                                                                                    Function 00394CDA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394C81
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: yt
                                                                                                                                                                                                                                                    • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                                    • Opcode ID: f0519dc5bab0b91176f4cf16e3a910518c7bef7ea9cbec72506e8e906f754937
                                                                                                                                                                                                                                                    • Instruction ID: 75a4895f3413aa57d83643ea2364a53be7c6cd9e4a4a5fda97151fad3718ac37
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f0519dc5bab0b91176f4cf16e3a910518c7bef7ea9cbec72506e8e906f754937
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17B012D1359100BD3349520C6E02D37011CC1C5F10F70811FF444C4550E7844C951036
                                                                                                                                                                                                                                                    Function 00394CCA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394C81
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: yt
                                                                                                                                                                                                                                                    • API String ID: 1269201914-4251244651
                                                                                                                                                                                                                                                    • Opcode ID: 355089ae1063eb8244c5e88c2025852b660acb5953ae7d7c8667a0ad9e7663d6
                                                                                                                                                                                                                                                    • Instruction ID: 5dda6a2eadb5136062a87e8bbf133352d0ebeb04fa043f6a9f5d6cf1443a22db
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 355089ae1063eb8244c5e88c2025852b660acb5953ae7d7c8667a0ad9e7663d6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8B012D1359010FD3649520C6E02D37011CC1C5F10F70C01FF444C4540E7C44C511036
                                                                                                                                                                                                                                                    Function 00394D39 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: 11cd7b4dc1c9644408e73fce496198d036283d83896209f515e9e9aa95b5226d
                                                                                                                                                                                                                                                    • Instruction ID: a44b7f132507fc70c3563bc281bf5a6b5d8c33ef8680be385e1a835f764e2670
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11cd7b4dc1c9644408e73fce496198d036283d83896209f515e9e9aa95b5226d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EB012853581007C360D5208EC42D37022CC1CAF20B70821FF801C4641D5880C556039
                                                                                                                                                                                                                                                    Function 00394D2F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: d3efc964ac1a7b851f3793b23a8368c26e6ffcaf4be11c4a5f535c3c555cf628
                                                                                                                                                                                                                                                    • Instruction ID: 59b6088a880f3201d1ef9a5dbdeeba789efa731f4bddc06dbb74e20ce5fa2c0c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3efc964ac1a7b851f3793b23a8368c26e6ffcaf4be11c4a5f535c3c555cf628
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DB01285358010BC390D5208EC02D37032CC1CEF20B70C11FF801C4741D5880C116039
                                                                                                                                                                                                                                                    Function 00394D25 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: 10b098712984b235b8031bf0876f179fa71b2babd2fbcb68e0d925cb8b3b5873
                                                                                                                                                                                                                                                    • Instruction ID: 0357e3120c0cf0358f2553f6f0710d409b3ef3aaa8e296730465ba1fe7b54f78
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10b098712984b235b8031bf0876f179fa71b2babd2fbcb68e0d925cb8b3b5873
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEB0128535C1007D350D5208AD02E37023CC1CAF10B70801FF400C4641D5880C11A035
                                                                                                                                                                                                                                                    Function 00394D0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: 2c1f2fa9d0e31a7f749d8be47eabdd5ddda904917af0344497424322be5ddbc2
                                                                                                                                                                                                                                                    • Instruction ID: 4ab3c11f5b4cdf2594c44d2c422079ffd67b687a1a302ec6bdc407e669a0e099
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c1f2fa9d0e31a7f749d8be47eabdd5ddda904917af0344497424322be5ddbc2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31B0128535C0017C360D1204AD02C37022CC1C6F10B70C01FF400C4542D5880C126035
                                                                                                                                                                                                                                                    Function 00394D7F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: 2138234e35a5c1106a241c11bb701049644367d767af9f81b115c1eb36463161
                                                                                                                                                                                                                                                    • Instruction ID: 5071e98ea8393c35d1ca8aa90870e448ebacb0c98ca317598356190983caf151
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2138234e35a5c1106a241c11bb701049644367d767af9f81b115c1eb36463161
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8B012853981007C350D5209AD02E37023CC1CAF10B70801FF400C4641D7880C11A135
                                                                                                                                                                                                                                                    Function 00394D75 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: 7a759555c49966d80b3c5f4a6aae8a02d2a203e4005ba5cb357b245f5ffccabe
                                                                                                                                                                                                                                                    • Instruction ID: 40d4d52c3097f92810c4a6f9a60e3bf1bdd9069310f622cc0e219c4c1d0d2c8e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a759555c49966d80b3c5f4a6aae8a02d2a203e4005ba5cb357b245f5ffccabe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CB0128535C010BC394D5208AC02D37022CC2CBF10B70C01FF800C4641D5880C196035
                                                                                                                                                                                                                                                    Function 00394D6B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: 6033b9f8ef95b0d95b99618d46d41691d5c74e6be1294387b9416a0f1954d116
                                                                                                                                                                                                                                                    • Instruction ID: 688dda52f8ebfd06aeb019d371d215e2e1f444ff23e3fa0f91aaafd511cd0f52
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6033b9f8ef95b0d95b99618d46d41691d5c74e6be1294387b9416a0f1954d116
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1B0128535C1007C360D5208AC02D37022CC1CAF10B70811FF800C4641D5880C556035
                                                                                                                                                                                                                                                    Function 00394D61 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: b330ef497fd867b9dcc6af4fcddcc1e1de23e3117731c8021fc26b4b7a1dd2f4
                                                                                                                                                                                                                                                    • Instruction ID: 4e44eb215dc960c3160e2bf2f96b1a2737f3b3e053fd3bac9d3430b156474023
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b330ef497fd867b9dcc6af4fcddcc1e1de23e3117731c8021fc26b4b7a1dd2f4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0B01285358110BC390D5208AC02D37022CC1CAF10B70C01FF800C4641D6880C116035
                                                                                                                                                                                                                                                    Function 00394D57 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: f668df0fd86eabca1a225427f2c8e97d77b294a216c6338565c92da60b303701
                                                                                                                                                                                                                                                    • Instruction ID: 1ac5a4764f691fcd62eccbd3421d49b9becf78ae787cecefa0e0f8de6a83facc
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f668df0fd86eabca1a225427f2c8e97d77b294a216c6338565c92da60b303701
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0B012853680007C350D5208ED02E37023CC1CAF20B70821FF401C4641D5884C11A039
                                                                                                                                                                                                                                                    Function 00394D4D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: 92ca31518cde2a18acb94ee4794ceb8975155f0ae02d9bc91cef2f6958d13207
                                                                                                                                                                                                                                                    • Instruction ID: 54ffe8e76a8fe6457c269daad18fcdc47e84f4e028c65187a2da74ab2fcbf1eb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92ca31518cde2a18acb94ee4794ceb8975155f0ae02d9bc91cef2f6958d13207
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AB0128535C010BC3A0D5208AC02D37027CC1CAF10B70C01FF800C5641D5880C156035
                                                                                                                                                                                                                                                    Function 00394D43 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: ea492a11181388e54184eed477eae919a0a2832c27e2b010819d6f9f88d9f54f
                                                                                                                                                                                                                                                    • Instruction ID: dd41373d5f25b1e37d042cb95e6b3f630940ee5227d3fe46f0aae576d5e64b5a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea492a11181388e54184eed477eae919a0a2832c27e2b010819d6f9f88d9f54f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEB012853580007C360D5208ED02D37022DC1CAF20BB0C21FF401C4641D5880C126039
                                                                                                                                                                                                                                                    Function 00394D93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: bc85e8a76f13c555e524fc7900b212f9a0cf9e2214f657dae68dcbfe38c5ab14
                                                                                                                                                                                                                                                    • Instruction ID: b46a4b3a43afbde1b5738c48cca1d93c2d042694ceb95da8eb3d5aa95aab3597
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc85e8a76f13c555e524fc7900b212f9a0cf9e2214f657dae68dcbfe38c5ab14
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A4B012853582007C3A0D5208AC42D37022CC1CAF10B70811FF800C4641D6880C55A035
                                                                                                                                                                                                                                                    Function 00394D89 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394D1C
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID: `ato
                                                                                                                                                                                                                                                    • API String ID: 1269201914-3307817267
                                                                                                                                                                                                                                                    • Opcode ID: 221a3daa4dfe70c730758ecb18db14ddd59284f6a6bcb4026f3e53f2c36a91c1
                                                                                                                                                                                                                                                    • Instruction ID: f112ba4976ff594a986da0991a283da02d0fe93f03d739a694db47433e63c03d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 221a3daa4dfe70c730758ecb18db14ddd59284f6a6bcb4026f3e53f2c36a91c1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36B012853582007C360D5208BD02D37022CC1CAF10B70C01FF400C4641D6880C126035
                                                                                                                                                                                                                                                    Function 00364A40 Relevance: 3.1, APIs: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00364AD2
                                                                                                                                                                                                                                                    • SysFreeString.OLEAUT32(-00000001), ref: 00364AFD
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeString_com_issue_error
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 709734423-0
                                                                                                                                                                                                                                                    • Opcode ID: 7d83291665f8efefb79f018adfe11bee229cf8ffaf00f58f0e8958b863d04c41
                                                                                                                                                                                                                                                    • Instruction ID: c5eecbb9b59cb92a44f3374fda4b94843edf2745b1f9c615920d613dc9dda608
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d83291665f8efefb79f018adfe11bee229cf8ffaf00f58f0e8958b863d04c41
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA21B5B1D00715ABD7219F59C805B57FBE8EF41B20F25872EE96597680EBB4A840C7D0
                                                                                                                                                                                                                                                    Function 003D5BF0 Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,?,?,00000000,?,0037860A,00000000,?,003D610D,0037860A,0037860A,00000000,0042C218,A2199216,0037860A), ref: 003D5C8C
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,003D610D,0037860A,0037860A,00000000,0042C218,A2199216,0037860A,0037860A,0037860A,A2199216,00000000,?,003C591E,00000000,0042C218), ref: 003D5CB2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 442123175-0
                                                                                                                                                                                                                                                    • Opcode ID: e9f18a40bbe1f11984e6ea65bc5897e45c3df48ef5785ea6a9f62e3fda648ddc
                                                                                                                                                                                                                                                    • Instruction ID: 399c172660a88867e9df63426465511cecb7bf2592cbe34180bca7af0c92d3fa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9f18a40bbe1f11984e6ea65bc5897e45c3df48ef5785ea6a9f62e3fda648ddc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15219135A102199FCF16CF29DC809E9B7BAEB48301F1440AAEA46D7321D630DE46CF64
                                                                                                                                                                                                                                                    Function 00349BB0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                    • InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 51270584-0
                                                                                                                                                                                                                                                    • Opcode ID: ab2aad60ed971d7bec213d3ec0f0d40e49b84c4f0c83a6ff0320cf730f82748e
                                                                                                                                                                                                                                                    • Instruction ID: be2dde548f00ebd91af43741fd3a94634aa5a2f67db47223ffe8e753c828baf4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ab2aad60ed971d7bec213d3ec0f0d40e49b84c4f0c83a6ff0320cf730f82748e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8101C070A40649ABEB15EF948C46B6AB3F8EB08B04F50062AB516AF6C0DB746A04CA55
                                                                                                                                                                                                                                                    Function 003B99E1 Relevance: 3.0, APIs: 2, Instructions: 42memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00364AA5,?,00000000,00000000,?,003BBE00,0042BF08,000000FE,?,00364AA5), ref: 003B9A04
                                                                                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 003B9A0F
                                                                                                                                                                                                                                                      • Part of subcall function 003BE960: _free.LIBCMT ref: 003BE973
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 003B9A38
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 003B9A42
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(80070057,A2199216,?,00000000,?,003BBE00,0042BF08,000000FE,?,00364AA5,?), ref: 003B9A47
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 003B9A5A
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000000,?,003BBE00,0042BF08,000000FE,?,00364AA5,?), ref: 003B9A70
                                                                                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 003B9A83
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _com_issue_error$ErrorLast$AllocByteCharMultiStringWide_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 878839965-0
                                                                                                                                                                                                                                                    • Opcode ID: 7e2a1fe996eaf4ff35058d28a7484cfedeb318df69d044bbefa6bf1057e420e4
                                                                                                                                                                                                                                                    • Instruction ID: 3f9d2231c30623ee6808076269987c653bd51f6410ed45c9c32f90bacd02396e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e2a1fe996eaf4ff35058d28a7484cfedeb318df69d044bbefa6bf1057e420e4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E01D671F042149FDB229F94D841BEEB7B8EF4C714F10012AEF0567650DB305910C791
                                                                                                                                                                                                                                                    Function 0036DEC0 Relevance: 3.0, APIs: 2, Instructions: 22registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SHDeleteKeyW.SHLWAPI(?,0041BFD0,?,0036DE7B), ref: 0036DED6
                                                                                                                                                                                                                                                    • RegCloseKey.KERNEL32(?,?,0036DE7B), ref: 0036DEE4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseDelete
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 453069226-0
                                                                                                                                                                                                                                                    • Opcode ID: bf969b5b4b6b4b9a4981c70bb9d1e2baa76e15513bc5618c3cb82c0ea3329af7
                                                                                                                                                                                                                                                    • Instruction ID: 52dfeb4df8e1c52392037022b96804983ebfccd09e2df0e2f587f08e17316d23
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf969b5b4b6b4b9a4981c70bb9d1e2baa76e15513bc5618c3cb82c0ea3329af7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82E01A70604B519FD7319F29F808B53BBE8AB08710F15C84EE49AC7AA4C7B8E880CB54
                                                                                                                                                                                                                                                    Function 0034DEB0 Relevance: 1.8, APIs: 1, Instructions: 298COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000023,00000001,A2199216,?,?), ref: 0034DF08
                                                                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA),00000001,00000000,00000000), ref: 0034E36C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DescriptorSecurity$ConvertFolderPathSpecialString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4077199523-0
                                                                                                                                                                                                                                                    • Opcode ID: 6f5a4e10640baa85615b1429c1a97e50ceedff8d16f2e0eb2eb2a7b5378350bf
                                                                                                                                                                                                                                                    • Instruction ID: b1d54e520abfe7bc13160e4b1796b0888178b7f80751dffa64bd7ff403909eb2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f5a4e10640baa85615b1429c1a97e50ceedff8d16f2e0eb2eb2a7b5378350bf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CC12331A102049BCB29DF68DC89BDDB7B6FF85304F10869DD4099B691DB75BA84CF90
                                                                                                                                                                                                                                                    Function 003D627A Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 223120d437b6567f05ce8b0dc6a7c2324fe5e84f9fe87a39fbcd145bc0000cf7
                                                                                                                                                                                                                                                    • Instruction ID: 5b9239a3c17c3a639cfab0c27a571c78385fdb7cb699df10dee8d2f45885707a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 223120d437b6567f05ce8b0dc6a7c2324fe5e84f9fe87a39fbcd145bc0000cf7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54414876A00104AFCB12CF58E842AAD7BA6EB85364F29816EF4589B361C731DD41C750
                                                                                                                                                                                                                                                    Function 003D732A Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                                                                                    • Opcode ID: fcac5e7dc2468988935e2e8cdfae831e193451bb28cf9413c9b6ef97b991f7f7
                                                                                                                                                                                                                                                    • Instruction ID: 933cba1e7c85543b1e0ec02345e4a2dfad4191618b4c74096c9a0aeb2d07d641
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fcac5e7dc2468988935e2e8cdfae831e193451bb28cf9413c9b6ef97b991f7f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58115A76A0410AAFCF0ADF58E94199F7BF4EF48304F01406AF804EB351D670EA11DBA5
                                                                                                                                                                                                                                                    Function 003C5854 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                                                                                    • Instruction ID: 1f2b2e4a2e975c00d645a15f82b40227656f17e582cda15ead082be354e2fb1c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 738b2551a80a8a8d4bf8db57af4b31d13eda5225752eac16fda81814e4d2ac91
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17F0D132601B141ADA232629AC06F9B33989F52335F15071AF875DAAD2DA74EC4687A1
                                                                                                                                                                                                                                                    Function 0036DF10 Relevance: 1.5, APIs: 1, Instructions: 41registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegCreateKeyExW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?), ref: 0036DF45
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Create
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2289755597-0
                                                                                                                                                                                                                                                    • Opcode ID: 141818fafd74478d85e3e4b693342593a018c49e337cb823ac527643edd1071a
                                                                                                                                                                                                                                                    • Instruction ID: c7c38b39611255162f9c917188b7cfaa190237eb15c3e07251aa3c51981a6653
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 141818fafd74478d85e3e4b693342593a018c49e337cb823ac527643edd1071a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76012C75A00209EBCB15CF45D804F9EBBB9FF99310F108059F94597350D771AA54DB94
                                                                                                                                                                                                                                                    Function 00386050 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • PathFileExistsW.SHLWAPI(?), ref: 00386061
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExistsFilePath
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1174141254-0
                                                                                                                                                                                                                                                    • Opcode ID: 1348a07a56601eaaa61fce4a8c78ed744ae63549c857a631ad9e70ef71d62bfc
                                                                                                                                                                                                                                                    • Instruction ID: e4f2eae87d129b12b81ee4e965c7a246da9e2bc9e4b7c77dcc65d11bbe6b5b6c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1348a07a56601eaaa61fce4a8c78ed744ae63549c857a631ad9e70ef71d62bfc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF049713002009BC724AF69D819B5BB7F9AF88710F41866DE449CB620E3B5FA46CBA4
                                                                                                                                                                                                                                                    Function 003D55F5 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D2174: RtlAllocateHeap.NTDLL(00000000,?,?,?,003B872D,?,?,0034A1ED,0000002C,A2199216), ref: 003D21A6
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D5615
                                                                                                                                                                                                                                                      • Part of subcall function 003D2098: RtlFreeHeap.NTDLL(00000000,00000000,?,003DB729,?,00000000,?,?,?,003DB9CC,?,00000007,?,?,003DBDD6,?), ref: 003D20AE
                                                                                                                                                                                                                                                      • Part of subcall function 003D2098: GetLastError.KERNEL32(?,?,003DB729,?,00000000,?,?,?,003DB9CC,?,00000007,?,?,003DBDD6,?,?), ref: 003D20C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Heap$AllocateErrorFreeLast_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 314386986-0
                                                                                                                                                                                                                                                    • Opcode ID: 018e14084d71b00727698538644c3e0cd1ab594b0099752aab29d4591222a4e7
                                                                                                                                                                                                                                                    • Instruction ID: d1b3f53efcee2b86543ea93f339ab500825fadb8baa6e86f5caedf517b77d475
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 018e14084d71b00727698538644c3e0cd1ab594b0099752aab29d4591222a4e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF062731057009FD3359F55E401B52F7FCEF90711F10842FE29A8B690DAB4A4458B54
                                                                                                                                                                                                                                                    Function 003D2174 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,?,?,003B872D,?,?,0034A1ED,0000002C,A2199216), ref: 003D21A6
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                                                                    • Opcode ID: cb0f6d867fe723ddfc1b41a8d959817d5c08ea23c631d88361de4c29272d24ea
                                                                                                                                                                                                                                                    • Instruction ID: 21a3d3927aa9bec8e65545b5f21d3af372d4d8393a4a20c5f1f0d0cc5df05a3f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cb0f6d867fe723ddfc1b41a8d959817d5c08ea23c631d88361de4c29272d24ea
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEE06D3720422567E7333666BC01B9B7A6D9B623A0F169122BE25DA791DB24CC4582A4
                                                                                                                                                                                                                                                    Function 0036E500 Relevance: 1.5, APIs: 1, Instructions: 30registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExW.KERNEL32(?,?,00000000,?,?), ref: 0036E51F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Open
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 71445658-0
                                                                                                                                                                                                                                                    • Opcode ID: 75d8ef77972e9ae5b5372e3459ba6d8b1c18b3b65ac34d90036558c37e11a035
                                                                                                                                                                                                                                                    • Instruction ID: 01771070c54997e2b4a2fcaf0e8111d2cac7219ad68fd4e81c7038675d924fd9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75d8ef77972e9ae5b5372e3459ba6d8b1c18b3b65ac34d90036558c37e11a035
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69F05E32600208EBDB258F0ADC08F5EBBADEF95710F10845EF80597250D6B0AA10CB94
                                                                                                                                                                                                                                                    Function 0034136C Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 003413A5
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 323602529-0
                                                                                                                                                                                                                                                    • Opcode ID: 11089f962ce137617280fddf741eb4e14fc196851059679c78c197710c9c645b
                                                                                                                                                                                                                                                    • Instruction ID: 18ac6ffc09c6bf4651be93cd02502831f50d66f2d475a81fdb20665fef3c66b3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11089f962ce137617280fddf741eb4e14fc196851059679c78c197710c9c645b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 45F0E572904694EFD7068F48DD01F9AB3FCEB08720F10422EE411976C0DBB4A9048A94
                                                                                                                                                                                                                                                    Function 0036ED10 Relevance: 1.5, APIs: 1, Instructions: 20registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegSetValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 0036ED2F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                                                                    • Opcode ID: e5b7cec5d0234006ee5041a58e2422d6696b6a507012cce0c5af75908703a5fa
                                                                                                                                                                                                                                                    • Instruction ID: 624692b7a40325477d38b0b4a956ff4949f663d007fa49c68f945eeaeb979558
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5b7cec5d0234006ee5041a58e2422d6696b6a507012cce0c5af75908703a5fa
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFE0123A24020DFFDB018E85EC40F677B2AEB95700F10C415F9184A1A5C773DC21ABA0
                                                                                                                                                                                                                                                    Function 003E4D80 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00000000,?,003E4E6A,00000000,00000000,-00000002,A2199216,00000028,00000000,?,00000000,extra,00000005,00000000,00000000,004044E4), ref: 003E4D92
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                                                                                    • Opcode ID: c66a95008a18e7d5f60a43c75b925e5c301e835aa29181ef2cae29786e529244
                                                                                                                                                                                                                                                    • Instruction ID: d456b76af55b218dac49ccc95759cfb41a39eaa7a5d4ae8af63459f868b9b0c9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c66a95008a18e7d5f60a43c75b925e5c301e835aa29181ef2cae29786e529244
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DD0A73111026919AF550E7E9C696B7334C994576474D0750F41EC60E6EA30EC82F310
                                                                                                                                                                                                                                                    Function 003DFE25 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,003E0187,?,?,00000000,?,003E0187,00000000,0000000C), ref: 003DFE42
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                                                                                    • Opcode ID: 9d5656b88500d1003196c270b7abf5981730ffd33aa0f8702a0cf868160248b4
                                                                                                                                                                                                                                                    • Instruction ID: a12283e724e0976083a0e50e0a2ac90270c61fe5e178cf788496026f23e90bbd
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d5656b88500d1003196c270b7abf5981730ffd33aa0f8702a0cf868160248b4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 83D06C3200010DBBDF028F85DD06EDA3BAAFB48714F014000BA1896160C772E921EB91
                                                                                                                                                                                                                                                    Function 003A269D Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003A2743: DloadGetSRWLockFunctionPointers.DELAYIMP ref: 003A2743
                                                                                                                                                                                                                                                      • Part of subcall function 003A2743: AcquireSRWLockExclusive.KERNEL32(?,003A28F1), ref: 003A2760
                                                                                                                                                                                                                                                    • DloadProtectSection.DELAYIMP ref: 003A26C5
                                                                                                                                                                                                                                                      • Part of subcall function 003A286C: DloadObtainSection.DELAYIMP ref: 003A287C
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Dload$LockSection$AcquireExclusiveFunctionObtainPointersProtect
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1209458687-0
                                                                                                                                                                                                                                                    • Opcode ID: ceb2c058b97c2e639850bb6e5db1a4d980696b1f1fc636d6b39d3701d9697fb2
                                                                                                                                                                                                                                                    • Instruction ID: f87c9d9a75626820f0da8598f7d40ac2336d2d476d5c36a01524ab5e1c9ab652
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ceb2c058b97c2e639850bb6e5db1a4d980696b1f1fc636d6b39d3701d9697fb2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2D01230654241AAC357BB1DAC8A71B3254F31B700F729425B545D54B5C7FA49408A2D
                                                                                                                                                                                                                                                    Function 0036E8C0 Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?), ref: 0036E8D4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: QueryValue
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3660427363-0
                                                                                                                                                                                                                                                    • Opcode ID: 2879230ae28e1a3e01deb71e7fdcbd1a064c734f6623cb9e8ffdb8cfe071ac81
                                                                                                                                                                                                                                                    • Instruction ID: 1a12255a71c7e1954c01fba5749487eb19f39daede40053175ea87ce4f6e8a28
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2879230ae28e1a3e01deb71e7fdcbd1a064c734f6623cb9e8ffdb8cfe071ac81
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39D0EA3604020DBBDF025F81ED05E9A7F2AEB09761F148415FA1918071C7B39571EBA5
                                                                                                                                                                                                                                                    Function 003BE960 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003BE973
                                                                                                                                                                                                                                                      • Part of subcall function 003D2098: RtlFreeHeap.NTDLL(00000000,00000000,?,003DB729,?,00000000,?,?,?,003DB9CC,?,00000007,?,?,003DBDD6,?), ref: 003D20AE
                                                                                                                                                                                                                                                      • Part of subcall function 003D2098: GetLastError.KERNEL32(?,?,003DB729,?,00000000,?,?,?,003DB9CC,?,00000007,?,?,003DBDD6,?,?), ref: 003D20C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFreeHeapLast_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1353095263-0
                                                                                                                                                                                                                                                    • Opcode ID: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                                                                                    • Instruction ID: 6d96cf522e03612dc0bf0b7d94ebf7d798656db2947ea5aa28ea942b5b190971
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fab4fa4e78e3bb56b6f0db2a41ca46f282b47d196b259d4a4af83b9d8bde8242
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFC08C7200020CBBCB019B42D806A4E7BA8DB80364F200044F4011B340CAB1EE049680
                                                                                                                                                                                                                                                    Function 00394DB8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394DAF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: 2505d59c8d60865ef14c3cedc3f7adeba5df64e59d060e53288d7b8faffbbd34
                                                                                                                                                                                                                                                    • Instruction ID: e93c5370a940b50533beebc9a0343b61c19cb8bad0e616d40e86db95155006af
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2505d59c8d60865ef14c3cedc3f7adeba5df64e59d060e53288d7b8faffbbd34
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9B012C5798010BC3649521C7C02D37011CC1CAF10770C02FF404C4561D7844C151135
                                                                                                                                                                                                                                                    Function 00394D9D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 00394DAF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: 92b4e06a34e117a55d4f353360086c96a459bd3e595b6e460f672618acd83e27
                                                                                                                                                                                                                                                    • Instruction ID: 846868713695991d2334c3d8a7e93d363346f60ee29c563eb8ec7818f8c65ec4
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92b4e06a34e117a55d4f353360086c96a459bd3e595b6e460f672618acd83e27
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9CB012C53990107C32091208BD02D37012CC5C6F20BF0801FF040C445197844C115035
                                                                                                                                                                                                                                                    Function 003A14C6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003A14D8
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: ada78543f5625dfe97c588c02a8d524ef4feb628a8e8f137b341ccd396623247
                                                                                                                                                                                                                                                    • Instruction ID: e0351abf9696076ac8814efe5c39170df76b7e57fbea61100e06626a5b29897f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ada78543f5625dfe97c588c02a8d524ef4feb628a8e8f137b341ccd396623247
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 54B012A53580107C3209121A6D02E37112CC5C6F10F70C11FF000C5841D5881C122039
                                                                                                                                                                                                                                                    Function 003B97AC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B97C4
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: bc0c8b28f81798b4d1502fc8c606f251d305853f3ccb3e961549790cc6a9ea92
                                                                                                                                                                                                                                                    • Instruction ID: aa25b24296724e4d8e20715afe9356d82c423859a7769313d391b77e51507a09
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bc0c8b28f81798b4d1502fc8c606f251d305853f3ccb3e961549790cc6a9ea92
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFB012913780107C320922186D07D37111CC1C5F10770C42FFB01D4851AA840C151035
                                                                                                                                                                                                                                                    Function 003B9BFA Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: 1badf32f234e5ec4662b128994af165c512bedb4080a736bdda50c7caf9867c7
                                                                                                                                                                                                                                                    • Instruction ID: f09c05d50e10197cdfb72f87528c7f4e5a619be04488bb6f116a78b4ecdd4666
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1badf32f234e5ec4662b128994af165c512bedb4080a736bdda50c7caf9867c7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9B0129136C110BC310D92087C02E37022CC5C5F14770C51FF500C4A40D5C40C902035
                                                                                                                                                                                                                                                    Function 003B9BF0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: 561c57f96dbd1c497349147244b63839c9cfd9ada61059e1f2c1cf2b1e0bc125
                                                                                                                                                                                                                                                    • Instruction ID: b01e8f48a06c86af99b92546d9a43b78132e6b6b5c0977a8927d57bd875d33ed
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 561c57f96dbd1c497349147244b63839c9cfd9ada61059e1f2c1cf2b1e0bc125
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 09B0129136C1007C320D92087D02E37111CC5C5F14770C51FF200C4A40E5C40C912039
                                                                                                                                                                                                                                                    Function 003B9C36 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: a307f5328dd68ef56425ee0ab0da739e6019b7d2c5d01e3a8b6be54c5efa0575
                                                                                                                                                                                                                                                    • Instruction ID: 05af8a5b5c9c9ae20f6ecb0de2246a8a21e522b726489afb96a241b12e21f1d3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a307f5328dd68ef56425ee0ab0da739e6019b7d2c5d01e3a8b6be54c5efa0575
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37B0128536C110BC310D92087C03F37011CC5C5F10770C51FF500C4940D5C44C503035
                                                                                                                                                                                                                                                    Function 003B9C2C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: 62d4e85d2e9f34e3f6a49dce97d251a13126cb28885498aec3c6a365d9b09002
                                                                                                                                                                                                                                                    • Instruction ID: f9ddfaf3dad6449eb5b9d3a581f36e1eb255cae77123d0aeb7d86989999599fa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62d4e85d2e9f34e3f6a49dce97d251a13126cb28885498aec3c6a365d9b09002
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E0B0128236C2007C710D92087D02F37016CC5C5F10770851FF100C4940D5C40C506035
                                                                                                                                                                                                                                                    Function 003B9C22 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: dda9078eb2de9b2d0cb751832a91a4d66636828bf0a3fb66a9a833e0a71e7c42
                                                                                                                                                                                                                                                    • Instruction ID: b393b9163d65b90a37e352089d2a01507d5a029a1b9472da1eb1e83d0a9fd2c7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dda9078eb2de9b2d0cb751832a91a4d66636828bf0a3fb66a9a833e0a71e7c42
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CB0129136C1007C320D92087D02E37119CC5C5F10B70C51FF200C4940D6C40C512035
                                                                                                                                                                                                                                                    Function 003B9C18 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: 9f38ed98deb5c0c1c1f8f5046795562e970e1485feadbce75dbfafe1d57b1d3b
                                                                                                                                                                                                                                                    • Instruction ID: 56edb8eb4f97c84faaf712550732a7ecaaa604a39f6cf8d67e29709cec45b152
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f38ed98deb5c0c1c1f8f5046795562e970e1485feadbce75dbfafe1d57b1d3b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69B0128536C2007C320D92087C42E77015CC5C5F10770861FF500C4940D5C40C942035
                                                                                                                                                                                                                                                    Function 003B9C0E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: e8d609e0551392e44a8063a0ac6f01d3f6b09e6a5291a4abddfdd34754204f0b
                                                                                                                                                                                                                                                    • Instruction ID: 34ce9673b543883cbef1b54d736ed7227f1ea71262c25320ed160628e90e15cf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8d609e0551392e44a8063a0ac6f01d3f6b09e6a5291a4abddfdd34754204f0b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69B0128136C110BC310D92187C02E37015CC5C5F10770C51FF500C4940D6C40C502035
                                                                                                                                                                                                                                                    Function 003B9C04 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: ee79e98cae6c8fde022bb475e08faba19ce62688526b301fc62c3e699b3a8cf4
                                                                                                                                                                                                                                                    • Instruction ID: 177c75128c4953ec9fd8ac60672e459df0b62de5c9895f2dd09378d79fe718ce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee79e98cae6c8fde022bb475e08faba19ce62688526b301fc62c3e699b3a8cf4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2FB0129136C1007C310D92087D02F37012CC6C5F14770851FF100C4A40D5C40C90A035
                                                                                                                                                                                                                                                    Function 003B9C54 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: 6470c280580c18bd0e036be3f3d0cdb78841c3afd8593575fca1492f551a9490
                                                                                                                                                                                                                                                    • Instruction ID: 03d12b170df2d7e05b8e99c2cb37067e3990fc350947de7156f982ea6146079e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6470c280580c18bd0e036be3f3d0cdb78841c3afd8593575fca1492f551a9490
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DB0128536C1007C310D92097D02F37012CC5C5F10770891FF100C4980D5C40C507035
                                                                                                                                                                                                                                                    Function 003B9C4A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: 49b16d6e00b66ef70d796edd7461e0cafca0559e7025e42141d2006643cacd85
                                                                                                                                                                                                                                                    • Instruction ID: 144891f92bdc6abbc36b0cb63ea221c8abf65f9064001d8d8c269b71527e640f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 49b16d6e00b66ef70d796edd7461e0cafca0559e7025e42141d2006643cacd85
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1B0128536C1007C320D9208BD02F37111CC5C5F10770C51FF200C4950D5C40C513035
                                                                                                                                                                                                                                                    Function 003B9C40 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ___delayLoadHelper2@8.DELAYIMP ref: 003B9BE7
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: DloadReleaseSectionWriteAccess.DELAYIMP ref: 003A29AF
                                                                                                                                                                                                                                                      • Part of subcall function 003A293C: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 003A29C0
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1269201914-0
                                                                                                                                                                                                                                                    • Opcode ID: 97ebb0093c4933013342edd851fd829a1269b8dab1edc7fff5e373a1a2832aa3
                                                                                                                                                                                                                                                    • Instruction ID: 7da524e9fe7da64ce3813e02cf94b4e09117089e6949c29fd2709bede9f86ca0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97ebb0093c4933013342edd851fd829a1269b8dab1edc7fff5e373a1a2832aa3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EB0128576C2007C320D92087C42F77011CC5C5F10770861FF500C4940D5C80C943035
                                                                                                                                                                                                                                                    Function 0036ECD0 Relevance: 1.3, APIs: 1, Instructions: 30stringCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: lstrlen
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1659193697-0
                                                                                                                                                                                                                                                    • Opcode ID: d756bb3f87c888a1817d31650949060880907427cccfcb1ba16f36d71659ef64
                                                                                                                                                                                                                                                    • Instruction ID: 7fc58fdaae8957f6fe0df2db3715785a851dcc318c2d91be4b3e589e635222ce
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d756bb3f87c888a1817d31650949060880907427cccfcb1ba16f36d71659ef64
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31E0E537200119ABDB118B89EC44D9AF76DEBD5371705403BF90487121D771AC15D7A0

                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                    Function 00370540 Relevance: 98.2, APIs: 29, Strings: 27, Instructions: 220libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?,A2199216), ref: 00370571
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 003705B7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,SetEntriesInAclW), ref: 003705DD
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetFileSecurityW), ref: 003705E9
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,SetFileSecurityW), ref: 003705F5
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00370601
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetExplicitEntriesFromAclW), ref: 0037060D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,RegGetKeySecurity), ref: 0037061C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,RegSetKeySecurity), ref: 00370628
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InitializeSecurityDescriptor), ref: 00370634
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,SetSecurityDescriptorDacl), ref: 00370640
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetSecurityDescriptorDacl), ref: 0037064C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,AllocateAndInitializeSid), ref: 00370658
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,FreeSid), ref: 00370664
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,OpenThreadToken), ref: 00370670
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 0037067C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InitializeAcl), ref: 00370688
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,InitializeSid), ref: 00370694
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetSidSubAuthority), ref: 003706A0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,AddAccessAllowedAce), ref: 003706AC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetSecurityInfo), ref: 003706B8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,SetSecurityInfo), ref: 003706C4
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,QueryServiceStatusEx), ref: 003706D0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetAce), ref: 003706DC
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,DeleteAce), ref: 003706E8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,EqualSid), ref: 003706F4
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,GetAclInformation), ref: 00370700
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,SetSecurityDescriptorControl), ref: 0037070F
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 003707DE
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$CriticalSection$EnterFreeLeaveLibrary
                                                                                                                                                                                                                                                    • String ID: AddAccessAllowedAce$AllocateAndInitializeSid$DeleteAce$EqualSid$FreeSid$GetAce$GetAclInformation$GetExplicitEntriesFromAclW$GetFileSecurityW$GetSecurityDescriptorDacl$GetSecurityInfo$GetSidSubAuthority$GetTokenInformation$InitializeAcl$InitializeSecurityDescriptor$InitializeSid$LookupAccountSidW$OpenThreadToken$QueryServiceStatusEx$RegGetKeySecurity$RegSetKeySecurity$SetEntriesInAclW$SetFileSecurityW$SetSecurityDescriptorControl$SetSecurityDescriptorDacl$SetSecurityInfo$advapi32.dll
                                                                                                                                                                                                                                                    • API String ID: 2701342527-838666417
                                                                                                                                                                                                                                                    • Opcode ID: 0d7308d1437f78969f7a09e178b223c6f8b2ea6905292b5c05fff30592d12c71
                                                                                                                                                                                                                                                    • Instruction ID: 98b0645e55e06daf0d2824e4b5fac5e347ed6b4da2f7b37a5b5aa658b106e6d3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d7308d1437f78969f7a09e178b223c6f8b2ea6905292b5c05fff30592d12c71
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE812830940B65FECF2A9F61C848B96BFA0FF05315F10412AE91872AA0D779B468DFC5
                                                                                                                                                                                                                                                    Function 00388190 Relevance: 41.9, APIs: 7, Strings: 16, Instructions: 1638timeCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0034463F: GetProcessHeap.KERNEL32(?,?,?,0036C2E1,?,?,?,A2199216,?,00000000), ref: 00344676
                                                                                                                                                                                                                                                    • VariantTimeToSystemTime.OLEAUT32 ref: 00388539
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(A2199216,?), ref: 0038867A
                                                                                                                                                                                                                                                      • Part of subcall function 00368690: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 003686D6
                                                                                                                                                                                                                                                      • Part of subcall function 00368690: LoadResource.KERNEL32(00000000,00000000), ref: 003686E4
                                                                                                                                                                                                                                                      • Part of subcall function 00368690: LockResource.KERNEL32(00000000), ref: 003686EF
                                                                                                                                                                                                                                                      • Part of subcall function 00368690: SizeofResource.KERNEL32(00000000,00000000), ref: 003686FD
                                                                                                                                                                                                                                                      • Part of subcall function 00368690: FindResourceW.KERNEL32(00000000,?,00000006), ref: 00368764
                                                                                                                                                                                                                                                      • Part of subcall function 00368690: LoadResource.KERNEL32(00000000,00000000), ref: 00368776
                                                                                                                                                                                                                                                      • Part of subcall function 00368690: LockResource.KERNEL32(00000000), ref: 00368785
                                                                                                                                                                                                                                                      • Part of subcall function 00368690: SizeofResource.KERNEL32(00000000,00000000), ref: 00368797
                                                                                                                                                                                                                                                    • __floor_pentium4.LIBCMT ref: 00388C83
                                                                                                                                                                                                                                                    • __floor_pentium4.LIBCMT ref: 00388CDF
                                                                                                                                                                                                                                                    • __floor_pentium4.LIBCMT ref: 00388D37
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$__floor_pentium4$FindLoadLockSizeofTime$ErrorHeapLastProcessSystemVariant
                                                                                                                                                                                                                                                    • String ID: $GetAsSystemTime failed: %d$Invalid DateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::FormatDateTime$NWebAdvisor::NXmlUpdater::CDateSubstitution::Substitute$TOMORROW$YESTERDAY$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateSubstitution.cpp$epoch$failed to convert date element(s) to int: year = %s, month = %s, day = %s$failed to convert epoch date: %s$failed to parse day: %s$failed to parse month: %s$failed to parse year: %s$string %s does not have %d symbols starting index %d$yyyy
                                                                                                                                                                                                                                                    • API String ID: 3108935575-1381540002
                                                                                                                                                                                                                                                    • Opcode ID: e9e73109ba36e3702c6ff184fad2d07d982aeee6e31c776b708315f083676327
                                                                                                                                                                                                                                                    • Instruction ID: 64f52fe314b8149430a3ff7e4ae69f8ffd4c1ec1f14b761a217d860aafab6c91
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e9e73109ba36e3702c6ff184fad2d07d982aeee6e31c776b708315f083676327
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14E2D371E00219DBDB26EF64CC45BEDB7B5FF44304F50469AE409AB281EB34AA85CF51
                                                                                                                                                                                                                                                    Function 0038F3C0 Relevance: 33.7, APIs: 13, Strings: 6, Instructions: 463encryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0038F442
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0038F488
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0038F4C6
                                                                                                                                                                                                                                                    • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0038F527
                                                                                                                                                                                                                                                    • CertGetNameStringW.CRYPT32(00000000,00000005,00000000,00000000,00000000,00000000), ref: 0038F5AD
                                                                                                                                                                                                                                                    • CertGetNameStringW.CRYPT32(?,00000005,00000000,00000000,00000000,?), ref: 0038F602
                                                                                                                                                                                                                                                    • CertGetCertificateChain.CRYPT32(00000000,?,?,00000000,00000010,00000000,00000000,?), ref: 0038F89C
                                                                                                                                                                                                                                                    • CertFreeCertificateChain.CRYPT32(00000000), ref: 0038F8B1
                                                                                                                                                                                                                                                    • CertFreeCertificateChain.CRYPT32(00000000), ref: 0038F8CB
                                                                                                                                                                                                                                                      • Part of subcall function 0038E760: CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000000), ref: 0038E877
                                                                                                                                                                                                                                                    • CertVerifyCertificateChainPolicy.CRYPT32(00000003,00000000,0000000C,00000014), ref: 0038F906
                                                                                                                                                                                                                                                    • CertFreeCertificateChain.CRYPT32(00000000), ref: 0038F942
                                                                                                                                                                                                                                                    • CertFreeCRLContext.CRYPT32(?), ref: 0038FA73
                                                                                                                                                                                                                                                    • CertFreeCRLContext.CRYPT32(00000000), ref: 0038FAA6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Cert$Certificate$ChainFree$ContextCryptParam$NameString$FromPolicyPropertyStoreSubjectVerify
                                                                                                                                                                                                                                                    • String ID: 4$Intel Corporation$McAfee, Inc.$McAfee, LLC$McAfee, LLC.$Yahoo! Inc.
                                                                                                                                                                                                                                                    • API String ID: 2452394995-549729705
                                                                                                                                                                                                                                                    • Opcode ID: 3e5f77b78a573c07e6da8cb3267a260733bdedd57d301e0eaddc575aa62a6407
                                                                                                                                                                                                                                                    • Instruction ID: 196884105323456b5d4a6cda9f65212cafc0c6c4c4894454d76b271694c5d874
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e5f77b78a573c07e6da8cb3267a260733bdedd57d301e0eaddc575aa62a6407
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AC12B0709003299FEB26AF24CC49BEAB7B4AF29714F0501E5E809A7291E7759F84CF50
                                                                                                                                                                                                                                                    Function 0038EB60 Relevance: 27.5, APIs: 18, Instructions: 477encryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000001,0037BDCE,00000400,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0038EBD2
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 0038EBE4
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 0038EBF4
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 0038ECEE
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 0038ECFE
                                                                                                                                                                                                                                                    • CryptQueryObject.CRYPT32(00000002,?,00003FFE,00000002,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0038EDEE
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 0038EE0A
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 0038EE1C
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 0038EEB6
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 0038EEC2
                                                                                                                                                                                                                                                      • Part of subcall function 0038F3C0: CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0038F442
                                                                                                                                                                                                                                                      • Part of subcall function 0038F3C0: CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0038F488
                                                                                                                                                                                                                                                      • Part of subcall function 0038F3C0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0038F4C6
                                                                                                                                                                                                                                                      • Part of subcall function 0038F3C0: CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0038F527
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 0038EF02
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 0038EF14
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 0038EFAE
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 0038EFBA
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 0038EFDA
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 0038EFEA
                                                                                                                                                                                                                                                    • CryptMsgClose.CRYPT32(00000000), ref: 0038F0CB
                                                                                                                                                                                                                                                    • CertCloseStore.CRYPT32(00000000,00000001), ref: 0038F0DB
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close$Crypt$CertStore$Param$ObjectQuery$CertificateFromSubject
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2648890560-0
                                                                                                                                                                                                                                                    • Opcode ID: 9415aaf1d8f9f70dd56ec4d29a4076bfa5d3f9775eb1cf11c26fc92248fa9b5b
                                                                                                                                                                                                                                                    • Instruction ID: 9f807c1eaa679f831fc56ffbd91508c57da8ee689ee4bb4e7cdead950879ba20
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9415aaf1d8f9f70dd56ec4d29a4076bfa5d3f9775eb1cf11c26fc92248fa9b5b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4024E71E002189FEF15EFA8CD49BEEBBB8AF08304F154568E501FB281D775AA04CB64
                                                                                                                                                                                                                                                    Function 00382B30 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • LoadLibraryW.KERNEL32(?,A2199216,00000000,?,00000000,?,00383AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004,?), ref: 00382B73
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Dispatcher), ref: 00382B98
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Controller), ref: 00382BA7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,Release), ref: 00382BC8
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00382C46
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00382CC3
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00383AE3,00000000,00000000,?,00000000,811C9DC5,path,00000004), ref: 00382CCB
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Release, xrefs: 00382BC2
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp, xrefs: 00382CE4
                                                                                                                                                                                                                                                    • NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance, xrefs: 00382CDF
                                                                                                                                                                                                                                                    • Dispatcher, xrefs: 00382B92
                                                                                                                                                                                                                                                    • Failed to load library %s. Error 0x%08X, xrefs: 00382CD5
                                                                                                                                                                                                                                                    • Controller, xrefs: 00382B9E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressLibraryProc$Free$ErrorLastLoad
                                                                                                                                                                                                                                                    • String ID: Controller$Dispatcher$Failed to load library %s. Error 0x%08X$NWebAdvisor::NXmlUpdater::InternalImpl::GetInstance$Release$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\Hound.cpp
                                                                                                                                                                                                                                                    • API String ID: 2058215185-435243658
                                                                                                                                                                                                                                                    • Opcode ID: bbfeceaf97612ed82c15f9a9926da14457245557d0532f9a5ab5a357277524c3
                                                                                                                                                                                                                                                    • Instruction ID: 7bcd9dd3ab817cd352dd2e0682a22677a9cc3a1b7a45f30e9f3fd201973bcce1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bbfeceaf97612ed82c15f9a9926da14457245557d0532f9a5ab5a357277524c3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA415EB0A00315DFD7019FA9D945BAEBBF8FF08710F15416AE505AB2A1DBB58900CFA5
                                                                                                                                                                                                                                                    Function 0039B4F0 Relevance: 22.2, Strings: 17, Instructions: 999COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: $$ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$Error text not found (please report)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF8)$no error
                                                                                                                                                                                                                                                    • API String ID: 0-2110857069
                                                                                                                                                                                                                                                    • Opcode ID: 41c30d92fe4ce1b4fa8ea3d4a7f84edf24c66dfc72886d60fbb171d2933dba94
                                                                                                                                                                                                                                                    • Instruction ID: 2c9f815cf14d3542179c907ee47ae4968da323d41b7ce1db59e4e5bb2710ad04
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41c30d92fe4ce1b4fa8ea3d4a7f84edf24c66dfc72886d60fbb171d2933dba94
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D892B175E002299BDF2ACF14DD907E9BBB5AF09304F0541E9EA4DA7281E7349E85CF90
                                                                                                                                                                                                                                                    Function 0033A610 Relevance: 21.9, APIs: 3, Strings: 9, Instructions: 886COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0033ABD1
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0033ABD6
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0033B256
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID: (#C$)$/$8"C$@#C$X#C$YSTEM$p#C$"C
                                                                                                                                                                                                                                                    • API String ID: 118556049-322809434
                                                                                                                                                                                                                                                    • Opcode ID: a7baa49fbf589ed493c093aaedfbb5a2f99d47f562f7bb114717f3feb7eb0e5b
                                                                                                                                                                                                                                                    • Instruction ID: 1078c8454412e461191d0b5a658461a70f00c7848aceab17535e1a4ac37e012e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7baa49fbf589ed493c093aaedfbb5a2f99d47f562f7bb114717f3feb7eb0e5b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF7235B1E00254CFDB15CF34CD957AEB7B8FB08304F20466DE46AAB691EB759984CB41
                                                                                                                                                                                                                                                    Function 00332B00 Relevance: 21.9, APIs: 3, Strings: 9, Instructions: 886COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003330C1
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003330C6
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00333746
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID: C$)$/$0C$8C$HC$YSTEM$`C$xC
                                                                                                                                                                                                                                                    • API String ID: 118556049-1530249852
                                                                                                                                                                                                                                                    • Opcode ID: b0aa8d2b6b253a6c661108a9edcdd03bd67ea9a62d32b7cf71318d56d7810fc5
                                                                                                                                                                                                                                                    • Instruction ID: fdd8682af69e89c9e88f4a3bb9d2c0beef9b5a6fd6fe5f0c4541cb6271857f2c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0aa8d2b6b253a6c661108a9edcdd03bd67ea9a62d32b7cf71318d56d7810fc5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D37217F1D00254CFEB25DF24C8957AE77B8EF18314F21476DE41AAB691EB349A84CB40
                                                                                                                                                                                                                                                    Function 00356220 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 428encryptionthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?), ref: 00356268
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00356274
                                                                                                                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,?,?,?,?,?,?), ref: 003563BF
                                                                                                                                                                                                                                                    • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 003563DF
                                                                                                                                                                                                                                                    • CryptHashData.ADVAPI32(00000000,?,00000000,00000000,?,?,?,?,?,?,?,?), ref: 003563FC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • 3c224a00-5d51-11cf-b3ca-000000000001, xrefs: 0035671E
                                                                                                                                                                                                                                                    • al exception rule %x:%x res %s, xrefs: 0035632E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Crypt$CurrentHash$AcquireContextCreateDataProcessThread
                                                                                                                                                                                                                                                    • String ID: 3c224a00-5d51-11cf-b3ca-000000000001$al exception rule %x:%x res %s
                                                                                                                                                                                                                                                    • API String ID: 3004248768-911235813
                                                                                                                                                                                                                                                    • Opcode ID: 0b7435f2842eb013c8e808c2f80a2028939c227cb6a703441d8939e89e8a1488
                                                                                                                                                                                                                                                    • Instruction ID: 5434848a51b2716432ba4ef45885251cd92864529c7e4747e0e288ee6d4ae310
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b7435f2842eb013c8e808c2f80a2028939c227cb6a703441d8939e89e8a1488
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BF11D35B012249FDB259F14CC95FADB7BABF48711F150099E90AA73A0CB70AE45CF91
                                                                                                                                                                                                                                                    Function 003567B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 150encryptionthreadCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 003567F3
                                                                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 003567FB
                                                                                                                                                                                                                                                    • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 0035687F
                                                                                                                                                                                                                                                    • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0035689F
                                                                                                                                                                                                                                                    • CryptHashData.ADVAPI32(00000000,?,00000000,00000000), ref: 003568BC
                                                                                                                                                                                                                                                    • CryptGetHashParam.ADVAPI32(00000000,00000002,?,00000010,00000000), ref: 003568DE
                                                                                                                                                                                                                                                    • CryptDestroyHash.ADVAPI32(00000000), ref: 003568EF
                                                                                                                                                                                                                                                    • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 00356902
                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 00356951
                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(?,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00356980
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Freeing access handle %p, xrefs: 003567D0
                                                                                                                                                                                                                                                    • al exception rule %x:%x res %s, xrefs: 00356824
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Crypt$Hash$ContextControlCurrentDevice$AcquireCreateDataDestroyParamProcessReleaseThread
                                                                                                                                                                                                                                                    • String ID: Freeing access handle %p$al exception rule %x:%x res %s
                                                                                                                                                                                                                                                    • API String ID: 581428007-3582322424
                                                                                                                                                                                                                                                    • Opcode ID: 5d6ddf04ce47a8bf4b2037afa99beb92b5a0820b1f91131334477d37c10ce455
                                                                                                                                                                                                                                                    • Instruction ID: 7eaf0348b7453887c3a6baf971a59de439ad6e03657d1093dfcaba03589c5733
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d6ddf04ce47a8bf4b2037afa99beb92b5a0820b1f91131334477d37c10ce455
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44519675A00219ABDB218F61CC46FEA77BCAB14701F514195BA04E71E0DBB0EE88CF61
                                                                                                                                                                                                                                                    Function 0033CF40 Relevance: 20.1, APIs: 3, Strings: 8, Instructions: 886COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0033D501
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0033D506
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0033DB86
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID: +C$)$/$8+C$P+C$YSTEM$h+C$+C
                                                                                                                                                                                                                                                    • API String ID: 118556049-199372904
                                                                                                                                                                                                                                                    • Opcode ID: d3bfcf7eb5bc777d199ea57020759d3d1bb0b6df7b6471e8011b6d97c6574233
                                                                                                                                                                                                                                                    • Instruction ID: 6b42dad936c8edbba3fec7fd44680ee1b3326cedbb7abba7ce4f536e32eba45f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3bfcf7eb5bc777d199ea57020759d3d1bb0b6df7b6471e8011b6d97c6574233
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 937228B1D00254CFDB15DF24DD917AEB7B8EF08318F21462DE42AEB691EB74A984CB41
                                                                                                                                                                                                                                                    Function 0038A540 Relevance: 15.8, Strings: 12, Instructions: 846COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Unknown comparison operator: %s, xrefs: 0038A94F
                                                                                                                                                                                                                                                    • NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl, xrefs: 0038A956
                                                                                                                                                                                                                                                    • failed to parse date from value: %s, xrefs: 0038A63C
                                                                                                                                                                                                                                                    • invalid stol argument, xrefs: 0038A987
                                                                                                                                                                                                                                                    • NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied, xrefs: 0038A9FF, 0038B07E
                                                                                                                                                                                                                                                    • failed to parse date from name: %s, xrefs: 0038A5B2
                                                                                                                                                                                                                                                    • NEQ, xrefs: 0038A8CD
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp, xrefs: 0038A95B, 0038AA04, 0038B083
                                                                                                                                                                                                                                                    • [DATE:TODAY], xrefs: 0038AA28
                                                                                                                                                                                                                                                    • stol argument out of range, xrefs: 0038A991
                                                                                                                                                                                                                                                    • Unable to substitute the arguments, xrefs: 0038B077
                                                                                                                                                                                                                                                    • invalid substitutor, xrefs: 0038A9F8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Time$SystemVariant
                                                                                                                                                                                                                                                    • String ID: NEQ$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::CheckDateDelatImpl$NWebAdvisor::NXmlUpdater::CDateDeltaPrecondition::IsPreconditionSatisfied$Unable to substitute the arguments$Unknown comparison operator: %s$[DATE:TODAY]$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\DateDeltaPrecondition.cpp$failed to parse date from name: %s$failed to parse date from value: %s$invalid stol argument$invalid substitutor$stol argument out of range
                                                                                                                                                                                                                                                    • API String ID: 352189841-3100175478
                                                                                                                                                                                                                                                    • Opcode ID: b48d9599f1a828ca2d42becaf16c2a646554a8ad29512731138413db1621851c
                                                                                                                                                                                                                                                    • Instruction ID: 0c265e2dcc68c4125c9106adf7c463ea306cf41a7c2fc973b1ca1a4d8f286747
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b48d9599f1a828ca2d42becaf16c2a646554a8ad29512731138413db1621851c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3272B271D007089ADF26EFA4C955BEEB7B4BF15304F20429EE409BB281EB746A85CF51
                                                                                                                                                                                                                                                    Function 003928A0 Relevance: 13.0, Strings: 10, Instructions: 464COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: Encountered SEND_EVENT, but no event reporter was defined$Invalid$Invalid arguments passed to SEND_EVENT command$NWebAdvisor::NXmlUpdater::CSendEventCommand::Execute$Name$Unable to substitute variables for the SEND_EVENT command$Unexpected call to legacy SEND_EVENT command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SendEventCommand.cpp$default$invalid substitutor
                                                                                                                                                                                                                                                    • API String ID: 0-494503603
                                                                                                                                                                                                                                                    • Opcode ID: 0e02de3d2d3433a5e212dc43c95acdf828ce51c5d48d4a4f659e5d6b1252bbbe
                                                                                                                                                                                                                                                    • Instruction ID: 30a2afea16269b0f45d7338786f38a6c7bc4eed8597ca26f9441639e06efba6d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e02de3d2d3433a5e212dc43c95acdf828ce51c5d48d4a4f659e5d6b1252bbbe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B026E71A41608ABDF15DF90C996BEEB7F4EF08704F104069E5057B2C1DBB9AE08CBA5
                                                                                                                                                                                                                                                    Function 00335400 Relevance: 11.4, APIs: 3, Strings: 3, Instructions: 918COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003359C1
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003359C6
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00336066
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID: )$/$YSTEM
                                                                                                                                                                                                                                                    • API String ID: 118556049-314724184
                                                                                                                                                                                                                                                    • Opcode ID: 9685eae2f240c1ed3d5112f1b78c4ed7a168eb5f657f421100a621bbd8121800
                                                                                                                                                                                                                                                    • Instruction ID: b319053f8a655667e21cb5790e1a7640784cc00050b36b9711642ddda6618ebe
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9685eae2f240c1ed3d5112f1b78c4ed7a168eb5f657f421100a621bbd8121800
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D7215B1E00654DFDF15CF24CC967AE77B8EB09318F20466DE41AEB691EB349A84CB41
                                                                                                                                                                                                                                                    Function 0038F150 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 342encryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(00000000,00000005,00000000,?,?), ref: 0038F442
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(00000000,00000006,00000000,00000000,00000004), ref: 0038F488
                                                                                                                                                                                                                                                    • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,00000000), ref: 0038F4C6
                                                                                                                                                                                                                                                    • CertGetSubjectCertificateFromStore.CRYPT32(?,00010001,?), ref: 0038F527
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CryptParam$CertCertificateFromStoreSubject
                                                                                                                                                                                                                                                    • String ID: 1.3.6.1.4.1.311.2.4.1
                                                                                                                                                                                                                                                    • API String ID: 738114118-146536318
                                                                                                                                                                                                                                                    • Opcode ID: fbe1315410be0ba92759332ffb0b0e4acccce07cf0d37f25f844e8347b0c6fed
                                                                                                                                                                                                                                                    • Instruction ID: 22a58d9613afd17d025cee651e7b75cb9832f6b61d450bac21eb95559a467a2c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbe1315410be0ba92759332ffb0b0e4acccce07cf0d37f25f844e8347b0c6fed
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3AD17A75D002199FCB26EF64C885BEEBBB5EF49714F1041A9E819AB740D730AE44CFA0
                                                                                                                                                                                                                                                    Function 003DCFDB Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,003D4E01), ref: 003D1CAE
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 003D1D4C
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: _free.LIBCMT ref: 003D1D0B
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: _free.LIBCMT ref: 003D1D41
                                                                                                                                                                                                                                                    • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 003DD0E7
                                                                                                                                                                                                                                                    • IsValidCodePage.KERNEL32(00000000), ref: 003DD130
                                                                                                                                                                                                                                                    • IsValidLocale.KERNEL32(?,00000001), ref: 003DD13F
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 003DD187
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 003DD1A6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locale$ErrorInfoLastValid_free$CodeDefaultPageUser
                                                                                                                                                                                                                                                    • String ID: (3A
                                                                                                                                                                                                                                                    • API String ID: 949163717-1018157692
                                                                                                                                                                                                                                                    • Opcode ID: 8c3f19e2e3210db36ec5df3b53278b8eff0462c7eb5ab1bc254133725e8f0e02
                                                                                                                                                                                                                                                    • Instruction ID: e19606666e05801b89af3075e3756e2918596343af572ac172fa3512d37c46cb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c3f19e2e3210db36ec5df3b53278b8eff0462c7eb5ab1bc254133725e8f0e02
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 21519E73A10206ABDB12DFA5EC41ABE77BCFF45700F15442AF911EB291EB709905CBA1
                                                                                                                                                                                                                                                    Function 00396D43 Relevance: 10.7, Strings: 8, Instructions: 655COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: @$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)$^$alpha
                                                                                                                                                                                                                                                    • API String ID: 0-4118445655
                                                                                                                                                                                                                                                    • Opcode ID: 63cc3e62c77ca232ca9d9547f7c698bcde043ef489fc1c113ed4abbaccae8689
                                                                                                                                                                                                                                                    • Instruction ID: 49798be2a05bfe866980a56edcae9b6dab18dd24f57ef0e9ccb1cd6ac415c89a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63cc3e62c77ca232ca9d9547f7c698bcde043ef489fc1c113ed4abbaccae8689
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A42B274D183588FDF26CF68C8D07ADBBB5AF0A304F29419ED889AB282D7305D85CB50
                                                                                                                                                                                                                                                    Function 003DCE06 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,2000000B,003DD124,00000002,00000000,?,?,?,003DD124,?,00000000), ref: 003DCE9F
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20001004,003DD124,00000002,00000000,?,?,?,003DD124,?,00000000), ref: 003DCEC8
                                                                                                                                                                                                                                                    • GetACP.KERNEL32(?,?,003DD124,?,00000000), ref: 003DCEDD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                    • String ID: ACP$OCP
                                                                                                                                                                                                                                                    • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                                    • Opcode ID: 61033b2b71c25259f12595ab84c25a47660cb1810f91f19be63eaef4adcd3acb
                                                                                                                                                                                                                                                    • Instruction ID: a4b6e80b3f139674d390dd36bdfe049b1f2915f2d71697ed925c2a19816f5630
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 61033b2b71c25259f12595ab84c25a47660cb1810f91f19be63eaef4adcd3acb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1521D8B3630103AAD7338F65E800AA773ABBF50B56B579426E90AD7705E732DE40C390
                                                                                                                                                                                                                                                    Function 003A0660 Relevance: 8.5, Strings: 6, Instructions: 986COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: ERCP$PCRE$VUUU$VUUU$VUUU$qG9
                                                                                                                                                                                                                                                    • API String ID: 0-1528660448
                                                                                                                                                                                                                                                    • Opcode ID: a1b89d4b045a951c8ef1b69f0d0933c459466e2cdbe621b03464006e7d2cff1d
                                                                                                                                                                                                                                                    • Instruction ID: eb7632ca5856b417f4a4a2a89e90081e4009543fbb32299d14c3d228f4f3a306
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1b89d4b045a951c8ef1b69f0d0933c459466e2cdbe621b03464006e7d2cff1d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46829E35A002598FDF2ACF68C880BADB7B1FF5A314F1542E9D859AB281D7319E85CF50
                                                                                                                                                                                                                                                    Function 0037D2C0 Relevance: 8.0, Strings: 6, Instructions: 504COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: expected ' or "$expected =$expected >$expected element name$invalid numeric character entity$unexpected end of data
                                                                                                                                                                                                                                                    • API String ID: 0-1758782166
                                                                                                                                                                                                                                                    • Opcode ID: 63acf273a9feb6f1573a79c4528aed0539b745d25082c5a1ee99961634c809f7
                                                                                                                                                                                                                                                    • Instruction ID: 52d7813202431bb251dbc58dd4de00240b5a7a7662c5470a8cbb693d07507f99
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 63acf273a9feb6f1573a79c4528aed0539b745d25082c5a1ee99961634c809f7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9D02FCB05002009FD72ACF29C485B76BBF0FF5A304F29859EE48D9F292E7799941CB94
                                                                                                                                                                                                                                                    Function 00397602 Relevance: 6.2, Strings: 4, Instructions: 1247COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: #$($?$n
                                                                                                                                                                                                                                                    • API String ID: 0-1429268647
                                                                                                                                                                                                                                                    • Opcode ID: 8ce070f40bcfb9c8f88fcbde8bb43cfe09459782d1689b7ef99957801fa607eb
                                                                                                                                                                                                                                                    • Instruction ID: 742362b71c12d3316c3c957ba25adf00e4061592438cc31a7c924b459259a197
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ce070f40bcfb9c8f88fcbde8bb43cfe09459782d1689b7ef99957801fa607eb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53B25F74E082598FDF26CFA8C8907ADFBB1BF56300F198299D499AB386D7309945CF50
                                                                                                                                                                                                                                                    Function 003B93F2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003B93FE
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 003B94CA
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 003B94EA
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 003B94F4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 254469556-0
                                                                                                                                                                                                                                                    • Opcode ID: 56b97913ee1f9a16168297d356839d950cf825e034db2dea39aabf8091062a5d
                                                                                                                                                                                                                                                    • Instruction ID: 913bc515e8492bce4b8bb2faaa2e90faaa24368f12045f62e0d28c53094e2b88
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56b97913ee1f9a16168297d356839d950cf825e034db2dea39aabf8091062a5d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40312B75D4131C9BDB22EF64D989BCDBBB8AF04304F10419AE50DAB250EB709B85DF05
                                                                                                                                                                                                                                                    Function 003983A0 Relevance: 5.5, Strings: 4, Instructions: 532COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: )$)$:$\b(?=\w)
                                                                                                                                                                                                                                                    • API String ID: 0-1096454370
                                                                                                                                                                                                                                                    • Opcode ID: 3d68ba96014023cfae4f5a80e35414a10c1952d3ef12c48f1fba26fcc04aed7a
                                                                                                                                                                                                                                                    • Instruction ID: 1e8d2c60c100549018e4d8e82f7d340e2e5826ee9d22215511b8a6557d9502d1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d68ba96014023cfae4f5a80e35414a10c1952d3ef12c48f1fba26fcc04aed7a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11325B74E042198FDF26CF68C8807ADBBB5BF4A304F25819AC85AAB391C7759D85CF50
                                                                                                                                                                                                                                                    Function 003DCA80 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,003D4E01), ref: 003D1CAE
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 003D1D4C
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: _free.LIBCMT ref: 003D1D0B
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: _free.LIBCMT ref: 003D1D41
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003DCAD4
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003DCB1E
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003DCBE4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale$ErrorLast_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3140898709-0
                                                                                                                                                                                                                                                    • Opcode ID: 64690b9d9ed941a5fcd8815ccf44e22534449cdbf56208fe8983a00908105756
                                                                                                                                                                                                                                                    • Instruction ID: 0ff3c845e5b9c92ffa3e4c4a8e4c2a67a410259f346b204cefa6bccc88ecdae2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64690b9d9ed941a5fcd8815ccf44e22534449cdbf56208fe8983a00908105756
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3661B2725702079FDB2A9F28EC82BBA77A9EF04300F15507BEA09C7685E734D981DB50
                                                                                                                                                                                                                                                    Function 003BD453 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,?,?,004380CC), ref: 003BD54B
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,004380CC), ref: 003BD555
                                                                                                                                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,004380CC), ref: 003BD562
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3906539128-0
                                                                                                                                                                                                                                                    • Opcode ID: 6291f4e252a4c20a4a40f2ec561942d6a5ec61063dfbffc939c445e85d5b7b2a
                                                                                                                                                                                                                                                    • Instruction ID: 995aaeb4cfa099c06dd4e1ab84825fa7e6bbcd72ea371cf7f4b7896cfc63af0f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6291f4e252a4c20a4a40f2ec561942d6a5ec61063dfbffc939c445e85d5b7b2a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F931B57490121CABCB62DF28DD897DDBBB8AF18314F5041EAE50CA7260EB709F858F45
                                                                                                                                                                                                                                                    Function 00368EA0 Relevance: 3.6, APIs: 2, Instructions: 635COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003691DE
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0036952E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 118556049-0
                                                                                                                                                                                                                                                    • Opcode ID: 014133b362d4901aa39b42a3315b85e94cf671bdd8e80d54bc61e2f83f4fa403
                                                                                                                                                                                                                                                    • Instruction ID: bfd76338764dd575490b60db076a83fa0857b0f905fac57164d267d8c336c38e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 014133b362d4901aa39b42a3315b85e94cf671bdd8e80d54bc61e2f83f4fa403
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B322E371D00518AFCF16DFA8DC41AEEB7B9FF49310F25822AF815AB695DB309901CB91
                                                                                                                                                                                                                                                    Function 003CB340 Relevance: 3.4, APIs: 2, Instructions: 450COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
                                                                                                                                                                                                                                                    • Instruction ID: a556eaf0825e3d4820d0c202eace165d8ab60f65b2f6bf7c61307d1b7184511a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85f91763730849d915511db82139adc0cf9be373c6b07c1b70189e3b8341c6ec
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DF11B71E002199BDF15CFA9C881BADFBB5EF88314F25826DD819EB345D731AD018B90
                                                                                                                                                                                                                                                    Function 003D70B4 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,003C5A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480), ref: 003D703D
                                                                                                                                                                                                                                                    • OutputDebugStringW.KERNEL32(?,?,003C5A30,?,Microsoft Visual C++ Runtime Library,00012012,?,00000240,?,00000003,?,?,?,00000000,00000480,?), ref: 003D7054
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: DebugDebuggerOutputPresentString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 4086329628-0
                                                                                                                                                                                                                                                    • Opcode ID: ae25d643fee0b2f4333f052a775baa6c4a8b787246f3495a85561a7205ab6178
                                                                                                                                                                                                                                                    • Instruction ID: e279b22f84c97e07d745da9b3ba07945f97762658afe95f4cd60a741a6922241
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae25d643fee0b2f4333f052a775baa6c4a8b787246f3495a85561a7205ab6178
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D01447314811977DA236A51BC46B7F374DAF01361F294403F9059A7D1FA31D91191B2
                                                                                                                                                                                                                                                    Function 003D14AF Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,003D14AA,?,?,00000008,?,?,003E0D68,00000000), ref: 003D16DC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionRaise
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3997070919-0
                                                                                                                                                                                                                                                    • Opcode ID: 45381b1b11a8f7e57e877ff4b0d32a6bc09375cc6454a8e44b0f00fc92449f57
                                                                                                                                                                                                                                                    • Instruction ID: dac5cc2b8505a18e1785248d53a8977d812ec4b47332beed263fa01f38012b4b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45381b1b11a8f7e57e877ff4b0d32a6bc09375cc6454a8e44b0f00fc92449f57
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33B16C36210604EFD716CF28D486B657BE1FF45364F2A865AE89ACF3A1C335E991CB40
                                                                                                                                                                                                                                                    Function 003B9215 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 003B922B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2325560087-0
                                                                                                                                                                                                                                                    • Opcode ID: ca4911ade6e5d3ab0c86a20e552e40c1f6e1fa491392f7a54c0e8289be40de3c
                                                                                                                                                                                                                                                    • Instruction ID: 0b70e2446b2a71e0f3176a60469de36eb2ea4c1b38e8056f38214f8948378399
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca4911ade6e5d3ab0c86a20e552e40c1f6e1fa491392f7a54c0e8289be40de3c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D51CEB1E002099FEB26CF64D8857AEBBF0FB48314F65847AC645EB6A0D374AD00CB50
                                                                                                                                                                                                                                                    Function 003DCCE0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,003D4E01), ref: 003D1CAE
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 003D1D4C
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: _free.LIBCMT ref: 003D1D0B
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: _free.LIBCMT ref: 003D1D41
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 003DCD34
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast_free$InfoLocale
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2003897158-0
                                                                                                                                                                                                                                                    • Opcode ID: 0f676e6cdd26a85ff5ee41a87aa381352bb9d66f888f8a51ba06c33c01c713e4
                                                                                                                                                                                                                                                    • Instruction ID: c918eb07d95a6c79f926ffcaedc42909578e81d8543e60c663e3626031e21bca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f676e6cdd26a85ff5ee41a87aa381352bb9d66f888f8a51ba06c33c01c713e4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2521B377630207ABDB2A9B29EC42ABA7BADEF44304B11107BF906DA241EB74DD04D750
                                                                                                                                                                                                                                                    Function 003DC952 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,003D4E01), ref: 003D1CAE
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 003D1D4C
                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(003DCA80,00000001,00000000,?,-00000050,?,003DD0BB,00000000,?,?,?,00000055,?), ref: 003DC9C4
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                                                                                                                    • Opcode ID: 6da9fa2a0d170614f69bd04acd674bbfb9f381d636a7c5668702060fea8e9b21
                                                                                                                                                                                                                                                    • Instruction ID: 037cc0404537766075e36c0220bf7a898e111d555d0fc1c189b23d8a4e0b679a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6da9fa2a0d170614f69bd04acd674bbfb9f381d636a7c5668702060fea8e9b21
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7114C372203065FDB199F39D8A15BAB792FF84318B15442EE94787740D371B903C740
                                                                                                                                                                                                                                                    Function 003DCF0C Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,003D4E01), ref: 003D1CAE
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 003D1D4C
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,003DCC9C,00000000,00000000,?), ref: 003DCF38
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3736152602-0
                                                                                                                                                                                                                                                    • Opcode ID: 0f75d18f27a6bca190e37d629bbeabd99ea20af5f8fc4a72bafadcebf5bc3e66
                                                                                                                                                                                                                                                    • Instruction ID: 04f50aa69c2905688a18f439231957351ab4197267b57338c53680e77462a071
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f75d18f27a6bca190e37d629bbeabd99ea20af5f8fc4a72bafadcebf5bc3e66
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DF0F933530113BBDB265765E805BFA7B5DEB40754F064426ED15A3280DA30FE41C790
                                                                                                                                                                                                                                                    Function 003DC9ED Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,003D4E01), ref: 003D1CAE
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 003D1D4C
                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(003DCCE0,00000001,?,?,-00000050,?,003DD07F,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 003DCA37
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                                                                                                                    • Opcode ID: 7ebff14f8f5f6a88646d8d82b2838113a79bd03eb78ac623e3a859f9c3cdfdd8
                                                                                                                                                                                                                                                    • Instruction ID: 94cbf657da5f4cb43f20762f34f1ff07c56a4115a11ccacf8dd94d714bff2404
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ebff14f8f5f6a88646d8d82b2838113a79bd03eb78ac623e3a859f9c3cdfdd8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39F0FC372303095FDB169F39EC81ABA7B95FF81358F05442EF9458B750C6715C01D650
                                                                                                                                                                                                                                                    Function 003DC907 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,003D4E01), ref: 003D1CAE
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 003D1D4C
                                                                                                                                                                                                                                                    • EnumSystemLocalesW.KERNEL32(003DC860,00000001,?,?,?,003DD0DD,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 003DC93E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2417226690-0
                                                                                                                                                                                                                                                    • Opcode ID: a2f7266248ee4b528ff8fcf804e873334ed21b2fca0258383bfec39bf2ee57f5
                                                                                                                                                                                                                                                    • Instruction ID: c46a8922a4f2133d23230506215a736810966114df717e6759dbc98c4622d497
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2f7266248ee4b528ff8fcf804e873334ed21b2fca0258383bfec39bf2ee57f5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0CF05C3771020557CB069F76EC15666BF54EFC1710F07405AFA058B350C3319942C750
                                                                                                                                                                                                                                                    Function 003D45DA Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,003D0C61,?,20001004,00000000,00000002,?,?,003D024C), ref: 003D460E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InfoLocale
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2299586839-0
                                                                                                                                                                                                                                                    • Opcode ID: 8962e43ee8c1993c204e76b8d23fef9a247fdfe6bb83721251602664966be0a7
                                                                                                                                                                                                                                                    • Instruction ID: 780179db32a3b210b054f1b54e7fc86c38e28b0eafd20aef317ff39e5eda11d5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8962e43ee8c1993c204e76b8d23fef9a247fdfe6bb83721251602664966be0a7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10E04F32540228BBCF132F61FC04EAE7E1AEF45B61F064012FD5566221CB318920AAD4
                                                                                                                                                                                                                                                    Function 0038E610 Relevance: 1.5, APIs: 1, Instructions: 6encryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseCrypt
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1563465135-0
                                                                                                                                                                                                                                                    • Opcode ID: db052bcaba008b1f309bea3f90e0585d2cceab40854b6cd4477595617bf549d2
                                                                                                                                                                                                                                                    • Instruction ID: 75c91db150a2cb4653c0cc6a2f3498bc47853f5611652544869375390e1c8d25
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db052bcaba008b1f309bea3f90e0585d2cceab40854b6cd4477595617bf549d2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07B011B0A00200ABAF02AB328A0C80232A8AA0030A32800A8A000C2020EAA0CC00CA28
                                                                                                                                                                                                                                                    Function 003B9586 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_000895A0,003B8A95), ref: 003B958B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                                                                                    • Opcode ID: c520df3bb2573f4f2ad62065529e8b45f979957a01825626d64d8fa5ee442e73
                                                                                                                                                                                                                                                    • Instruction ID: 696a3188e39f0ad1a12ad38abc8586e9a99309b1e2cb7522d0df2fa194421384
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c520df3bb2573f4f2ad62065529e8b45f979957a01825626d64d8fa5ee442e73
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                    Function 003C0B4B Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                                                                    • API String ID: 0-4108050209
                                                                                                                                                                                                                                                    • Opcode ID: 860eafaf9c0b3c678e867e06fd09dec3d1c2b9a9690b99e31dd54bd6a71b1088
                                                                                                                                                                                                                                                    • Instruction ID: ed8062d8e7c9fbd60e86542a6572705657226d0843a3497559e9a928ad74875b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 860eafaf9c0b3c678e867e06fd09dec3d1c2b9a9690b99e31dd54bd6a71b1088
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C86188306003C8DADF3FDA688985FBE73A9AB41708F55462DE583EF681CB21ED429301
                                                                                                                                                                                                                                                    Function 003947C0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: :
                                                                                                                                                                                                                                                    • API String ID: 0-336475711
                                                                                                                                                                                                                                                    • Opcode ID: f5d2d174fc270ea2226b8ed2f1228a90fc55fe952d5d1f2ee5d66de75a9df3d7
                                                                                                                                                                                                                                                    • Instruction ID: cfbc9f98915d28aebbe7708c6473c71cf25a35d305a4e748cda873be58ead8b5
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5d2d174fc270ea2226b8ed2f1228a90fc55fe952d5d1f2ee5d66de75a9df3d7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 86412DA7A05248EFEF028E589853BEFFBB4DB76704F444099D8442B383D565870BC7A2
                                                                                                                                                                                                                                                    Function 0034463F Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003B88FA: EnterCriticalSection.KERNEL32(0043742C,?,?,?,0035402B,0043827C,A2199216,?,00351171,?), ref: 003B8905
                                                                                                                                                                                                                                                      • Part of subcall function 003B88FA: LeaveCriticalSection.KERNEL32(0043742C,?,?,?,0035402B,0043827C,A2199216,?,00351171,?), ref: 003B8942
                                                                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,?,?,0036C2E1,?,?,?,A2199216,?,00000000), ref: 00344676
                                                                                                                                                                                                                                                      • Part of subcall function 003B88B0: EnterCriticalSection.KERNEL32(0043742C,?,?,00354086,0043827C,003F68E0,?), ref: 003B88BA
                                                                                                                                                                                                                                                      • Part of subcall function 003B88B0: LeaveCriticalSection.KERNEL32(0043742C,?,?,00354086,0043827C,003F68E0,?), ref: 003B88ED
                                                                                                                                                                                                                                                      • Part of subcall function 003B88B0: RtlWakeAllConditionVariable.NTDLL ref: 003B8964
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 325507722-0
                                                                                                                                                                                                                                                    • Opcode ID: e3b9e4534893e47735bf3560bd4bcf22b60caad6543bbf856c18decd6b592522
                                                                                                                                                                                                                                                    • Instruction ID: ee586dcd05e4b0e1fa239aeb67eaa00d5a074ae3449b885301a09480e274e8a2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e3b9e4534893e47735bf3560bd4bcf22b60caad6543bbf856c18decd6b592522
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD115631504704DED3599B28ED46756B7F4A745338F16613EF718CA2A1DF7868488B2C
                                                                                                                                                                                                                                                    Function 003D4619 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • GetSystemTimePreciseAsFileTime, xrefs: 003D4629
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: GetSystemTimePreciseAsFileTime
                                                                                                                                                                                                                                                    • API String ID: 0-595813830
                                                                                                                                                                                                                                                    • Opcode ID: c7122d7a65c7afe7f1334acdf661ab7918105fbed384864cf33eddbffc3ab689
                                                                                                                                                                                                                                                    • Instruction ID: 25fa270bb3f7f657ac7c182a430a76916a097aed5a7a8a79c08f00a6716b8ac2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c7122d7a65c7afe7f1334acdf661ab7918105fbed384864cf33eddbffc3ab689
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68E0C23368022473C22236A1BC0AFBABE19CB40BB1F040433FA04B62A1D5B54860C6DD
                                                                                                                                                                                                                                                    Function 003E68E0 Relevance: .7, Instructions: 711COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
                                                                                                                                                                                                                                                    • Instruction ID: 376d7daca5838c92f07200c351ea84c3978355ed64f99302b4fe1e49387b4cd0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c93143074e084b5f39dec4510a6073ea415b1cfe3cb7f4e85a14ecd60ae03a41
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B325FB3F515145BDB0CCE5DCC927ECB3E3AF98214B0E813DA81AD7345EA78D9158A84
                                                                                                                                                                                                                                                    Function 003D8609 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: f2289731791b5e9ea0d90dd35b261eb5d49d46b1340d3ea1aee694c4f4245f88
                                                                                                                                                                                                                                                    • Instruction ID: 451cf8776e9a013d201b8d6f8856efb945c6d5277cc7958f409b7632000b7331
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2289731791b5e9ea0d90dd35b261eb5d49d46b1340d3ea1aee694c4f4245f88
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9A322322D29F018DD7239634ED22376A289AFB73C5F15D737E81AB5EA5EF28D4834100
                                                                                                                                                                                                                                                    Function 003C0DB0 Relevance: .2, Instructions: 239COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: d8bd7e016bedc3c3e8cd8f5970e45700a4119280e1b94587c2eee7f3ac98f8e0
                                                                                                                                                                                                                                                    • Instruction ID: b4cd2787fad4ec2de0352c56990934201689f085c52a99271431f49ef1c4cf77
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d8bd7e016bedc3c3e8cd8f5970e45700a4119280e1b94587c2eee7f3ac98f8e0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA618E30680BC8D6DF3F9A7C8891FBEB3A9EB41704F450D2EE542DB682D7629D819341
                                                                                                                                                                                                                                                    Function 003C0919 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
                                                                                                                                                                                                                                                    • Instruction ID: e85d23edb8d10f4aef50c4b355e16bcfe1ffa9ab71390d8f414d8ae690c41660
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b85963471340551fc1d65e6da54e869a27c505fde31b74a5488fce3f4256d08d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C95186306007C8DAEF3F8A288895FBEB79D9B02304F15011ED486EB6A3C731DE448742
                                                                                                                                                                                                                                                    Function 003C933A Relevance: .2, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
                                                                                                                                                                                                                                                    • Instruction ID: 2711e895e0432058d83673177b4ef7fb0f0480405955baaafa5b546831190bd7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d4406a1fdde6bc6bac325aee5dd4238fab62e370ddbc8ac11956ba0301d4bd2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 77516171E00159AFDF09CF99C985BAEBBB6EF88304F1A809DE905EB241C7349E51DB50
                                                                                                                                                                                                                                                    Function 003E0AB2 Relevance: .1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 5a82eefc7f490ce980a01156bdbc5f11d51fa984b1762213ed96ef618d50f83b
                                                                                                                                                                                                                                                    • Instruction ID: 7f7f8bff9491564fb45a41df949726b713ec5554324ac029f8550764f62bf1a2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a82eefc7f490ce980a01156bdbc5f11d51fa984b1762213ed96ef618d50f83b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4721B673F2043947770CC57E8C5227DB6E1C68C501745423AE8A6EA2C1D968D917E2E4
                                                                                                                                                                                                                                                    Function 003E0992 Relevance: .1, Instructions: 81COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 68e8e46d7ab170bdfc0acca55d076a1d3f053d38fabf3dc31c6ff00df4ae516f
                                                                                                                                                                                                                                                    • Instruction ID: 301f8018517e08dc26de3444c91f6bff36c658e9273bf0761f41e11d81482308
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68e8e46d7ab170bdfc0acca55d076a1d3f053d38fabf3dc31c6ff00df4ae516f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0117363F30C255A775C817D8C172BAA5D6EBD825070F533AE826EB2C4E9A4DE13D290
                                                                                                                                                                                                                                                    Function 003BADD0 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                    • Instruction ID: 3d5a5b01e3a4599dfa97e25d0dc07648ad251b55125b58a0c72358c78780d614
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 021157B7200D8243D6178A2DD8F46F7E395EBC532972E437AD3424BF58D222E9459A02
                                                                                                                                                                                                                                                    Function 003A6AB0 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 003A6AB6
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 003A6AC4
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 003A6AD5
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 003A6AE6
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 003A6AF7
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 003A6B08
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 003A6B19
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 003A6B2A
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 003A6B3B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 003A6B4C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 003A6B5D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 003A6B6E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 003A6B7F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 003A6B90
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 003A6BA1
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 003A6BB2
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 003A6BC3
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 003A6BD4
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 003A6BE5
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 003A6BF6
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 003A6C07
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 003A6C18
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 003A6C29
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 003A6C3A
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 003A6C4B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 003A6C5C
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 003A6C6D
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 003A6C7E
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 003A6C8F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 003A6CA0
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 003A6CB1
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 003A6CC2
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 003A6CD3
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 003A6CE4
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 003A6CF5
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 003A6D06
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 003A6D17
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 003A6D28
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 003A6D39
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 003A6D4A
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 003A6D5B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                    • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 667068680-295688737
                                                                                                                                                                                                                                                    • Opcode ID: e717b2454199b0ad20a89f9c5e69ec77d8e29e9fadcbe04bcfd3cb374d61c99a
                                                                                                                                                                                                                                                    • Instruction ID: 34e94cedaf7ed403a7ea3003715a1881a0607cced46c3b07ec98dc8453b1cd09
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e717b2454199b0ad20a89f9c5e69ec77d8e29e9fadcbe04bcfd3cb374d61c99a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D6194B2996322ABC7116FBAAC0DA663EADBA097017145C7BF541E31B1DBF84010DF5C
                                                                                                                                                                                                                                                    Function 003AE2B1 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 449COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003AE2B8
                                                                                                                                                                                                                                                    • ctype.LIBCPMT ref: 003AE2FF
                                                                                                                                                                                                                                                      • Part of subcall function 00343055: __Getctype.LIBCPMT ref: 00343064
                                                                                                                                                                                                                                                      • Part of subcall function 003A7FAF: __EH_prolog3.LIBCMT ref: 003A7FB6
                                                                                                                                                                                                                                                      • Part of subcall function 003A7FAF: std::_Lockit::_Lockit.LIBCPMT ref: 003A7FC0
                                                                                                                                                                                                                                                      • Part of subcall function 003A7FAF: std::_Lockit::~_Lockit.LIBCPMT ref: 003A8031
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE30D
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE324
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE36B
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE39E
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE3F0
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE405
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE424
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE443
                                                                                                                                                                                                                                                    • collate.LIBCPMT ref: 003AE44D
                                                                                                                                                                                                                                                    • __Getcoll.LIBCPMT ref: 003AE48F
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE4BA
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE4FB
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE510
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE559
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE58C
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE5E7
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE643
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE696
                                                                                                                                                                                                                                                      • Part of subcall function 003A8203: __EH_prolog3.LIBCMT ref: 003A820A
                                                                                                                                                                                                                                                      • Part of subcall function 003A8203: std::_Lockit::_Lockit.LIBCPMT ref: 003A8214
                                                                                                                                                                                                                                                      • Part of subcall function 003A8203: std::_Lockit::~_Lockit.LIBCPMT ref: 003A8285
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE6B5
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE707
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE74C
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE761
                                                                                                                                                                                                                                                      • Part of subcall function 003A87D5: __EH_prolog3.LIBCMT ref: 003A87DC
                                                                                                                                                                                                                                                      • Part of subcall function 003A87D5: std::_Lockit::_Lockit.LIBCPMT ref: 003A87E6
                                                                                                                                                                                                                                                      • Part of subcall function 003A87D5: std::_Lockit::~_Lockit.LIBCPMT ref: 003A8857
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE780
                                                                                                                                                                                                                                                      • Part of subcall function 003A7C31: __EH_prolog3.LIBCMT ref: 003A7C38
                                                                                                                                                                                                                                                      • Part of subcall function 003A7C31: std::_Lockit::_Lockit.LIBCPMT ref: 003A7C42
                                                                                                                                                                                                                                                      • Part of subcall function 003A7C31: std::_Lockit::~_Lockit.LIBCPMT ref: 003A7CB3
                                                                                                                                                                                                                                                    • codecvt.LIBCPMT ref: 003AE7B5
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE7BF
                                                                                                                                                                                                                                                      • Part of subcall function 003A86AB: __EH_prolog3.LIBCMT ref: 003A86B2
                                                                                                                                                                                                                                                      • Part of subcall function 003A86AB: std::_Lockit::_Lockit.LIBCPMT ref: 003A86BC
                                                                                                                                                                                                                                                      • Part of subcall function 003A86AB: std::_Lockit::~_Lockit.LIBCPMT ref: 003A872D
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE677
                                                                                                                                                                                                                                                      • Part of subcall function 003A5688: Concurrency::cancel_current_task.LIBCPMT ref: 003A5748
                                                                                                                                                                                                                                                      • Part of subcall function 003A5688: __EH_prolog3.LIBCMT ref: 003A5755
                                                                                                                                                                                                                                                      • Part of subcall function 003A5688: std::locale::_Locimp::_Makeloc.LIBCPMT ref: 003A5781
                                                                                                                                                                                                                                                      • Part of subcall function 003A5688: std::_Locinfo::~_Locinfo.LIBCPMT ref: 003A578C
                                                                                                                                                                                                                                                      • Part of subcall function 003A8298: __EH_prolog3.LIBCMT ref: 003A829F
                                                                                                                                                                                                                                                      • Part of subcall function 003A8298: std::_Lockit::_Lockit.LIBCPMT ref: 003A82A9
                                                                                                                                                                                                                                                      • Part of subcall function 003A8298: std::_Lockit::~_Lockit.LIBCPMT ref: 003A831A
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE658
                                                                                                                                                                                                                                                      • Part of subcall function 003A5688: __EH_prolog3.LIBCMT ref: 003A568F
                                                                                                                                                                                                                                                      • Part of subcall function 003A5688: std::_Lockit::_Lockit.LIBCPMT ref: 003A5699
                                                                                                                                                                                                                                                      • Part of subcall function 003A5688: std::_Lockit::~_Lockit.LIBCPMT ref: 003A573D
                                                                                                                                                                                                                                                      • Part of subcall function 003A80D9: __EH_prolog3.LIBCMT ref: 003A80E0
                                                                                                                                                                                                                                                      • Part of subcall function 003A80D9: std::_Lockit::_Lockit.LIBCPMT ref: 003A80EA
                                                                                                                                                                                                                                                      • Part of subcall function 003A80D9: std::_Lockit::~_Lockit.LIBCPMT ref: 003A815B
                                                                                                                                                                                                                                                    • numpunct.LIBCPMT ref: 003AE6F7
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE4A3
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 003AE7D4
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Locimp::_std::locale::_$AddfacLocimp_$std::_$Lockit$H_prolog3$Lockit::_Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypeLocinfoLocinfo::~_Makeloccodecvtcollatectypenumpunct
                                                                                                                                                                                                                                                    • String ID: @sC$DsC$DsC$HsC$HsC$LsC$PsC$TsC$XsC$XsC$\sC$\sC$`sC$`sC$dsC$hsC$hsC
                                                                                                                                                                                                                                                    • API String ID: 3784148211-542856112
                                                                                                                                                                                                                                                    • Opcode ID: 7b64bbb1f6f689749a06f6d72620c927f3175a548e3756aca68ceb9148dd03ad
                                                                                                                                                                                                                                                    • Instruction ID: 1bb8fc619d6953c5aebacc3455923e2613de9d8e9fba7588514b16ec04dbd245
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b64bbb1f6f689749a06f6d72620c927f3175a548e3756aca68ceb9148dd03ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B3E1E3B0D01215AFEB266F648C46ABF3AA8EF43354F15842DF9446F692EB354D00D7E2
                                                                                                                                                                                                                                                    Function 00390780 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 250COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Failed to extract cab (%s), xrefs: 003909D2
                                                                                                                                                                                                                                                    • Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command, xrefs: 00390A3D, 00390A42
                                                                                                                                                                                                                                                    • Source, xrefs: 003907D1
                                                                                                                                                                                                                                                    • Unable to substitute variables for the EXTRACT_CAB_LOCAL command, xrefs: 00390A31
                                                                                                                                                                                                                                                    • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute, xrefs: 003908E0, 00390A44
                                                                                                                                                                                                                                                    • Unable to substitute DeleteFile attribute, xrefs: 003908BC
                                                                                                                                                                                                                                                    • Unable to verify signature for file: %s, xrefs: 00390956
                                                                                                                                                                                                                                                    • Failed to parse DeleteFile as a boolean - default to false, xrefs: 003908D9
                                                                                                                                                                                                                                                    • DestDir, xrefs: 00390813
                                                                                                                                                                                                                                                    • NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand, xrefs: 0039095D, 003909A2, 003909D9, 00390A14
                                                                                                                                                                                                                                                    • invalid substitutor, xrefs: 003907C5
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp, xrefs: 003908E5, 00390962, 003909A7, 003909DE, 00390A19, 00390A49
                                                                                                                                                                                                                                                    • Unable to create destination directory (%d), xrefs: 0039099B
                                                                                                                                                                                                                                                    • DeleteFile, xrefs: 0039086B
                                                                                                                                                                                                                                                    • Failed to delete src cab (%d), xrefs: 00390A0D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: DeleteFile$DestDir$Failed to delete src cab (%d)$Failed to extract cab (%s)$Failed to parse DeleteFile as a boolean - default to false$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::Execute$NWebAdvisor::NXmlUpdater::CExtractCabLocalCommand::ExecuteExtractCabLocalCommand$Source$Unable to create destination directory (%d)$Unable to read Source and/or DestDir attribute of EXTRACT_CAB_LOCAL command$Unable to substitute DeleteFile attribute$Unable to substitute variables for the EXTRACT_CAB_LOCAL command$Unable to verify signature for file: %s$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\ExtractCabLocalCommand.cpp$invalid substitutor
                                                                                                                                                                                                                                                    • API String ID: 0-2605792675
                                                                                                                                                                                                                                                    • Opcode ID: b0825ec7f38692ea632bf152d00680589c6daa06c493efd8430c77db773d3131
                                                                                                                                                                                                                                                    • Instruction ID: 4a1e931aa764f527f448233f01e6bb2c6c3f134f56356880170d4e660e9c3dd9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0825ec7f38692ea632bf152d00680589c6daa06c493efd8430c77db773d3131
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB91EE71A40304AFDF16DF94D856BAEB7B5AF50700F10002AF9057B2C2EB79A948CBE5
                                                                                                                                                                                                                                                    Function 0035A118 Relevance: 28.3, APIs: 10, Strings: 6, Instructions: 273COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0035DE80: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035DF0C
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0035A143
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035A1AA
                                                                                                                                                                                                                                                      • Part of subcall function 0035E0D0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035E161
                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 0035A1C1
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0035A1DD
                                                                                                                                                                                                                                                    • CreateSemaphoreW.KERNEL32(00000000,00000000,000003E8,00000000), ref: 0035A24C
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0035A268
                                                                                                                                                                                                                                                    • ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,00000000), ref: 0035A410
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001), ref: 0035A46F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$CloseCreateHandleSemaphore$ErrorEventLastMtx_unlockRelease
                                                                                                                                                                                                                                                    • String ID: E$Failed to create event semaphore$Failed to create stop event$Failed to initialize event sender$Failed to release semaphore. Error: $V
                                                                                                                                                                                                                                                    • API String ID: 1380281556-3274429967
                                                                                                                                                                                                                                                    • Opcode ID: d4b1efa3085edb6bf6ddf4a8ddb48de50df480b883ab901b5eadf38c8019ad45
                                                                                                                                                                                                                                                    • Instruction ID: 736b57b8cd8613555a042265f2146fe3b580d00135d47f07cd2300276ff9d1df
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d4b1efa3085edb6bf6ddf4a8ddb48de50df480b883ab901b5eadf38c8019ad45
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7AB1C670A00A05DBDB16EF60CC56FEEB7B5FF44300F004269E8096F691DB756A49CB92
                                                                                                                                                                                                                                                    Function 00390FA0 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 141filelibraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,A2199216,000000FF,00000000,00000000,003EDF30,000000FF), ref: 00390FE8
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00390FF8
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(000000FF,00000001,00000001,00000000,00000003,00000080,00000000,A2199216,000000FF,00000000,00000000,003EDF30,000000FF), ref: 00391037
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00391058
                                                                                                                                                                                                                                                    • GetFileSize.KERNEL32(?,?), ref: 00391088
                                                                                                                                                                                                                                                    • CreateFileMappingW.KERNEL32(?,00000000,00000002,?,00000000,00000000), ref: 0039109C
                                                                                                                                                                                                                                                    • MapViewOfFileEx.KERNEL32(00000000,00000004,00000000,00000000,?,00000000), ref: 003910D9
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 003910F0
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • NWebAdvisor::CFileMemMap::Init, xrefs: 00391066, 00391108
                                                                                                                                                                                                                                                    • Failed to open the file: %d, xrefs: 0039105F
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h, xrefs: 0039106B, 0039110D
                                                                                                                                                                                                                                                    • CreateFileTransactedW, xrefs: 00390FF2
                                                                                                                                                                                                                                                    • kernel32.dll, xrefs: 00390FE3
                                                                                                                                                                                                                                                    • Failed to map file to memory, xrefs: 00391101
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: File$CreateHandle$AddressCloseErrorLastMappingModuleProcSizeView
                                                                                                                                                                                                                                                    • String ID: CreateFileTransactedW$Failed to map file to memory$Failed to open the file: %d$NWebAdvisor::CFileMemMap::Init$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileMemMap.h$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 2423579280-2843467768
                                                                                                                                                                                                                                                    • Opcode ID: 567dd30f0051765b9b84a0a671485517ef8346432f6526f1ce12bca574c55a1e
                                                                                                                                                                                                                                                    • Instruction ID: fa4a400f97dd4c0d6b1793f61aac7387a15b2091703502f4daede55dde6252f9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 567dd30f0051765b9b84a0a671485517ef8346432f6526f1ce12bca574c55a1e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D41C770740302BFEF229F65CC46F6AB7A8BB04B10F204625FA15BA7D1D7B5A940CB94
                                                                                                                                                                                                                                                    Function 0035E843 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 319COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035E8A8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitialize
                                                                                                                                                                                                                                                    • String ID: Authorization: $Failed to create access token$HTTP receive response failed for Azure: $HTTP send request failed for Azure: $HTTP status error for Azure: $`ato$`A
                                                                                                                                                                                                                                                    • API String ID: 539357862-421582073
                                                                                                                                                                                                                                                    • Opcode ID: bdf31c4dcdcd773adb6d5c8494efa86bf99ad09b499381681c1fd2bed737ba53
                                                                                                                                                                                                                                                    • Instruction ID: 209a684b2b7c07794353948a521f9a8ca12bd2728d2f296f536ba948fd712d2e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bdf31c4dcdcd773adb6d5c8494efa86bf99ad09b499381681c1fd2bed737ba53
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99D19070900219DBDB2ADB60CD45BEEB3B8EF45305F5044E9E909AB691DB70AB88CF51
                                                                                                                                                                                                                                                    Function 00392FD0 Relevance: 22.9, APIs: 3, Strings: 10, Instructions: 177registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(80000002,00000000,00000000,?,00000000,00000028,00000028,00000000,00000000,Name,00000004,00000000,00000000,Key,00000003,A2199216), ref: 003930F1
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000008), ref: 0039317C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Invalid substitutor, xrefs: 00393005
                                                                                                                                                                                                                                                    • Key, xrefs: 00393013
                                                                                                                                                                                                                                                    • Cannnot delete registry value. Key or value not found. Key: %s Value: %s, xrefs: 00393157
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp, xrefs: 00393108, 00393163, 003931A9, 003931D1
                                                                                                                                                                                                                                                    • Unable to read Key or Name for DEL_REG_VALUE command, xrefs: 003931C5
                                                                                                                                                                                                                                                    • Name, xrefs: 00393055
                                                                                                                                                                                                                                                    • NWebAdvisor::NXmlUpdater::parse_and_execute, xrefs: 00393103, 0039315E, 003931A4, 003931CC
                                                                                                                                                                                                                                                    • Unable to substitute variables for the DEL_REG_VALUE command, xrefs: 003931BC
                                                                                                                                                                                                                                                    • Error (%d) deleting registry value (%s) in key: %s, xrefs: 0039319D
                                                                                                                                                                                                                                                    • Error opening HKLM registry key: %d, xrefs: 003930FC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseOpen
                                                                                                                                                                                                                                                    • String ID: Cannnot delete registry value. Key or value not found. Key: %s Value: %s$Error (%d) deleting registry value (%s) in key: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Name$Unable to read Key or Name for DEL_REG_VALUE command$Unable to substitute variables for the DEL_REG_VALUE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_value_command.cpp
                                                                                                                                                                                                                                                    • API String ID: 47109696-1081640057
                                                                                                                                                                                                                                                    • Opcode ID: 463b57aa8e80c5f612a1cb9f98b19df3fbcc63680c80f649289c950316c61333
                                                                                                                                                                                                                                                    • Instruction ID: 793af06e6dd242fe7a2bd624d56951050970a12f20425ce19485b8e117e56ff6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 463b57aa8e80c5f612a1cb9f98b19df3fbcc63680c80f649289c950316c61333
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9751B7B0641208BBDF15EF50DC4AFAEB7B9EB04704F200529F5057B2D1DB78AA04CBA9
                                                                                                                                                                                                                                                    Function 00378400 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 152COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,0042F278,00000023,00000001,00000004,00000000,00000000), ref: 00378462
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(0042F278,00000000,0042F278,00000104,\McAfee\), ref: 00378491
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0037849D
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(0042F278,00000000,0042F278,00000104,0042F070), ref: 003784C5
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 003784CB
                                                                                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(?,00000104), ref: 003784FC
                                                                                                                                                                                                                                                    • StrRChrW.SHLWAPI(?,00000000,0000005C), ref: 00378511
                                                                                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(0042F278,00000000,0042F278,00000104,00000000), ref: 0037852E
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00378534
                                                                                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 003785B9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateDirectoryErrorLast$CountFileFolderModuleNamePathSpecialTick
                                                                                                                                                                                                                                                    • String ID: %uFile:%sFunction:%sLine:%d$\McAfee\$\log.txt
                                                                                                                                                                                                                                                    • API String ID: 922589859-3713371193
                                                                                                                                                                                                                                                    • Opcode ID: 2e42ad3bd8c0d6f2cca65450494699344301ab25a1b8d952afb5cb11b4daeaf9
                                                                                                                                                                                                                                                    • Instruction ID: 191a412aed79fa659ac9f21dc8960eeaa95d7852a72c2064d3cc15341c58972f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e42ad3bd8c0d6f2cca65450494699344301ab25a1b8d952afb5cb11b4daeaf9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48514B74BC0318BBDB319F64DC4AFE973B8AB15704FA001F1F908B61D1CAB499848B65
                                                                                                                                                                                                                                                    Function 003CCE60 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$Info
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2509303402-0
                                                                                                                                                                                                                                                    • Opcode ID: 56394654d7d241b74c1f3e1a9846538ef559b3de8b8d7c087b86e78727f1f6fc
                                                                                                                                                                                                                                                    • Instruction ID: 5fa0871cefe424c96822b1be2f8e2e073cd4c682d5815e7d366adacbb0966b70
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56394654d7d241b74c1f3e1a9846538ef559b3de8b8d7c087b86e78727f1f6fc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94D18B719002059FDB229FB9C881BAEBBB5BF18300F15446EF899EB352D771AD45CB50
                                                                                                                                                                                                                                                    Function 00380950 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 244fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00380490: CreateDirectoryW.KERNEL32(?,00000000,?), ref: 003804AA
                                                                                                                                                                                                                                                      • Part of subcall function 00380490: GetLastError.KERNEL32 ref: 003804B8
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,?,00000000,00000000,00000000,0000005C,00000001,00000000), ref: 00380BB5
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00380BC2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CreateErrorLast$DirectoryFile
                                                                                                                                                                                                                                                    • String ID: _7$CreateDir failed for %s$CreateFile failed for %s: %d$NWebAdvisor::NUtils::StoreBufferInFile$WriteFile failed: %d$\$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\FileUtils.cpp
                                                                                                                                                                                                                                                    • API String ID: 1552088572-2976085375
                                                                                                                                                                                                                                                    • Opcode ID: fbedbef60bec6768632854e93ba148935c765d2bba401fb8454a4be3977bc9d1
                                                                                                                                                                                                                                                    • Instruction ID: f4ca8ec9d027f094c5f1210122c03f9069367ae4c7151d5467ce92a0b30d49d9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fbedbef60bec6768632854e93ba148935c765d2bba401fb8454a4be3977bc9d1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04A1AD71D00308DEDF06DFA4C845BEEBBB4AF58314F154219E505BB291E7B46A89CBA1
                                                                                                                                                                                                                                                    Function 00393300 Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 217registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00393545
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Close
                                                                                                                                                                                                                                                    • String ID: Cannnot delete registry key. Not found: %s$Error (%d) deleting registry key tree: %s$Error opening HKLM registry key: %d$Invalid substitutor$Key$NWebAdvisor::NXmlUpdater::parse_and_execute$Unable to read Key for DEL_REG_TREE command$Unable to substitute variables for the DEL_REG_TREE command$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\delete_registry_tree_command.cpp
                                                                                                                                                                                                                                                    • API String ID: 3535843008-3762851336
                                                                                                                                                                                                                                                    • Opcode ID: 6bb87555e64cd4d02a20d3640e16a6fba2da6c389d8ad3b4034c43e0ea710ffe
                                                                                                                                                                                                                                                    • Instruction ID: 61c53c4546a970a122a17e24b8cbd7f2ede1e60f447f873f99dbe0958187e19e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bb87555e64cd4d02a20d3640e16a6fba2da6c389d8ad3b4034c43e0ea710ffe
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E77127B1A80204ABDF22DF55C846BAEB7B4FF05700F564529F9057B2C1DB75AA00CBE9
                                                                                                                                                                                                                                                    Function 003DB4F0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 200COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: xxC$xxC$|xC
                                                                                                                                                                                                                                                    • API String ID: 269201875-234286504
                                                                                                                                                                                                                                                    • Opcode ID: 781fc958f6e0b5caeddcac19aaf58ba67875317c9efc9db827a42591fd722993
                                                                                                                                                                                                                                                    • Instruction ID: 2988d610213566f506c45ff014f794bc0557179e7d601b412cba25b7ab5eac0e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 781fc958f6e0b5caeddcac19aaf58ba67875317c9efc9db827a42591fd722993
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5061B073900704DFDB22DF74E841BAAB7F8AB54710F66456BE956AB381EB70ED008B50
                                                                                                                                                                                                                                                    Function 003B87E7 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 58libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InitializeCriticalSectionAndSpinCount.KERNEL32(0043742C,00000FA0,?,?,003B87C5), ref: 003B87F3
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,003B87C5), ref: 003B87FE
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,003B87C5), ref: 003B880F
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 003B8821
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 003B882F
                                                                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,003B87C5), ref: 003B8852
                                                                                                                                                                                                                                                    • DeleteCriticalSection.KERNEL32(0043742C,00000007,?,?,003B87C5), ref: 003B8875
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,003B87C5), ref: 003B8885
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • SleepConditionVariableCS, xrefs: 003B881B
                                                                                                                                                                                                                                                    • WakeAllConditionVariable, xrefs: 003B8827
                                                                                                                                                                                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 003B87F9
                                                                                                                                                                                                                                                    • kernel32.dll, xrefs: 003B880A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                                                    • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                                                    • Opcode ID: ba42d33a820f9027af4654c68ac24fb1152e5f5105d9c67cf77f3cab2725fed5
                                                                                                                                                                                                                                                    • Instruction ID: daa9e5e5243bc077db043d439a2c0dd56a00543c27e90aa872b3b3834d124faf
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba42d33a820f9027af4654c68ac24fb1152e5f5105d9c67cf77f3cab2725fed5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D201D871A443125BD7331B76BC08B7A3E9DAB94B04F150831FB05E35B0DEB4D800C669
                                                                                                                                                                                                                                                    Function 003DB0D0 Relevance: 18.4, APIs: 12, Instructions: 374COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 269201875-0
                                                                                                                                                                                                                                                    • Opcode ID: 3311bcc4ef06d61156dd240d5f84758bdfd64b7315c3dddea3f5670714c3323b
                                                                                                                                                                                                                                                    • Instruction ID: 663731aafc35c96c35b3efc56472eecd1d426144f532df3ed57643ddf2af6e45
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3311bcc4ef06d61156dd240d5f84758bdfd64b7315c3dddea3f5670714c3323b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14C11377E40604AFDB21DBA8DC83FEEB7F8AB18710F154566FA05EB382D670A9409750
                                                                                                                                                                                                                                                    Function 003791A0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 150COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,0041A536,00000003), ref: 003791C9
                                                                                                                                                                                                                                                    • FindResourceW.KERNEL32(00000000,00000001,00000010), ref: 003791DE
                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 003791EE
                                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 003791FD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Failed to format version, xrefs: 00379275
                                                                                                                                                                                                                                                    • %d.%d.%d.%d, xrefs: 0037925E
                                                                                                                                                                                                                                                    • Failed to retrieve kernel verison, xrefs: 0037932C
                                                                                                                                                                                                                                                    • NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion, xrefs: 0037927F, 00379336
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp, xrefs: 00379284, 0037933B
                                                                                                                                                                                                                                                    • kernel32.dll, xrefs: 003791B8
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$FindHandleLoadLockModule
                                                                                                                                                                                                                                                    • String ID: %d.%d.%d.%d$Failed to format version$Failed to retrieve kernel verison$NWebAdvisor::NXmlUpdater::CSubstitutionManager::GetOsVersion$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\SubstitutionManager.cpp$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 3968257194-3470154288
                                                                                                                                                                                                                                                    • Opcode ID: c772ce35ddfa7197664415a75e7afce3243e0e855b66225563fbd46f980b6a81
                                                                                                                                                                                                                                                    • Instruction ID: 0e192e5fff9de8a4f2074721871698f82cf684949e3ae4c009be5991bf868d1a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c772ce35ddfa7197664415a75e7afce3243e0e855b66225563fbd46f980b6a81
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A512974600314ABDB35AF25CC45BABB7B8EF04704F50469DE90DAF2C2D779AA41CB94
                                                                                                                                                                                                                                                    Function 003BC338 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 003BC435
                                                                                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 003BC457
                                                                                                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 003BC566
                                                                                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 003BC638
                                                                                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 003BC6BC
                                                                                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 003BC6D7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                                                    • String ID: csm$csm$csm
                                                                                                                                                                                                                                                    • API String ID: 2123188842-393685449
                                                                                                                                                                                                                                                    • Opcode ID: 7a2b9a508ef1b498e224b4e9141a48bfba007a0947f7ceee006890354db5080a
                                                                                                                                                                                                                                                    • Instruction ID: 365acda21f84f4deeb8aece2d8c5b3485e4ece42ce5d4534dc7cb6d9ccabe48e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a2b9a508ef1b498e224b4e9141a48bfba007a0947f7ceee006890354db5080a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AB19A71810209EFCF36DFA5C881AEEBBB5BF04308B15615AEA156BA12D770DE11CF91
                                                                                                                                                                                                                                                    Function 003569A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 114libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(A2199216,9EDBA51C,00000000,00000000,00000000,00000000,?,00000000), ref: 003569E9
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(A2199216,?,?,00000000), ref: 003569FB
                                                                                                                                                                                                                                                    • DeviceIoControl.KERNEL32(00000000,9EDB651C,00000000,00000000,00000000,00000000,?,00000000), ref: 00356A2A
                                                                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 00356A3D
                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mfeaaca.dll,?), ref: 00356A8B
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,NotComDllUnload), ref: 00356A9E
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00356AB8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Handle$CloseControlDevice$AddressFreeLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: NotComDllUnload$mfeaaca.dll
                                                                                                                                                                                                                                                    • API String ID: 2321898493-1077453148
                                                                                                                                                                                                                                                    • Opcode ID: 32966d12a84080fd0257b1271b916bcde0e1e506e346813470164b242fee2884
                                                                                                                                                                                                                                                    • Instruction ID: f5b12028559ca214404d2228761fa48039cd725490b47a6459bd6c5eccc82cc1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 32966d12a84080fd0257b1271b916bcde0e1e506e346813470164b242fee2884
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E931B5753003019BDB229F25DC8AF2A77A9AF44B11F594629FD15EB2F0DB70EC08CA55
                                                                                                                                                                                                                                                    Function 00394280 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 133COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • NWebAdvisor::CHttpTransaction::Connect, xrefs: 003943D8
                                                                                                                                                                                                                                                    • NWebAdvisor::CHttpTransaction::SetAutoProxyUrl, xrefs: 00394388
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp, xrefs: 0039432A, 0039438D, 003943DD
                                                                                                                                                                                                                                                    • # SetAutoProxyUrl: Can't get proxy. Err: %d, xrefs: 00394381
                                                                                                                                                                                                                                                    • Unable to set proxy option, error: %d, xrefs: 003943CE
                                                                                                                                                                                                                                                    • # SetAutoProxy: Can't get proxy. Err: %d, xrefs: 0039431E
                                                                                                                                                                                                                                                    • NWebAdvisor::CHttpTransaction::SetAutoProxy, xrefs: 00394325
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                                                                                    • String ID: # SetAutoProxy: Can't get proxy. Err: %d$# SetAutoProxyUrl: Can't get proxy. Err: %d$NWebAdvisor::CHttpTransaction::Connect$NWebAdvisor::CHttpTransaction::SetAutoProxy$NWebAdvisor::CHttpTransaction::SetAutoProxyUrl$Unable to set proxy option, error: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\HttpTransaction_sacore.cpp
                                                                                                                                                                                                                                                    • API String ID: 1452528299-2881327693
                                                                                                                                                                                                                                                    • Opcode ID: 23d34b67d1d3e700f2778f7055582af906d3e42bdc74705ce254f0241c34942f
                                                                                                                                                                                                                                                    • Instruction ID: 9c3c6f179ac7188e59206b64eb0f799172a3454ab88ea95b18d398d523530d04
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23d34b67d1d3e700f2778f7055582af906d3e42bdc74705ce254f0241c34942f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79416075A40209EFEF11DFA4CC85FAEB7F8EF08704F10802AE914B6280D7B59954CB98
                                                                                                                                                                                                                                                    Function 003BE00A Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 496COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __aulldvrm
                                                                                                                                                                                                                                                    • String ID: :$f$f$f$p$p$p
                                                                                                                                                                                                                                                    • API String ID: 1302938615-1434680307
                                                                                                                                                                                                                                                    • Opcode ID: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
                                                                                                                                                                                                                                                    • Instruction ID: bb3e0d66ee850724d5de32fad8b3966d35f9b3263cb2940d419edd65add7ab55
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cea7733dabf86bc5c6ea0c60d40b02c71f29b3b5f468f1def6264aa648266a2d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AF02E479E00218DADF328FADD4846EDB7B6FB4171CFA44116D618BBA80D7748E88CB15
                                                                                                                                                                                                                                                    Function 003B6940 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003B6947
                                                                                                                                                                                                                                                      • Part of subcall function 0036C960: std::_Lockit::_Lockit.LIBCPMT ref: 0036C995
                                                                                                                                                                                                                                                      • Part of subcall function 0036C960: std::_Lockit::_Lockit.LIBCPMT ref: 0036C9B7
                                                                                                                                                                                                                                                      • Part of subcall function 0036C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0036C9D7
                                                                                                                                                                                                                                                      • Part of subcall function 0036C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0036CAB1
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                                    • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                    • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                                                    • Opcode ID: 383fc17299484192529987cb92a492e9bbe853485f6e30f4689736d836db8d39
                                                                                                                                                                                                                                                    • Instruction ID: f6d5914c42f842707d62c47cdd3d36f4b3a8bcb60f68649f7081891fa2bb340c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 383fc17299484192529987cb92a492e9bbe853485f6e30f4689736d836db8d39
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2B1B0B150010AABCF1ADF68C956DFE7BB9EF14308F154119FB42A6A93D639DA10DB10
                                                                                                                                                                                                                                                    Function 003B1610 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003B1617
                                                                                                                                                                                                                                                      • Part of subcall function 003A7DF0: __EH_prolog3.LIBCMT ref: 003A7DF7
                                                                                                                                                                                                                                                      • Part of subcall function 003A7DF0: std::_Lockit::_Lockit.LIBCPMT ref: 003A7E01
                                                                                                                                                                                                                                                      • Part of subcall function 003A7DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 003A7E72
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                                                    • API String ID: 1538362411-2891247106
                                                                                                                                                                                                                                                    • Opcode ID: 88e940a8ca843bd9a049138da72814790f61a2c0ff10e06479cba025084bd643
                                                                                                                                                                                                                                                    • Instruction ID: 39af1bfebaa7522b3ab3dedb502acacdce495e0e92522dfe937d82ec1e83601c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88e940a8ca843bd9a049138da72814790f61a2c0ff10e06479cba025084bd643
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DB1AE7690010AABCF1ADF68C976DFE3BB9FB05308F554119FB02A6A91D731CA10DB60
                                                                                                                                                                                                                                                    Function 00390C80 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 244fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00000000,?,?,A2199216,00000000), ref: 00390E20
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00390E2E
                                                                                                                                                                                                                                                      • Part of subcall function 00390FA0: GetModuleHandleW.KERNEL32(kernel32.dll,A2199216,000000FF,00000000,00000000,003EDF30,000000FF), ref: 00390FE8
                                                                                                                                                                                                                                                      • Part of subcall function 00390FA0: GetProcAddress.KERNEL32(00000000,CreateFileTransactedW), ref: 00390FF8
                                                                                                                                                                                                                                                      • Part of subcall function 00390FA0: GetLastError.KERNEL32 ref: 00391058
                                                                                                                                                                                                                                                      • Part of subcall function 00378650: std::locale::_Init.LIBCPMT ref: 0037882F
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • NWebAdvisor::CCabParser::GetContentFile, xrefs: 00390D9B, 00390E3C
                                                                                                                                                                                                                                                    • Failed to load cab %s, xrefs: 00390F05
                                                                                                                                                                                                                                                    • CreateFile failed: %d, xrefs: 00390E35
                                                                                                                                                                                                                                                    • Unable to create destination directory (%d), xrefs: 00390D94
                                                                                                                                                                                                                                                    • NWebAdvisor::CCabParser::LoadCabFile, xrefs: 00390F0C
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00390DA0, 00390E41, 00390F11
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorLast$AddressCreateFileHandleInitModuleProcstd::locale::_
                                                                                                                                                                                                                                                    • String ID: CreateFile failed: %d$Failed to load cab %s$NWebAdvisor::CCabParser::GetContentFile$NWebAdvisor::CCabParser::LoadCabFile$Unable to create destination directory (%d)$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                                                    • API String ID: 1808632809-3418505487
                                                                                                                                                                                                                                                    • Opcode ID: 847fe2f512407363b26a739782fb6e3bf2d3bf2b9d7a22ca90fb2e3015e021b4
                                                                                                                                                                                                                                                    • Instruction ID: fce296a9205181b9dc300bac81f975a29de987f5800e78b965adf7748de06b26
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 847fe2f512407363b26a739782fb6e3bf2d3bf2b9d7a22ca90fb2e3015e021b4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE91B171A00208EFDF15DFA4D896FEEB7B8EF04704F608529F515AB282D775AA09CB50
                                                                                                                                                                                                                                                    Function 003DF5F9 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: 51a3587b66365fdfa21455b45588d5b39f8685328d4541df6a3d837af35ea32b
                                                                                                                                                                                                                                                    • Instruction ID: 757862fbec34e3f4e367171957f563e817dcd344326e740c7b12ae6db027ecc6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51a3587b66365fdfa21455b45588d5b39f8685328d4541df6a3d837af35ea32b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E3C114B2D04249AFDB17CFA9E8C1BADBBB4BF09310F04406AE5569B392D7319D01CB61
                                                                                                                                                                                                                                                    Function 0038C600 Relevance: 13.7, APIs: 9, Instructions: 240COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::locale::_Init.LIBCPMT ref: 0038C641
                                                                                                                                                                                                                                                      • Part of subcall function 003A3084: __EH_prolog3.LIBCMT ref: 003A308B
                                                                                                                                                                                                                                                      • Part of subcall function 003A3084: std::_Lockit::_Lockit.LIBCPMT ref: 003A3096
                                                                                                                                                                                                                                                      • Part of subcall function 003A3084: std::locale::_Setgloballocale.LIBCPMT ref: 003A30B1
                                                                                                                                                                                                                                                      • Part of subcall function 003A3084: std::_Lockit::~_Lockit.LIBCPMT ref: 003A3107
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0038C6CB
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0038C713
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 0038C748
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0038C7DD
                                                                                                                                                                                                                                                      • Part of subcall function 003BE960: _free.LIBCMT ref: 003BE973
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_New_Locimp.LIBCPMT ref: 0038C807
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0038C82B
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0038C84C
                                                                                                                                                                                                                                                    • std::locale::_Locimp::_Locimp_Addfac.LIBCPMT ref: 0038C85B
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$std::locale::_$Lockit::_Lockit::~_$Locimp::_Locinfo::_$AddfacH_prolog3InitLocimpLocimp_Locinfo_ctorLocinfo_dtorNew_Setgloballocale_free
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3142054045-0
                                                                                                                                                                                                                                                    • Opcode ID: 82493026d319c72d30100bf1b0e015e1a09f93aad5137ae2e30ebf9ce9cb8bc0
                                                                                                                                                                                                                                                    • Instruction ID: eec00ba0a95b8ae42ae9420911af3d477c6a3720c5e36c7e7369096439b8d47e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82493026d319c72d30100bf1b0e015e1a09f93aad5137ae2e30ebf9ce9cb8bc0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3A1ADB0D007449FEB11EFA8C845B9EBBF4FF04304F144569E805AB781EB79AA48CB91
                                                                                                                                                                                                                                                    Function 0038E760 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 191encryptionCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000000), ref: 0038E877
                                                                                                                                                                                                                                                    • CertGetCertificateContextProperty.CRYPT32(?,00000003,00000000,00000014), ref: 0038E8A9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CertCertificateContextProperty
                                                                                                                                                                                                                                                    • String ID: 1.2.840.10045.4.1$1.2.840.10045.4.3$1.2.840.10045.4.3.2$1.2.840.10045.4.3.3$1.2.840.10045.4.3.4
                                                                                                                                                                                                                                                    • API String ID: 665277682-3196566809
                                                                                                                                                                                                                                                    • Opcode ID: 7d3f35f976c596fdc7556efda96d9c46c1432b41df0384933c409c00cdfe66eb
                                                                                                                                                                                                                                                    • Instruction ID: 5b1899431ef59bb0fb0a09343a292f8fc3aff5e5c4daae4e9f16c11209258227
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d3f35f976c596fdc7556efda96d9c46c1432b41df0384933c409c00cdfe66eb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3513A35A003059FDF22AF28D881BAEB7A5AF11724F1542F9DC5AAB292D775ED00C750
                                                                                                                                                                                                                                                    Function 0036E2C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: z
                                                                                                                                                                                                                                                    • API String ID: 0-1657960367
                                                                                                                                                                                                                                                    • Opcode ID: 4743fd192661322251e3c15d204c01b1d287242282537ca16ae11c7a53a32140
                                                                                                                                                                                                                                                    • Instruction ID: 0e0c5e37c92408c99a3b567093b6e797650d7695d7635657c266d2f48777ee0d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4743fd192661322251e3c15d204c01b1d287242282537ca16ae11c7a53a32140
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F519675A04209DBDB22DBA5CC45FEEB7BCFB44324F108165E905E7294EB749908CBA0
                                                                                                                                                                                                                                                    Function 00357107 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 163COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00357D3D
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00357DC8
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00357DFC
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00357EBB
                                                                                                                                                                                                                                                      • Part of subcall function 00364B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0036521E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteConcurrency::cancel_current_taskInitializeMtx_unlock
                                                                                                                                                                                                                                                    • String ID: Failed to add event category ($Service has not been initialized$V
                                                                                                                                                                                                                                                    • API String ID: 342047005-375236208
                                                                                                                                                                                                                                                    • Opcode ID: 53b3f3faa43bb1aa26f69751775d94965a676e6c57a18c38de90deec2b0f1633
                                                                                                                                                                                                                                                    • Instruction ID: 9cf098f41754fa47189cb145d813e4d703416726990cc46ae7155bc2872f377a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53b3f3faa43bb1aa26f69751775d94965a676e6c57a18c38de90deec2b0f1633
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FD51CF71904248DFDB16EF60DC56BEE77B8FF09304F5041A9E8069F281EB75AA48CB61
                                                                                                                                                                                                                                                    Function 0035A6B6 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,A2199216,?,?), ref: 0035A531
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0035A73D
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035A7AC
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035A989
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                                                                                    • String ID: Event string is empty$Unexpected return value: $`A
                                                                                                                                                                                                                                                    • API String ID: 1703231451-3158786941
                                                                                                                                                                                                                                                    • Opcode ID: 5b5687c88b5d9d590f1573e3fa7831fba41ec42be5349a958e93a53172d59a5a
                                                                                                                                                                                                                                                    • Instruction ID: 640459e0030dafccd8266524143d09fb7a55454874a4cb2bd059313f5ca1ca1c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b5687c88b5d9d590f1573e3fa7831fba41ec42be5349a958e93a53172d59a5a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB5103709006089BDB1ADFA4CC89FDDB7B9EF05311F104298E8155F2E2DB74AA88DB12
                                                                                                                                                                                                                                                    Function 003A8203 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A820A
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A8214
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • moneypunct.LIBCPMT ref: 003A824E
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A8265
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A8285
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A8292
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                    • String ID: `sC
                                                                                                                                                                                                                                                    • API String ID: 3376033448-1548822573
                                                                                                                                                                                                                                                    • Opcode ID: e43310248ece8e1b2642024941d57699afe29d83aee8d45cd501c96ebd5263f6
                                                                                                                                                                                                                                                    • Instruction ID: 0b73812ccd2c399e51137e2faaf031002b352c42fd0349780aededae76c76f2c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e43310248ece8e1b2642024941d57699afe29d83aee8d45cd501c96ebd5263f6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8501CC759041199FCB07EBA4C841ABE77A5FF81324F28091AF821AF2D1CF74AE00CB90
                                                                                                                                                                                                                                                    Function 003A8298 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A829F
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A82A9
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • moneypunct.LIBCPMT ref: 003A82E3
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A82FA
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A831A
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A8327
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                    • String ID: \sC
                                                                                                                                                                                                                                                    • API String ID: 3376033448-1897936089
                                                                                                                                                                                                                                                    • Opcode ID: bb236a0298da2884e5be372f5b9d0c93b6e48fa71d2722d87e64a2f78e7f79a4
                                                                                                                                                                                                                                                    • Instruction ID: 805372db69d7503121583f44a9a0fd49b66946dfd94eddc3af4a672d47bae64c
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb236a0298da2884e5be372f5b9d0c93b6e48fa71d2722d87e64a2f78e7f79a4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3701AD799001199FCF06EB64C801ABEB7A5EF85724F24051AF810AF2D1CF749E04CB90
                                                                                                                                                                                                                                                    Function 003A832D Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A8334
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A833E
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • moneypunct.LIBCPMT ref: 003A8378
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A838F
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A83AF
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A83BC
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                    • String ID: 8sC
                                                                                                                                                                                                                                                    • API String ID: 3376033448-1056855845
                                                                                                                                                                                                                                                    • Opcode ID: a8011ddd54181208bc7bddd09ea8e6771c8fe5edad9920d59a84de26c6d3d5a3
                                                                                                                                                                                                                                                    • Instruction ID: eeecf565d9d0c58dcdcf685d40c71f71ccc39df9f6197859cf0409a8297e8b2a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8011ddd54181208bc7bddd09ea8e6771c8fe5edad9920d59a84de26c6d3d5a3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC01CC799002199BCF17EB64C805ABEB7A9EF82710F25011AF810AF2D1DF74AE05DB90
                                                                                                                                                                                                                                                    Function 003A83C2 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A83C9
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A83D3
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • moneypunct.LIBCPMT ref: 003A840D
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A8424
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A8444
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A8451
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                    • String ID: 4sC
                                                                                                                                                                                                                                                    • API String ID: 3376033448-937733697
                                                                                                                                                                                                                                                    • Opcode ID: 216c3d0ec9a9acac216fc7ff04d5f5b0b47c6430ce2cf4f0d6aab4092886fc52
                                                                                                                                                                                                                                                    • Instruction ID: 0ae2afddd9beec823d2c680df757acd2c9c19da05555993f97213e3872e738a0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 216c3d0ec9a9acac216fc7ff04d5f5b0b47c6430ce2cf4f0d6aab4092886fc52
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6601AD7590022A9BCB16EB64C8056BE77A9FF85314F24051AF811AF2D1DF749E05C791
                                                                                                                                                                                                                                                    Function 003A8616 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A861D
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A8627
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • numpunct.LIBCPMT ref: 003A8661
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A8678
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A8698
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A86A5
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                                                                                    • String ID: HsC
                                                                                                                                                                                                                                                    • API String ID: 3064348918-1779384181
                                                                                                                                                                                                                                                    • Opcode ID: 71a09ae69d47c33415c432228dd8897285afbcd4aa4caf4999ebb1853268afbf
                                                                                                                                                                                                                                                    • Instruction ID: 164e8ab58ccba741b0b1eccd6bc0dd8cd5a0659aacec40c13ba61e2115b39f2d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71a09ae69d47c33415c432228dd8897285afbcd4aa4caf4999ebb1853268afbf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F001C0759002199BCB07EBA4C8056BEB7B5EF82714F24051AF914AF2E1DF749A01DB80
                                                                                                                                                                                                                                                    Function 003DA764 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$___from_strstr_to_strchr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3409252457-0
                                                                                                                                                                                                                                                    • Opcode ID: 87dee8c7bb27bfe2727969014c76448d3a0a40659178b64c4a1833337058efe4
                                                                                                                                                                                                                                                    • Instruction ID: b011ecfc3fd7d31108564c5f85ec08a0090949b005d5f5b5e6963419c1a21cc1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87dee8c7bb27bfe2727969014c76448d3a0a40659178b64c4a1833337058efe4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 905138B3904709AFDB23AFB5AD51A6DBBB4AF01310F06416FE5519B381EB31C901CB52
                                                                                                                                                                                                                                                    Function 00368690 Relevance: 12.2, APIs: 8, Instructions: 172COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003B987E: EnterCriticalSection.KERNEL32(004377A0,?,00000101,?,003686A7,00000000,?,00000101,?,00000000,?,?,0036C338,-00000010), ref: 003B9889
                                                                                                                                                                                                                                                      • Part of subcall function 003B987E: LeaveCriticalSection.KERNEL32(004377A0,?,003686A7,00000000,?,00000101,?,00000000,?,?,0036C338,-00000010,?,?,?,A2199216), ref: 003B98B5
                                                                                                                                                                                                                                                    • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000), ref: 003686D6
                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 003686E4
                                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 003686EF
                                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 003686FD
                                                                                                                                                                                                                                                    • FindResourceW.KERNEL32(00000000,?,00000006), ref: 00368764
                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00368776
                                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 00368785
                                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 00368797
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$CriticalFindLoadLockSectionSizeof$EnterLeave
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 506522749-0
                                                                                                                                                                                                                                                    • Opcode ID: 2b116b95420ea1c91602ead4726b7b29c206e93fee874c8eb05ac2cad9707107
                                                                                                                                                                                                                                                    • Instruction ID: 2600fb08f97cc736141d10d7342ad5fe492724d29d9328a279b0747158d102f1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b116b95420ea1c91602ead4726b7b29c206e93fee874c8eb05ac2cad9707107
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 734117716002129BC7229F18D894A3BB7E8EF98301F118A2EFD55D7255EF35DC05C6A5
                                                                                                                                                                                                                                                    Function 003D087D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: GetLastError.KERNEL32(00000008,00000016,00000000,003D4E01), ref: 003D1CAE
                                                                                                                                                                                                                                                      • Part of subcall function 003D1CA9: SetLastError.KERNEL32(00000000,00000006,000000FF), ref: 003D1D4C
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D0B8A
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D0BA3
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D0BE1
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D0BEA
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D0BF6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorLast
                                                                                                                                                                                                                                                    • String ID: C
                                                                                                                                                                                                                                                    • API String ID: 3291180501-1037565863
                                                                                                                                                                                                                                                    • Opcode ID: 53fe10b793932ab03697a5e016ac4c4c5221a4c301049cd59fff6911eb797140
                                                                                                                                                                                                                                                    • Instruction ID: d1dde7cf479ca0fffe30c976f3ecc01632bd265f8475aee23b2452b278f7735b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53fe10b793932ab03697a5e016ac4c4c5221a4c301049cd59fff6911eb797140
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBB13B76A012199FDB2ADF28D884BADB7B4FF18704F5545EAE909A7350D730AE90CF40
                                                                                                                                                                                                                                                    Function 00361230 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • InitOnceBeginInitialize.KERNEL32(0043823C,00000000,?,00000000,?,?,?,?,00000000,00000000,?,A2199216,?,?), ref: 0036125A
                                                                                                                                                                                                                                                    • InitOnceComplete.KERNEL32(0043823C,00000000,00000000), ref: 00361278
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • [%S:(%d)][%S] Failed to create HMAC traits., xrefs: 003612F8
                                                                                                                                                                                                                                                    • C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp, xrefs: 003612F3, 003613DE
                                                                                                                                                                                                                                                    • McCryptoLib::CMcCryptoHMACWin::Initialize, xrefs: 003612EC, 003613D7
                                                                                                                                                                                                                                                    • [%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls, xrefs: 003613E3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitOnce$BeginCompleteInitialize
                                                                                                                                                                                                                                                    • String ID: C:\non_system\Code\McCryptoLib\src\windows\win_hmac.cpp$McCryptoLib::CMcCryptoHMACWin::Initialize$[%S:(%d)][%S] Error trying to BCryptOpenAlgorithmProvider: %ls$[%S:(%d)][%S] Failed to create HMAC traits.
                                                                                                                                                                                                                                                    • API String ID: 51270584-3897904871
                                                                                                                                                                                                                                                    • Opcode ID: 9fe3022c3a00a825e1fb7e96a106bc2b3a46e20621ecf4ff76f9a1cf9675e4e7
                                                                                                                                                                                                                                                    • Instruction ID: f32e9dec74c4b56ed95abb6cf13ae70a7c45441417c44dbd2e3c8b6628d38390
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fe3022c3a00a825e1fb7e96a106bc2b3a46e20621ecf4ff76f9a1cf9675e4e7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1251DF757043019BDB01EF29CC42FAFB7A4BF98700F58852EF9099B285DA71D804CB96
                                                                                                                                                                                                                                                    Function 003652D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 173COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: 0.0.0.0$UUID$UUID$Version$kernel32.dll
                                                                                                                                                                                                                                                    • API String ID: 0-1483847951
                                                                                                                                                                                                                                                    • Opcode ID: 81595fecd81733e45f47ec70d176c9217f68737eb54c9d49086a3a81c4d9afd6
                                                                                                                                                                                                                                                    • Instruction ID: 4b8acd3ccd035d2df19e16ca87162993849d9ca2c2f70f189a686dcfab3f9a6e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81595fecd81733e45f47ec70d176c9217f68737eb54c9d49086a3a81c4d9afd6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48819974A04389CFEB25CFA8C9487DEBBF2AF45304F20826DD414AB396D7784944CB54
                                                                                                                                                                                                                                                    Function 0036C960 Relevance: 10.6, APIs: 7, Instructions: 116COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0036C995
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 0036C9B7
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0036C9D7
                                                                                                                                                                                                                                                    • __Getctype.LIBCPMT ref: 0036CA70
                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0036CA82
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 0036CA8F
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 0036CAB1
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfoLocinfo::~_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3947131827-0
                                                                                                                                                                                                                                                    • Opcode ID: c38f9222e50d847cf308b0052f9b6626d34f2a94fca0cb6b828c61fffc4f7cde
                                                                                                                                                                                                                                                    • Instruction ID: 5f6180070b9ed450ea33c329f85dcee78817a39b3c50e848d2615df0aa82f9d7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c38f9222e50d847cf308b0052f9b6626d34f2a94fca0cb6b828c61fffc4f7cde
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1741CD71A00249DFCB12DF98D841ABEB7F4FF44314F159169E85AAB392DB30AE05CB80
                                                                                                                                                                                                                                                    Function 0035A550 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,A2199216,?,?), ref: 0035A531
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0035A58B
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035A989
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0035A99D
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Thread signalled when event queue is empty, xrefs: 0035A614
                                                                                                                                                                                                                                                    • Unexpected return value: , xrefs: 0035A8CC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitIos_base_dtorMtx_unlockOncestd::ios_base::_$BeginCompleteInitializeMultipleObjectsWait
                                                                                                                                                                                                                                                    • String ID: Thread signalled when event queue is empty$Unexpected return value:
                                                                                                                                                                                                                                                    • API String ID: 3324347728-3645029203
                                                                                                                                                                                                                                                    • Opcode ID: 8500105245a08bb7b59959c2b8e3a2d8df892192970c112a7e0927e77733232a
                                                                                                                                                                                                                                                    • Instruction ID: 1f109d3ad4d385b28e0d0bbb29cbc81a9c5135287969ec6b01588ad416e56b44
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8500105245a08bb7b59959c2b8e3a2d8df892192970c112a7e0927e77733232a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4141CF70D006189BDF16DFA0CC89BDDB7B9EF05310F108699E8456F2D1EB74AA89CB52
                                                                                                                                                                                                                                                    Function 003D416A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                    • API String ID: 0-537541572
                                                                                                                                                                                                                                                    • Opcode ID: d71c87e9869f68d46aeec9b89bc2d452a4fa33fdedc33e2284b275e5d801c9dd
                                                                                                                                                                                                                                                    • Instruction ID: b6f328fb17c69ed906d4333648277b06c72d54dbe4932a5ff18aab0ac036edf2
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d71c87e9869f68d46aeec9b89bc2d452a4fa33fdedc33e2284b275e5d801c9dd
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A121D573A01221BBCB238B68FC80A6A779C9B11760F260512F816A7391DA70DD01C5E0
                                                                                                                                                                                                                                                    Function 003A8044 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A804B
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A8055
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A80A6
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A80C6
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A80D3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID: ,sC
                                                                                                                                                                                                                                                    • API String ID: 55977855-634477705
                                                                                                                                                                                                                                                    • Opcode ID: 890a332edd04b9dd6df807316e6ae68e0fffde122b2197c3c094b222eb32ff0f
                                                                                                                                                                                                                                                    • Instruction ID: e3a2c99f6401d87f917822e1c54b94e3362599372553610f4fbd20e8d61e61fa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 890a332edd04b9dd6df807316e6ae68e0fffde122b2197c3c094b222eb32ff0f
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63010C75800219ABCB07EB64C845ABEB7A5EF82710F25010AF810AF2D1CF70AE08CB80
                                                                                                                                                                                                                                                    Function 003A80D9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A80E0
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A80EA
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A813B
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A815B
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A8168
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID: XsC
                                                                                                                                                                                                                                                    • API String ID: 55977855-1982438405
                                                                                                                                                                                                                                                    • Opcode ID: a18961c14310915b5628a0068029b1519312175c7bc18b4fbd9ebfbac8047163
                                                                                                                                                                                                                                                    • Instruction ID: b8c0ad2a03ff8b56bf53b98fdd63f03e6449d577658b406d51cb2b62718020b8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a18961c14310915b5628a0068029b1519312175c7bc18b4fbd9ebfbac8047163
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EF01CC759002199FCB07EB64C846ABE77A5EF82720F24051AF810AF3D1CF74AE01DB80
                                                                                                                                                                                                                                                    Function 003A816E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A8175
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A817F
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A81D0
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A81F0
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A81FD
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID: 0sC
                                                                                                                                                                                                                                                    • API String ID: 55977855-820840093
                                                                                                                                                                                                                                                    • Opcode ID: 86db2030b401d2762900489c711cd1cd7fb562fd9887e392a8072c475330d60b
                                                                                                                                                                                                                                                    • Instruction ID: eca3f92989e235e89de9365649ae909deb511f41e71b8d489ed627f9d4231d1a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 86db2030b401d2762900489c711cd1cd7fb562fd9887e392a8072c475330d60b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF01C0759001199BCB07EB68C845ABEBBBAFF45714F25051AF820AF2D1CF749E01CB80
                                                                                                                                                                                                                                                    Function 003A8457 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A845E
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A8468
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A84B9
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A84D9
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A84E6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID: @sC
                                                                                                                                                                                                                                                    • API String ID: 55977855-1679584973
                                                                                                                                                                                                                                                    • Opcode ID: 10845a7c2459d6864e5131993bfeac05d944b385487a0045eaaa91310501922a
                                                                                                                                                                                                                                                    • Instruction ID: 31d3d37101bd384f15636fe362c9433c8f05261c09da97aeb51e28d327967c95
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10845a7c2459d6864e5131993bfeac05d944b385487a0045eaaa91310501922a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D901C07590411A9BCF17EB64C8056BE77A5FF46714F25051AF810AF2D1DF749A01CB80
                                                                                                                                                                                                                                                    Function 003A84EC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A84F3
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A84FD
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A854E
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A856E
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A857B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID: sC
                                                                                                                                                                                                                                                    • API String ID: 55977855-751543789
                                                                                                                                                                                                                                                    • Opcode ID: 05f5859ff18be942e50a91eb592c4192f36eecc8fef39d00e0afa9deb9314a13
                                                                                                                                                                                                                                                    • Instruction ID: 086fd753e47cd6d323975d9c65aa61bfcb6a433d83d019d46eeb6ed160fdcfb8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05f5859ff18be942e50a91eb592c4192f36eecc8fef39d00e0afa9deb9314a13
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EA01AD75D001199BCB06EB64C8416BE77A5FF42310F24451AF821AF2D1CF74AA01CB81
                                                                                                                                                                                                                                                    Function 003A8581 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A8588
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A8592
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A85E3
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A8603
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A8610
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID: DsC
                                                                                                                                                                                                                                                    • API String ID: 55977855-1662371345
                                                                                                                                                                                                                                                    • Opcode ID: 3fd91456c990ed49efc3e287927b1b3ca3369954b071cb62a45e8b0ebee45548
                                                                                                                                                                                                                                                    • Instruction ID: d35a0f159a03db6bfb786cdca998aecea3ac6493fcf152c226602388e06e8a3a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fd91456c990ed49efc3e287927b1b3ca3369954b071cb62a45e8b0ebee45548
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC01A9759041199BCB06EBA4C805ABEB7B5EF82714F24051AF911AF2E1CF74AA00CB85
                                                                                                                                                                                                                                                    Function 003A86AB Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A86B2
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A86BC
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A870D
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A872D
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A873A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID: dsC
                                                                                                                                                                                                                                                    • API String ID: 55977855-1532526833
                                                                                                                                                                                                                                                    • Opcode ID: 8adf0503a65ba65955a29af63f12717f4d2eb38394fc3d8ab2dc3aa24da5c98c
                                                                                                                                                                                                                                                    • Instruction ID: 36b88e8e8b174a98aa7addd8c135382c2e9da16dc0ee43ab1c7e550a0a710710
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8adf0503a65ba65955a29af63f12717f4d2eb38394fc3d8ab2dc3aa24da5c98c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA01CC759041199BCB07EB64C841ABEB7A6FF85314F24011AF910AF3D1DF74AE01CB90
                                                                                                                                                                                                                                                    Function 003A8740 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A8747
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A8751
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A87A2
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A87C2
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A87CF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID: <sC
                                                                                                                                                                                                                                                    • API String ID: 55977855-972554233
                                                                                                                                                                                                                                                    • Opcode ID: 29e10c5b81d6e659534139eb188579d61a5bc6c413b3a095f135831ef7ba026d
                                                                                                                                                                                                                                                    • Instruction ID: aa7d9223a286c7e5f96fc4485ec9a500401f709f48e002c6deec3b4a55355d0b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29e10c5b81d6e659534139eb188579d61a5bc6c413b3a095f135831ef7ba026d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C1010075900219ABCB07EB64C805ABE77A6FF41714F24040AF810AF2D0DF749E04D780
                                                                                                                                                                                                                                                    Function 003A87D5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A87DC
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A87E6
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A8837
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A8857
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A8864
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID: hsC
                                                                                                                                                                                                                                                    • API String ID: 55977855-1380088213
                                                                                                                                                                                                                                                    • Opcode ID: 1a9327f1088adad3d504fb509914d1dff7c11f0ec3324622515c0c59bdc9d559
                                                                                                                                                                                                                                                    • Instruction ID: 088cc5900119dbc085e1e6790a86e1e9c4d35af231b3ab4d2a45ff653af5f97d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a9327f1088adad3d504fb509914d1dff7c11f0ec3324622515c0c59bdc9d559
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B001CC759042199BCB07EBA4C841ABE77A9FF85B14F64051AF810AF3D1DF78AA04DB90
                                                                                                                                                                                                                                                    Function 003B88B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(0043742C,?,?,00354086,0043827C,003F68E0,?), ref: 003B88BA
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(0043742C,?,?,00354086,0043827C,003F68E0,?), ref: 003B88ED
                                                                                                                                                                                                                                                    • RtlWakeAllConditionVariable.NTDLL ref: 003B8964
                                                                                                                                                                                                                                                    • SetEvent.KERNEL32(?,00354086,0043827C,003F68E0,?), ref: 003B896E
                                                                                                                                                                                                                                                    • ResetEvent.KERNEL32(?,00354086,0043827C,003F68E0,?), ref: 003B897A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                                                                                                    • String ID: ,tC
                                                                                                                                                                                                                                                    • API String ID: 3916383385-1787873870
                                                                                                                                                                                                                                                    • Opcode ID: 2610125d33307e3ab54795e38c7da0badf4e39ca86ef6f2e58bca48ee980b05b
                                                                                                                                                                                                                                                    • Instruction ID: bd6eb473cdb5d928fd2592e93f779bf7a5e0f67eb587ff6aeeae04bdb79835b6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2610125d33307e3ab54795e38c7da0badf4e39ca86ef6f2e58bca48ee980b05b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A01FBB1604510DFC726AF28FC489A97BA9EB0D711B459076EA4193331CB306812DB99
                                                                                                                                                                                                                                                    Function 003B809D Relevance: 9.2, APIs: 6, Instructions: 224COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetCPInfo.KERNEL32(?,?), ref: 003B8128
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 003B81B6
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003B8228
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 003B8242
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 003B82A5
                                                                                                                                                                                                                                                    • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 003B82C2
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiWide$CompareInfoString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2984826149-0
                                                                                                                                                                                                                                                    • Opcode ID: 905ecfb1d24918e8d8bd4dc355779fd0afc5bc568290a17eacbd5de63662ae37
                                                                                                                                                                                                                                                    • Instruction ID: 7c30addefafa00b8d403fab6ad0f160954fd4c7ad449a7e6a32bb5f35efdd3f9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 905ecfb1d24918e8d8bd4dc355779fd0afc5bc568290a17eacbd5de63662ae37
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B719331900609AFDF239FA5CC41AEF7BBEEF49718F190519EA05ABA50DF358805C760
                                                                                                                                                                                                                                                    Function 003A68B8 Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 003A6901
                                                                                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 003A696C
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003A6989
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 003A69C8
                                                                                                                                                                                                                                                    • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 003A6A27
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 003A6A4A
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiStringWide
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2829165498-0
                                                                                                                                                                                                                                                    • Opcode ID: 5ac3c02c826a4ba8ddd3ed2d94693d4eb447272e07d2d43e3f8dcd66a2486369
                                                                                                                                                                                                                                                    • Instruction ID: 247b9539f6d94aa711997bb27b7e5ca088973ba450d5ab09a5a12cb58b279c82
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ac3c02c826a4ba8ddd3ed2d94693d4eb447272e07d2d43e3f8dcd66a2486369
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 355190B2500216ABDF229F64CC46FAB7BBDEB41750F1A8429F915EA190E734DD10DB50
                                                                                                                                                                                                                                                    Function 0034E790 Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000001,?,00000000), ref: 0034E7D7
                                                                                                                                                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(00000000,00000000,00000000,?), ref: 0034E811
                                                                                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,00000000,00000000,?), ref: 0034E86D
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0034E8C7
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0034E8DC
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 0034E917
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Security$DescriptorFreeLocal$ConvertDaclInfoNamedString
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2792426717-0
                                                                                                                                                                                                                                                    • Opcode ID: 344cf77cd77d9e98d8e414bf04874cad69b03aaf2928e10bb80142547be5330a
                                                                                                                                                                                                                                                    • Instruction ID: 5b931aca5cad2941aee5b90d9169f1bdeaab4ed0d648af98c78d1b599654be9b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 344cf77cd77d9e98d8e414bf04874cad69b03aaf2928e10bb80142547be5330a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E417171D01218ABEF11CF94DD49BDEB7F9FF04704F200129F911A6290D779A904CB65
                                                                                                                                                                                                                                                    Function 00348D10 Relevance: 9.1, APIs: 6, Instructions: 128COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00348D46
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00348D66
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00348D86
                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 00348E57
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00348E64
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00348E86
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2966223926-0
                                                                                                                                                                                                                                                    • Opcode ID: 12663595e4c99767da5470fbea0ff8eb418f68ae66424b4c02fe94e85de47f95
                                                                                                                                                                                                                                                    • Instruction ID: 6987a2f745313d305889bb76ad1f8b60f3646e8bb20c79ab28bf02e246e813b9
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12663595e4c99767da5470fbea0ff8eb418f68ae66424b4c02fe94e85de47f95
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2041AA719002159FCB12EF55D881BAEBBF4FF51314F25416AE406AF292DF34AA0ACB81
                                                                                                                                                                                                                                                    Function 003C3207 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 375COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: __freea
                                                                                                                                                                                                                                                    • String ID: 3A<$a/p$am/pm
                                                                                                                                                                                                                                                    • API String ID: 240046367-602873974
                                                                                                                                                                                                                                                    • Opcode ID: 2f5cfa8383af90912a476ed107ca9b5b598537bf2e5010e8449d3fa764939d80
                                                                                                                                                                                                                                                    • Instruction ID: c18f493119ad636cf11fce328e0fffa29f87c9b6947711a9b14bed4489193741
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f5cfa8383af90912a476ed107ca9b5b598537bf2e5010e8449d3fa764939d80
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 76C1BE35904206DACB268F68C885FBABBB5FF0A700F2A814DE501EB750D7359F41CBA5
                                                                                                                                                                                                                                                    Function 00353400 Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00353435
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 00353457
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00353477
                                                                                                                                                                                                                                                    • std::_Locinfo::~_Locinfo.LIBCPMT ref: 0035353A
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00353547
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00353569
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_LocinfoLocinfo::~_Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2966223926-0
                                                                                                                                                                                                                                                    • Opcode ID: bd3165cfe74c4395b31afe0b4d9e20927211bf90e9952044475b9803b6efc3b0
                                                                                                                                                                                                                                                    • Instruction ID: e95e2c2adc5820e720555641b23529e678f30046769adc3805ebced341263ecb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd3165cfe74c4395b31afe0b4d9e20927211bf90e9952044475b9803b6efc3b0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F741C1B1A04205DFCB02DF59C841AAEB7B4FF55310F158169E809AB361EB34EB49CB81
                                                                                                                                                                                                                                                    Function 003432DE Relevance: 9.1, APIs: 6, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 003432E5
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003432F2
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 00343340
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 00343360
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0034336D
                                                                                                                                                                                                                                                    • __Towlower.LIBCPMT ref: 00343388
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3_RegisterTowlower
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2111902878-0
                                                                                                                                                                                                                                                    • Opcode ID: b51712bbd0a99550d874e325caaa9e5a16a7888e967ba90ab3d350e75200f61e
                                                                                                                                                                                                                                                    • Instruction ID: 71a54e8e475802ab29d1719cdc07e812e0c647e4f9339984332ce39eb0fe888b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b51712bbd0a99550d874e325caaa9e5a16a7888e967ba90ab3d350e75200f61e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 24119E399041099FCB07EB64D441ABEB7E9AF84710F25011AF5056F2D1DF30AF01C791
                                                                                                                                                                                                                                                    Function 003A435B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A4362
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A436C
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • codecvt.LIBCPMT ref: 003A43A6
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A43BD
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A43DD
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A43EA
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2133458128-0
                                                                                                                                                                                                                                                    • Opcode ID: 42489bac9928a169a1ef01057c7a7d7986703a9fdabc4bfe795e0bca6fe9b13d
                                                                                                                                                                                                                                                    • Instruction ID: 4d950fc1e67b28a6ccc1a5d836872dbe15cc9b446fc2889b30cca91be489cc3d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42489bac9928a169a1ef01057c7a7d7986703a9fdabc4bfe795e0bca6fe9b13d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F01A9799001199BCF06FB64C952ABE77B6FF86314F24051AF420AF2E1CFB49A01CB80
                                                                                                                                                                                                                                                    Function 003B4475 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003B447C
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003B4486
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • collate.LIBCPMT ref: 003B44C0
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003B44D7
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003B44F7
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003B4504
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1767075461-0
                                                                                                                                                                                                                                                    • Opcode ID: 92fb0e95aee201731791e40f0aa5b7603528b458a5d45d0f60e9d549b6c07287
                                                                                                                                                                                                                                                    • Instruction ID: 9dfec771c1e53e9a86343e0d66abbc82a009478d7247efde796efff093b376fa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92fb0e95aee201731791e40f0aa5b7603528b458a5d45d0f60e9d549b6c07287
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B01C0769042299BCB07EB64C8516FE77B5BF85318F24051AF910AF7D2CF74AA00CB84
                                                                                                                                                                                                                                                    Function 003B450A Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003B4511
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003B451B
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • messages.LIBCPMT ref: 003B4555
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003B456C
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003B458C
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003B4599
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 958335874-0
                                                                                                                                                                                                                                                    • Opcode ID: d7c2784f347c9e42421d4942d9f9b27777e24994e548e2b68cd2ee7423d6d4ad
                                                                                                                                                                                                                                                    • Instruction ID: c450aacf9df1849df732ce030d55c17f077029a71706630d68a5add52c67c176
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7c2784f347c9e42421d4942d9f9b27777e24994e548e2b68cd2ee7423d6d4ad
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F01C0759001199BCB17EB64C8416FE77B9BF85314F24051AF911AF7D2CF749A00C784
                                                                                                                                                                                                                                                    Function 003B46C9 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003B46D0
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003B46DA
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • moneypunct.LIBCPMT ref: 003B4714
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003B472B
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003B474B
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003B4758
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3376033448-0
                                                                                                                                                                                                                                                    • Opcode ID: ebd518e21a8283124583e49aca2a72aab0f1b81c5527f71e80ce370020fd2114
                                                                                                                                                                                                                                                    • Instruction ID: 008710bdcb374f112565f655f8a201dc4aca440423df1893d67d9433be18f29f
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebd518e21a8283124583e49aca2a72aab0f1b81c5527f71e80ce370020fd2114
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6301C0799041199BCF07EB64C806AFE77A9EF81718F260159F920AF6D2CF749A00CB84
                                                                                                                                                                                                                                                    Function 003B475E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003B4765
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003B476F
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • moneypunct.LIBCPMT ref: 003B47A9
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003B47C0
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003B47E0
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003B47ED
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3376033448-0
                                                                                                                                                                                                                                                    • Opcode ID: 71d18a8ac38b2f7808391fd1b0e9e7f873e952ef289666ef612e92d9a194e2a3
                                                                                                                                                                                                                                                    • Instruction ID: 1be10cccc5132bcad2340730fa9d5b7107b07fab8b49fdc77720c19461766ce8
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71d18a8ac38b2f7808391fd1b0e9e7f873e952ef289666ef612e92d9a194e2a3
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3201C0799001199BCB07EB64C806AFE77A5FF81718F240519F920AF6D2CF749A00C784
                                                                                                                                                                                                                                                    Function 0036C410 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 132COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0036C546
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0036C54B
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 0036C550
                                                                                                                                                                                                                                                      • Part of subcall function 003BE960: _free.LIBCMT ref: 003BE973
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task$_free
                                                                                                                                                                                                                                                    • String ID: false$true
                                                                                                                                                                                                                                                    • API String ID: 149343396-2658103896
                                                                                                                                                                                                                                                    • Opcode ID: 52adfa9f7c2dfdb24332be9ddfbaa27647467a7bc4e57689a7afc98b08dc22e0
                                                                                                                                                                                                                                                    • Instruction ID: de650fcaa6b36fb19838f9fe7178700befaea42d117ef9ea9c8a56ae9c1b153b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 52adfa9f7c2dfdb24332be9ddfbaa27647467a7bc4e57689a7afc98b08dc22e0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 274130759013409FCB22DF69DC41BAABBB4EF06300F04896DE9469B742D776E908CBA1
                                                                                                                                                                                                                                                    Function 003BD1B7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,003BD278,?,?,004377FC,00000000,?,003BD3A3,00000004,InitializeCriticalSectionEx,0041013C,00410144,00000000), ref: 003BD247
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                                                                                    • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                                                    • Opcode ID: 9e348f99fcf1467b8da19697db44f2c71ffc4ce19bcd635db33102acb3b408a5
                                                                                                                                                                                                                                                    • Instruction ID: e64c0e8e513af3804b466c9e7b8c898e2f14164308fa46c0a0faf1a0b9944917
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e348f99fcf1467b8da19697db44f2c71ffc4ce19bcd635db33102acb3b408a5
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89110A31A41225ABDB234B68AC41B9937A8AF01774F150551FE01EFAC0F770EE00CAD5
                                                                                                                                                                                                                                                    Function 0036E150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll), ref: 0036E172
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 0036E182
                                                                                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(00000000,?), ref: 0036E1C2
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressDeleteHandleModuleProc
                                                                                                                                                                                                                                                    • String ID: Advapi32.dll$RegDeleteKeyExW
                                                                                                                                                                                                                                                    • API String ID: 588496660-2191092095
                                                                                                                                                                                                                                                    • Opcode ID: 145f6b834b69b7fafb524136fb1d36efd30605a6da7fb03ba69896741d9a9359
                                                                                                                                                                                                                                                    • Instruction ID: b7b588d5b88f7bdd6f124f805fe4581a8010dd020d358b31891b098828b3952d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 145f6b834b69b7fafb524136fb1d36efd30605a6da7fb03ba69896741d9a9359
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41018879204315AAE3224B5AFC06B627BA9E792B22F05C03BF105D25B0C7F6D448EB64
                                                                                                                                                                                                                                                    Function 003911F0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 39fileCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00391210
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0039121A
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • NWebAdvisor::CCabParser::Write, xrefs: 00391228
                                                                                                                                                                                                                                                    • WriteFile failed: %d, xrefs: 00391221
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 0039122D
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                    • String ID: NWebAdvisor::CCabParser::Write$WriteFile failed: %d$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                                                    • API String ID: 442123175-2264278858
                                                                                                                                                                                                                                                    • Opcode ID: bd5f2748c09d2bea23ff95607680e9282cd34234d86cd2b9c8435cbeb371b5f2
                                                                                                                                                                                                                                                    • Instruction ID: b8a727d59d530c8ac0a8692c52bd57db7238f24d396a8749bfdedc0ee66b80c0
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd5f2748c09d2bea23ff95607680e9282cd34234d86cd2b9c8435cbeb371b5f2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEF0AF35740108FFDB40EFA4DC02F7EB7F8EB18B04F904069BA09AA192EA719E14D750
                                                                                                                                                                                                                                                    Function 003708A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32), ref: 003708A9
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 003708C0
                                                                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?), ref: 003708D7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressCurrentHandleModuleProcProcess
                                                                                                                                                                                                                                                    • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                                                    • API String ID: 4190356694-3789238822
                                                                                                                                                                                                                                                    • Opcode ID: 13a9ee6a94e5b6770dd2f46b310ffadd5853376042784fb1297cedf5ec3f5afc
                                                                                                                                                                                                                                                    • Instruction ID: 11a33b71bd03d0cb6c075848427a208d4393c88abe943308401f58078e404510
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 13a9ee6a94e5b6770dd2f46b310ffadd5853376042784fb1297cedf5ec3f5afc
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5F02732D0131DBBCE219BA2AC09BEA779CDB01715F0046D6EC0C93200EA79DD04D6D2
                                                                                                                                                                                                                                                    Function 003CE940 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,003CE935,?,?,003CE8FD,00000002,00000002,?), ref: 003CE955
                                                                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 003CE968
                                                                                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,003CE935,?,?,003CE8FD,00000002,00000002,?), ref: 003CE98B
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                    • Opcode ID: 1802a8ed650136a03b7997a70e15a61ed035d5550bcd276786aef7b4d6f4afeb
                                                                                                                                                                                                                                                    • Instruction ID: 34fe4301f6648231b9f2ea473af6dc672786dc0a3e8599d7063d1153ef865072
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1802a8ed650136a03b7997a70e15a61ed035d5550bcd276786aef7b4d6f4afeb
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EF08C32A1021AFBDB129B56DD09FEDBB79EB00B55F150064F504E20B0CBB88E40DB90
                                                                                                                                                                                                                                                    Function 003B8982 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • SleepConditionVariableCS.KERNELBASE(?,003B891F,00000064), ref: 003B89A5
                                                                                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(0043742C,00351171,?,003B891F,00000064,?,?,?,0035402B,0043827C,A2199216,?,00351171,?), ref: 003B89AF
                                                                                                                                                                                                                                                    • WaitForSingleObjectEx.KERNEL32(00351171,00000000,?,003B891F,00000064,?,?,?,0035402B,0043827C,A2199216,?,00351171,?), ref: 003B89C0
                                                                                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(0043742C,?,003B891F,00000064,?,?,?,0035402B,0043827C,A2199216,?,00351171,?), ref: 003B89C7
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                                                    • String ID: ,tC
                                                                                                                                                                                                                                                    • API String ID: 3269011525-1787873870
                                                                                                                                                                                                                                                    • Opcode ID: 16bf2d87ce36d9c2fdc5ba7f583a7f6458d2e89a4ec64beca4369164458896a9
                                                                                                                                                                                                                                                    • Instruction ID: ccb2fba30b8a67a377e34ac9a3672d169b150b70d01a6bb885ed54ec7b36f382
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16bf2d87ce36d9c2fdc5ba7f583a7f6458d2e89a4ec64beca4369164458896a9
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39E09232544124BBCB232B50EC08AAD3E2DEB0CB10F005021F64552171CB712810DBDA
                                                                                                                                                                                                                                                    Function 003D03F2 Relevance: 7.7, APIs: 5, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003D2174: RtlAllocateHeap.NTDLL(00000000,?,?,?,003B872D,?,?,0034A1ED,0000002C,A2199216), ref: 003D21A6
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D0501
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D0518
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D0535
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D0550
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003D0567
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$AllocateHeap
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3033488037-0
                                                                                                                                                                                                                                                    • Opcode ID: 66e3a594e711837bfa3da3fa02ed3f1a796c303e341abdaf4333d9b00a8db812
                                                                                                                                                                                                                                                    • Instruction ID: ff8fa91e17fdb34a1b4be7d224e15fb2eddf58d679dc47ddb24580575b842879
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 66e3a594e711837bfa3da3fa02ed3f1a796c303e341abdaf4333d9b00a8db812
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD51E072A00704AFDB26DF6AE841BAA77F5EF55B20F55056AE909DB350E730EA40CF40
                                                                                                                                                                                                                                                    Function 003A43F0 Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003A43F7
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003A4401
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003A4452
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003A4472
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003A447F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 55977855-0
                                                                                                                                                                                                                                                    • Opcode ID: de0486e2a5db045983d0d69d11d1a2fb4225568f691c8b8e8cc9109f7d606ad8
                                                                                                                                                                                                                                                    • Instruction ID: c471c7cbf5669097a8653751d59cdaada918919dde5b41e322b442fdebe514f3
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de0486e2a5db045983d0d69d11d1a2fb4225568f691c8b8e8cc9109f7d606ad8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DD11E6759041199BCB16FB54D801BAEB7F9EF85710F24401AF914AF2D1DFB49A01C794
                                                                                                                                                                                                                                                    Function 003A7579 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2020259771-0
                                                                                                                                                                                                                                                    • Opcode ID: cad3649b9794d3e4a5f270e38a1f27be26819038b188787cef5539541964a61e
                                                                                                                                                                                                                                                    • Instruction ID: 2a82aaf3da08975455a20bad91346d347424edfc4b90a7eba340856491481485
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cad3649b9794d3e4a5f270e38a1f27be26819038b188787cef5539541964a61e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB114FB19087447BE721DBA58CC1F22B7ACEF0A710F044619F1458BA41E276FD5487A9
                                                                                                                                                                                                                                                    Function 003B459F Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003B45A6
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003B45B0
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003B4601
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003B4621
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003B462E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 55977855-0
                                                                                                                                                                                                                                                    • Opcode ID: 07ea8b86923ed07e80ad1f98dcfcfde6340a1ded1ca3bf42a5d6b2836c3540d4
                                                                                                                                                                                                                                                    • Instruction ID: 9a402f6a4dee70c1454025d31f748075ed798d553461c12a4992c305f62fc488
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07ea8b86923ed07e80ad1f98dcfcfde6340a1ded1ca3bf42a5d6b2836c3540d4
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3801ED759002299BCB02EB64C841AFE77A5EF81714F24001AF910AF6D2CF749A00D784
                                                                                                                                                                                                                                                    Function 003B4634 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003B463B
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003B4645
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003B4696
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003B46B6
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003B46C3
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 55977855-0
                                                                                                                                                                                                                                                    • Opcode ID: 596b7a322036f5262ca903d1b5811c0c5418870ed65dc28349f8f8b7a35b1584
                                                                                                                                                                                                                                                    • Instruction ID: fb8e66544553f2657b05c97622040561a792b3bb4ed1b97efe0f086a944e1da6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 596b7a322036f5262ca903d1b5811c0c5418870ed65dc28349f8f8b7a35b1584
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6101C0759041199BCB07EB64C841AFE77E9BF45714F25451AF910AF6D2CF749E00CB84
                                                                                                                                                                                                                                                    Function 003B47F3 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003B47FA
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003B4804
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003B4855
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003B4875
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003B4882
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 55977855-0
                                                                                                                                                                                                                                                    • Opcode ID: ede69fabd7cdc523c4b00ae638429c8cf0f0df879751436a50cbfdbb5ca9ecaf
                                                                                                                                                                                                                                                    • Instruction ID: 5609570085ff1ba457cfbfaa5d2567cf592919324c82bd969d0d301d15c12377
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ede69fabd7cdc523c4b00ae638429c8cf0f0df879751436a50cbfdbb5ca9ecaf
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E701AD759002599BCB06EB64C811AFE77B5EF80718F254119FA20AF6D2CF74AE01D785
                                                                                                                                                                                                                                                    Function 003B4888 Relevance: 7.5, APIs: 5, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 003B488F
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003B4899
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::_Lockit.LIBCPMT ref: 00342D30
                                                                                                                                                                                                                                                      • Part of subcall function 00342D14: std::_Lockit::~_Lockit.LIBCPMT ref: 00342D4C
                                                                                                                                                                                                                                                    • std::_Facet_Register.LIBCPMT ref: 003B48EA
                                                                                                                                                                                                                                                    • std::_Lockit::~_Lockit.LIBCPMT ref: 003B490A
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003B4917
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 55977855-0
                                                                                                                                                                                                                                                    • Opcode ID: 1eb423ab519572b727d8cee8286f4c31979da5eafe4a9ec68f2a9be7ccc41320
                                                                                                                                                                                                                                                    • Instruction ID: c3ff60a38684c5b3a3d14bf77a3b4137418e9e23c6f02f240bf110dbeaf2ff63
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1eb423ab519572b727d8cee8286f4c31979da5eafe4a9ec68f2a9be7ccc41320
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C01AD7590011A9BCB06EBA4C801ABE77A5EF44328F24451AF950AF6D2CF749A04CB84
                                                                                                                                                                                                                                                    Function 003DB487 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003DB49F
                                                                                                                                                                                                                                                      • Part of subcall function 003D2098: RtlFreeHeap.NTDLL(00000000,00000000,?,003DB729,?,00000000,?,?,?,003DB9CC,?,00000007,?,?,003DBDD6,?), ref: 003D20AE
                                                                                                                                                                                                                                                      • Part of subcall function 003D2098: GetLastError.KERNEL32(?,?,003DB729,?,00000000,?,?,?,003DB9CC,?,00000007,?,?,003DBDD6,?,?), ref: 003D20C0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003DB4B1
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003DB4C3
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003DB4D5
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003DB4E7
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: 9db22125c9c6c0ad46907c83f614cc06f6b317b67566931115e79bc140a4ca0d
                                                                                                                                                                                                                                                    • Instruction ID: 8e795770f9173c1bce01c8762125b0d3a80e19be84d4fc666a33fdc84bccb57e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9db22125c9c6c0ad46907c83f614cc06f6b317b67566931115e79bc140a4ca0d
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EBF0FF73604604EBC632DB66F586C16B3FDEA407207DA483AF449DB701CB20FC858654
                                                                                                                                                                                                                                                    Function 00390720 Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • NWebAdvisor::CCabParser::Close, xrefs: 0039073E
                                                                                                                                                                                                                                                    • c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h, xrefs: 00390743
                                                                                                                                                                                                                                                    • CloseHandle failed: %d, xrefs: 00390737
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                    • String ID: CloseHandle failed: %d$NWebAdvisor::CCabParser::Close$c:\jenkins\workspace\mer_WebAdvisor_XMLUpdater_master\src\XmlUpdater\CabParser.h
                                                                                                                                                                                                                                                    • API String ID: 918212764-1823807987
                                                                                                                                                                                                                                                    • Opcode ID: f82a1b3198468c5ad3333422e2b92bfcd2f60b1e3331e80e0ca47806ff278a49
                                                                                                                                                                                                                                                    • Instruction ID: ebb54e119e53602138c6b3dd29c3bda5407a4383d83acafc6a52f162a862d616
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f82a1b3198468c5ad3333422e2b92bfcd2f60b1e3331e80e0ca47806ff278a49
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBD02B303C03106EFB213B69EC0AF663568AF00B20F100A29B611B10F2E5F1AC408749
                                                                                                                                                                                                                                                    Function 003A52EC Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 003A52F3
                                                                                                                                                                                                                                                      • Part of subcall function 0036BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 0036BE2F
                                                                                                                                                                                                                                                      • Part of subcall function 0036BDF0: std::_Lockit::_Lockit.LIBCPMT ref: 0036BE51
                                                                                                                                                                                                                                                      • Part of subcall function 0036BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0036BE71
                                                                                                                                                                                                                                                      • Part of subcall function 0036BDF0: std::_Lockit::~_Lockit.LIBCPMT ref: 0036BFFC
                                                                                                                                                                                                                                                    • _Find_elem.LIBCPMT ref: 003A54EF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                                    • String ID: 0123456789ABCDEFabcdef-+Xx$l8]:
                                                                                                                                                                                                                                                    • API String ID: 3042121994-707224597
                                                                                                                                                                                                                                                    • Opcode ID: 0f96bc70dabfd824b1d5a7c1739329b410d66faf5156c73ebfe4b0b915ae9f82
                                                                                                                                                                                                                                                    • Instruction ID: 568def3bb3667ed32089992437738cec81f9da2137bb3975d74c786e3fb59746
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f96bc70dabfd824b1d5a7c1739329b410d66faf5156c73ebfe4b0b915ae9f82
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8C17D30E046888FDF27DBA4C5907ECBBB2EF57300F694159D8866F282D7649D46CB50
                                                                                                                                                                                                                                                    Function 003E51F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: \\?\
                                                                                                                                                                                                                                                    • API String ID: 0-4282027825
                                                                                                                                                                                                                                                    • Opcode ID: 36ca9fb8b43932ac91c04db45c105b1cd6167f27a50165f1493fe421eec7495a
                                                                                                                                                                                                                                                    • Instruction ID: a3737ff3c9c766b2421ae64de66bfe457668aaa9dc0ac6c2e81ab52f208a8398
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36ca9fb8b43932ac91c04db45c105b1cd6167f27a50165f1493fe421eec7495a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2719D71D00668DBCF16DFA9C884AEEB7F9BF45314F15062AE419EB2D0D730A940CBA1
                                                                                                                                                                                                                                                    Function 0034B420 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0034B64C
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_
                                                                                                                                                                                                                                                    • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                                    • API String ID: 323602529-1866435925
                                                                                                                                                                                                                                                    • Opcode ID: b5e9f612b339037f1a32bad57ec349a448a0c94b8d1333316dccce0d292da09c
                                                                                                                                                                                                                                                    • Instruction ID: 0d4e3c58b271199305bff7e08442daa62a7b6d0ad30a1a8cdecb3e44c5c8867e
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b5e9f612b339037f1a32bad57ec349a448a0c94b8d1333316dccce0d292da09c
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D37199B1A00649DFCB16CF58C984B9AFBF4FF08314F15816AEA149B381DBB5E905CB84
                                                                                                                                                                                                                                                    Function 003E4620 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000000), ref: 003E46E4
                                                                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 003E4728
                                                                                                                                                                                                                                                    • WritePrivateProfileStructW.KERNEL32(?,00000000,?,00000004,00000000), ref: 003E4768
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: PrivateProfileStructWrite$ErrorLast
                                                                                                                                                                                                                                                    • String ID: MCRG
                                                                                                                                                                                                                                                    • API String ID: 3778923442-1523812224
                                                                                                                                                                                                                                                    • Opcode ID: 4a215df3f9700a2e079785b82447c585ce5058e09d27405dcb2b0cf5b715ebb7
                                                                                                                                                                                                                                                    • Instruction ID: 149485f976a5af1a496526a55f545d6a4ad7df49dec75f9b78437e38e4f5c618
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a215df3f9700a2e079785b82447c585ce5058e09d27405dcb2b0cf5b715ebb7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 35518075900259EFDB11CFA9D844F9EBBF8EF49310F148259F825AB2A1DB70A904CF90
                                                                                                                                                                                                                                                    Function 00350490 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003A3D98: FormatMessageA.KERNEL32(00001300,00000000,?,00000000,?,00000000,00000000,?,?,003504D5,?,?,A2199216), ref: 003A3DAE
                                                                                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 003505CC
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 003505F6
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_taskFormatFreeLocalMessage
                                                                                                                                                                                                                                                    • String ID: generic$unknown error
                                                                                                                                                                                                                                                    • API String ID: 3868770561-3628847473
                                                                                                                                                                                                                                                    • Opcode ID: 4d9ce399c73032616e2b890b57f6b061b7c4f2afec0f73e1937fd478dc3574f8
                                                                                                                                                                                                                                                    • Instruction ID: f862febce32eca5eeece26586c1a8a3ffdc36b7c6482d49bb427e8af5e12330a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d9ce399c73032616e2b890b57f6b061b7c4f2afec0f73e1937fd478dc3574f8
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 874128B09043049FDB269F64C841BAFBBF8EF05315F100A2EF8569B791E77995088B91
                                                                                                                                                                                                                                                    Function 003CEA12 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\is-BM3S1.tmp\prod0_extract\saBSI.exe
                                                                                                                                                                                                                                                    • API String ID: 0-1974103176
                                                                                                                                                                                                                                                    • Opcode ID: c31836cfc8a3060c835d668c06587cae0a719b0c712c23d1db8b48fe104e1904
                                                                                                                                                                                                                                                    • Instruction ID: f4a5a8d5bc329a25907a5e2ae8565a83f968612cc95072875858be36e358abd1
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c31836cfc8a3060c835d668c06587cae0a719b0c712c23d1db8b48fe104e1904
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D43173B5A04218AFCB26DF99DC85EAEBBBCEB94310B15406EF505DB211EB709E44CB50
                                                                                                                                                                                                                                                    Function 00344A4A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3_
                                                                                                                                                                                                                                                    • String ID: /affid$MSAD_Subinfo$affid
                                                                                                                                                                                                                                                    • API String ID: 2427045233-3897642808
                                                                                                                                                                                                                                                    • Opcode ID: 1e1f83d536e4b9eceaeb8c6a055295fe2f735f1e38a345693e2fb9429f5b55ce
                                                                                                                                                                                                                                                    • Instruction ID: f241eb353585a520275090b4177230a2e0f86798ea044260d2ad6c6dfdc8bc1a
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e1f83d536e4b9eceaeb8c6a055295fe2f735f1e38a345693e2fb9429f5b55ce
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1D418E74D05248DECB1ADFA4C895AEDFBF4FF08314F14406EE446AB281DB34AA4ACB55
                                                                                                                                                                                                                                                    Function 003B2F50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 003B2F57
                                                                                                                                                                                                                                                      • Part of subcall function 003A7DF0: __EH_prolog3.LIBCMT ref: 003A7DF7
                                                                                                                                                                                                                                                      • Part of subcall function 003A7DF0: std::_Lockit::_Lockit.LIBCPMT ref: 003A7E01
                                                                                                                                                                                                                                                      • Part of subcall function 003A7DF0: std::_Lockit::~_Lockit.LIBCPMT ref: 003A7E72
                                                                                                                                                                                                                                                    • _Find_elem.LIBCPMT ref: 003B2FF3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: %.0Lf$0123456789-
                                                                                                                                                                                                                                                    • API String ID: 2544715827-3094241602
                                                                                                                                                                                                                                                    • Opcode ID: c747c49a4db4195af095e3190e378fdf393c5b566dd9f04cafc020b7ad0c822e
                                                                                                                                                                                                                                                    • Instruction ID: 2979f5c0e5e151a9af25a0db393fc093c1665d4dc689e14678c2f6cb2341d205
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c747c49a4db4195af095e3190e378fdf393c5b566dd9f04cafc020b7ad0c822e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31415E31910218DFCF16EFA4C880AEEBBB5FF18318F100169F911AB655DB30DA56CBA5
                                                                                                                                                                                                                                                    Function 003B3200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 003B3207
                                                                                                                                                                                                                                                      • Part of subcall function 003432DE: __EH_prolog3_GS.LIBCMT ref: 003432E5
                                                                                                                                                                                                                                                      • Part of subcall function 003432DE: std::_Lockit::_Lockit.LIBCPMT ref: 003432F2
                                                                                                                                                                                                                                                      • Part of subcall function 003432DE: std::_Lockit::~_Lockit.LIBCPMT ref: 00343360
                                                                                                                                                                                                                                                    • _Find_elem.LIBCPMT ref: 003B32A3
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: H_prolog3_Lockitstd::_$Find_elemLockit::_Lockit::~_
                                                                                                                                                                                                                                                    • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                                                    • API String ID: 3328206922-2494171821
                                                                                                                                                                                                                                                    • Opcode ID: 3f78f161a064277fe2c7b694c3b57ebd44442e4d18990fd16c0c75a5e80e639e
                                                                                                                                                                                                                                                    • Instruction ID: b71d22c97e2cfbe9c210eb2546481d71508f6842e8e98b363f8b15226d5510de
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f78f161a064277fe2c7b694c3b57ebd44442e4d18990fd16c0c75a5e80e639e
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 61416D31900218DFCF06DFA4C885ADEBBB5FF09314F100569FA11AF255DB70AA56CB91
                                                                                                                                                                                                                                                    Function 003B7470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 003B7477
                                                                                                                                                                                                                                                      • Part of subcall function 0036C960: std::_Lockit::_Lockit.LIBCPMT ref: 0036C995
                                                                                                                                                                                                                                                      • Part of subcall function 0036C960: std::_Lockit::_Lockit.LIBCPMT ref: 0036C9B7
                                                                                                                                                                                                                                                      • Part of subcall function 0036C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0036C9D7
                                                                                                                                                                                                                                                      • Part of subcall function 0036C960: std::_Lockit::~_Lockit.LIBCPMT ref: 0036CAB1
                                                                                                                                                                                                                                                    • _Find_elem.LIBCPMT ref: 003B7511
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                                                    • String ID: 0123456789-$0123456789-
                                                                                                                                                                                                                                                    • API String ID: 3042121994-2494171821
                                                                                                                                                                                                                                                    • Opcode ID: 68c44975da3ae3200b596c583b67c8fb445fd8f9561801cc14e3d26c11c7433a
                                                                                                                                                                                                                                                    • Instruction ID: accf44f425e408507a46ae5fd4c7cc0e3bcb773cd5915ff1177415023e947626
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 68c44975da3ae3200b596c583b67c8fb445fd8f9561801cc14e3d26c11c7433a
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0416D31900209DFCF16DFA4D881AEEBBB5FF44314F50406AFA11AB252DB34EA16CB51
                                                                                                                                                                                                                                                    Function 00357156 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00364B40: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0036521E
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00357D3D
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00357DC8
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$InitOnce$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                                                                                    • String ID: Failed to add event category ($V
                                                                                                                                                                                                                                                    • API String ID: 2287862619-1647955383
                                                                                                                                                                                                                                                    • Opcode ID: 4b7b61e93e60980c9b8584e581896aae9b680aaf9f6c2e386c258765d4f26560
                                                                                                                                                                                                                                                    • Instruction ID: 372755851e61670554912fdbf99e475732906ed0a3c3fecb71bf7571a84d93a7
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b7b61e93e60980c9b8584e581896aae9b680aaf9f6c2e386c258765d4f26560
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7318270914248DFDB06EF60D855BDE77B4EF55304F504099E8061F242EB79AA08CBA2
                                                                                                                                                                                                                                                    Function 0035A7DC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000000FF,A2199216,?,?), ref: 0035A531
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 0035A7EC
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035A989
                                                                                                                                                                                                                                                      • Part of subcall function 0035F110: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0035F268
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    • Unexpected return value: , xrefs: 0035A8CC
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Ios_base_dtorstd::ios_base::_$Mtx_unlockMultipleObjectsWait
                                                                                                                                                                                                                                                    • String ID: Unexpected return value:
                                                                                                                                                                                                                                                    • API String ID: 1703231451-3613193034
                                                                                                                                                                                                                                                    • Opcode ID: 24d6f5e2ca87da48ed0c596125aa8dd2996ec3d625c1e12d2eecd29980e0cd45
                                                                                                                                                                                                                                                    • Instruction ID: c0fb6a0ea0e43da124a04d2b77704d126bac5648b4cd8d54e772660072e85931
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24d6f5e2ca87da48ed0c596125aa8dd2996ec3d625c1e12d2eecd29980e0cd45
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7621D3709006089BDF16DFA4DC89FEDB779EF45311F104758E8156F2E2DB30AA89DA12
                                                                                                                                                                                                                                                    Function 00357052 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceBeginInitialize.KERNEL32(004380C4,00000000,A2199216,00000000,A2199216,0034A219,004380CC,?,?,?,?,?,?,0034A219,?,?), ref: 00349BE5
                                                                                                                                                                                                                                                      • Part of subcall function 00349BB0: InitOnceComplete.KERNEL32(004380C4,00000000,00000000), ref: 00349C1D
                                                                                                                                                                                                                                                      • Part of subcall function 00349940: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00349A12
                                                                                                                                                                                                                                                    • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00357D3D
                                                                                                                                                                                                                                                    • __Mtx_unlock.LIBCPMT ref: 00357DC8
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: InitIos_base_dtorOncestd::ios_base::_$BeginCompleteInitializeMtx_unlock
                                                                                                                                                                                                                                                    • String ID: P$Service has not been initialized
                                                                                                                                                                                                                                                    • API String ID: 920826028-2917841385
                                                                                                                                                                                                                                                    • Opcode ID: 7d79b1e328fa8324bebb03a43243fb923dd8d07eaa2ec1fb993f77f85a6cbcee
                                                                                                                                                                                                                                                    • Instruction ID: 6926d6a8c0ed64b6ef29cf8918a8b01212dab20771772d9bcd4fba5474a16936
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d79b1e328fa8324bebb03a43243fb923dd8d07eaa2ec1fb993f77f85a6cbcee
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 34017171914248CEDF06EFA0D852BED73B8EF55300F50806AE8061F681EB79A64CCA65
                                                                                                                                                                                                                                                    Function 0034308E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • __EH_prolog3.LIBCMT ref: 00343095
                                                                                                                                                                                                                                                    • std::_Lockit::_Lockit.LIBCPMT ref: 003430A2
                                                                                                                                                                                                                                                    • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 003430DF
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: std::_$H_prolog3Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                                                    • String ID: bad locale name
                                                                                                                                                                                                                                                    • API String ID: 4089677319-1405518554
                                                                                                                                                                                                                                                    • Opcode ID: 6efffc5febfae3954b86ce99b8ef662d5ab198070b304441ae248553233d2ac1
                                                                                                                                                                                                                                                    • Instruction ID: a1965e2e385c15aebbe7132a5aa8b791050a4bda71f9eb00859250caf2baf619
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6efffc5febfae3954b86ce99b8ef662d5ab198070b304441ae248553233d2ac1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B016270905B84DEC7329F7A848164BFFE0BF29304B508A2FE18E87A41CB34A644CB5D
                                                                                                                                                                                                                                                    Function 003D24F8 Relevance: 6.3, APIs: 4, Instructions: 320COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 3213747228-0
                                                                                                                                                                                                                                                    • Opcode ID: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                                                                                    • Instruction ID: f86f8c41807376e939bc32ec61d848f792cbc1dfa889506118edc1dff9a72b12
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2052368595d85d8921707e714fa8cf7e39a0871388d90fe44b2f9a70ca8f8144
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48B124339042859FDB23CF28E891BAFBBE5EF65340F2541ABE8559B342D6749D01CB60
                                                                                                                                                                                                                                                    Function 003E2AF0 Relevance: 6.2, APIs: 4, Instructions: 173COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 0034463F: GetProcessHeap.KERNEL32(?,?,?,0036C2E1,?,?,?,A2199216,?,00000000), ref: 00344676
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,?,?,003EFB28,000000FF), ref: 003E2BF4
                                                                                                                                                                                                                                                      • Part of subcall function 003675F0: FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,003E2B5D,?,00000000), ref: 00367628
                                                                                                                                                                                                                                                      • Part of subcall function 003675F0: LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,003E2B5D,?,00000000,?,?,?,?,?,003EFB28), ref: 00367636
                                                                                                                                                                                                                                                      • Part of subcall function 003675F0: LockResource.KERNEL32(00000000,?,?,?,?,?,003E2B5D,?,00000000,?,?,?,?,?,003EFB28,000000FF), ref: 00367641
                                                                                                                                                                                                                                                      • Part of subcall function 003675F0: SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,003E2B5D,?,00000000,?,?,?,?,?,003EFB28), ref: 0036764F
                                                                                                                                                                                                                                                    • FindResourceW.KERNEL32(00000000,?,00000006), ref: 003E2B74
                                                                                                                                                                                                                                                      • Part of subcall function 00367580: LoadResource.KERNEL32(00000101,00000101,00000000,80070057,8007000E,80004005,00368806,00000000,?,00000000,00000002,00000000), ref: 00367589
                                                                                                                                                                                                                                                      • Part of subcall function 00367580: LockResource.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 00367594
                                                                                                                                                                                                                                                      • Part of subcall function 00367580: SizeofResource.KERNEL32(00000101,00000101,?,00000000,00000002,00000000), ref: 003675A8
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 003E2BAB
                                                                                                                                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,003EFB28,000000FF), ref: 003E2C2E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$ByteCharMultiWide$FindLoadLockSizeof$HeapProcess
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 2838002939-0
                                                                                                                                                                                                                                                    • Opcode ID: c3245247ccfda405dc015f0d587516e7e073c4d888efb24c3389b8afa82b7461
                                                                                                                                                                                                                                                    • Instruction ID: 5dff5b1d6af01c758269f92498f5b45717961747d2ed766822def6b5260f9caa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3245247ccfda405dc015f0d587516e7e073c4d888efb24c3389b8afa82b7461
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8051AC31200691AFE7268F1ACC89F2AB7ECEB54710F21465DF6459F3E1EBB4A800CB50
                                                                                                                                                                                                                                                    Function 003BC0E1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                                                                                    • Opcode ID: a9ebcd1c3ed0d86b14657422ff62d2afc59f3cc9835c60611ae00cfcfa481890
                                                                                                                                                                                                                                                    • Instruction ID: bd4f8fac05e2404c2b5380e428c7c4bf7a038175bfbc53d69226c0d40a32e721
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a9ebcd1c3ed0d86b14657422ff62d2afc59f3cc9835c60611ae00cfcfa481890
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B51E271A106029FEF3A9F98C842BFA77A4FF44718F15442EEA155BA92D731EC40CB90
                                                                                                                                                                                                                                                    Function 003D3531 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: bb4e90a464e5bad0d3ddc9870d451ef91fd9526fdc442c3a0be5c3594845d088
                                                                                                                                                                                                                                                    • Instruction ID: 23fab46996b506436c51a10a0c3c1cf913952f3c0f645a0984e70e2802649a2b
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb4e90a464e5bad0d3ddc9870d451ef91fd9526fdc442c3a0be5c3594845d088
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F541D8B2A00604BFD7269F38EC41BAABBA9EB85710F10452BF115DF781E771EE418781
                                                                                                                                                                                                                                                    Function 0036EBA0 Relevance: 6.1, APIs: 4, Instructions: 90registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • RegSetKeySecurity.ADVAPI32(00000000,00000000,00000000,00000000), ref: 0036EBCB
                                                                                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000100,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0036EC28
                                                                                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,?,?,00000000,00000000), ref: 0036EC4F
                                                                                                                                                                                                                                                      • Part of subcall function 0036EBA0: RegCloseKey.ADVAPI32(?,?,00000000,00000000), ref: 0036EC7E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: CloseEnumOpenSecurity
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 611561417-0
                                                                                                                                                                                                                                                    • Opcode ID: 411a2c6fb70c6f0f72187e0f8ea737fea520f456b70e8a1e3d99dc97662e0463
                                                                                                                                                                                                                                                    • Instruction ID: 806c2167a2bb2a9ec051a3d71a56f1b1c6188d1fa504492ed2cb4b247dd17849
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 411a2c6fb70c6f0f72187e0f8ea737fea520f456b70e8a1e3d99dc97662e0463
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3318176A4021CABDB229F54DD49FEAB7BCEB08700F0045A5FA19EB191DA709E54CB90
                                                                                                                                                                                                                                                    Function 003CE0E7 Relevance: 6.1, APIs: 4, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                    • Opcode ID: c9f69a5961d426fd1a8da0edb7436575d3dc34ab0d745c3372f0008299838a45
                                                                                                                                                                                                                                                    • Instruction ID: c976067dadf804f74412887ecb7b36e479ace1b920549fff5a3e3f1128281578
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9f69a5961d426fd1a8da0edb7436575d3dc34ab0d745c3372f0008299838a45
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F21C372604205AFEB22AF61DC81F7B77ADEF04368715451DF525DB590EB30EC6187A0
                                                                                                                                                                                                                                                    Function 003675F0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003B987E: EnterCriticalSection.KERNEL32(004377A0,?,00000101,?,003686A7,00000000,?,00000101,?,00000000,?,?,0036C338,-00000010), ref: 003B9889
                                                                                                                                                                                                                                                      • Part of subcall function 003B987E: LeaveCriticalSection.KERNEL32(004377A0,?,003686A7,00000000,?,00000101,?,00000000,?,?,0036C338,-00000010,?,?,?,A2199216), ref: 003B98B5
                                                                                                                                                                                                                                                    • FindResourceExW.KERNEL32(00000000,00000006,00000000,?,00000000,?,?,?,?,?,003E2B5D,?,00000000), ref: 00367628
                                                                                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000,?,?,?,?,?,003E2B5D,?,00000000,?,?,?,?,?,003EFB28), ref: 00367636
                                                                                                                                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,?,?,?,003E2B5D,?,00000000,?,?,?,?,?,003EFB28,000000FF), ref: 00367641
                                                                                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000,?,?,?,?,?,003E2B5D,?,00000000,?,?,?,?,?,003EFB28), ref: 0036764F
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Resource$CriticalSection$EnterFindLeaveLoadLockSizeof
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 529824247-0
                                                                                                                                                                                                                                                    • Opcode ID: cff40a49370dec2a5f7bbf1b5d54384c15501e6cc92f26dd6a4ac24eaf58d7ac
                                                                                                                                                                                                                                                    • Instruction ID: 10856ca7a1f26bb558f9c5ce2be8e336804ba07aa09e142d5fbcd65200ab88fb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cff40a49370dec2a5f7bbf1b5d54384c15501e6cc92f26dd6a4ac24eaf58d7ac
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D1178326086135BD7375E2DDC48A7BB39CDBC0399F22492EFA5287258EF24CC008261
                                                                                                                                                                                                                                                    Function 003CF540 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003CF549
                                                                                                                                                                                                                                                      • Part of subcall function 003D2098: RtlFreeHeap.NTDLL(00000000,00000000,?,003DB729,?,00000000,?,?,?,003DB9CC,?,00000007,?,?,003DBDD6,?), ref: 003D20AE
                                                                                                                                                                                                                                                      • Part of subcall function 003D2098: GetLastError.KERNEL32(?,?,003DB729,?,00000000,?,?,?,003DB9CC,?,00000007,?,?,003DBDD6,?,?), ref: 003D20C0
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003CF55C
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003CF56D
                                                                                                                                                                                                                                                    • _free.LIBCMT ref: 003CF57E
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                    • API String ID: 776569668-0
                                                                                                                                                                                                                                                    • Opcode ID: d0d51c726ffb4af84a39c5df65e27ef0d5227335f479493d354f4f0893b69cf6
                                                                                                                                                                                                                                                    • Instruction ID: 9433ed9215ebcd1c7a6a60d41cf01f108babdc56594db9d7ded0d8d887674603
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0d51c726ffb4af84a39c5df65e27ef0d5227335f479493d354f4f0893b69cf6
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41E0B6F28947209A86376F37BC4144A7B31A764720316306BF4495B332CF3A055EDF99
                                                                                                                                                                                                                                                    Function 003E4440 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003E2AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 003E2B74
                                                                                                                                                                                                                                                      • Part of subcall function 003E2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 003E2BAB
                                                                                                                                                                                                                                                      • Part of subcall function 003E2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,003EFB28,000000FF), ref: 003E2C2E
                                                                                                                                                                                                                                                    • WritePrivateProfileStructW.KERNEL32(?,00000000,4752434D,00000024,00000002), ref: 003E453C
                                                                                                                                                                                                                                                    • WritePrivateProfileStructW.KERNEL32(?,?,00000000,?,00000002), ref: 003E4598
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiPrivateProfileStructWideWrite$FindResource
                                                                                                                                                                                                                                                    • String ID: MCRG
                                                                                                                                                                                                                                                    • API String ID: 2178413835-1523812224
                                                                                                                                                                                                                                                    • Opcode ID: 55a3bdaa650fbd401d6a6f6c2728ecad8d3a9b76f5bc26977211d524fb9cb851
                                                                                                                                                                                                                                                    • Instruction ID: cd2e5166c4944fbd62cbef5dc862192b46684634a739564c93dd5ea0a55bfddb
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55a3bdaa650fbd401d6a6f6c2728ecad8d3a9b76f5bc26977211d524fb9cb851
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29615B71901288EFDB12CFA9C844B9EFBB5EF49320F148259F815AB2A1DB749905CB90
                                                                                                                                                                                                                                                    Function 003671C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00367362
                                                                                                                                                                                                                                                    • Concurrency::cancel_current_task.LIBCPMT ref: 00367367
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                                    • String ID: 'm6
                                                                                                                                                                                                                                                    • API String ID: 118556049-3718908164
                                                                                                                                                                                                                                                    • Opcode ID: 6224a18fe85e0f6f2cb70e8c44ec2a491da8549876286e41349b869a3e1ff229
                                                                                                                                                                                                                                                    • Instruction ID: 7893cb2a6bc50a3d0f18a614f91312e6f284ba4f146a7011e1909b0a7b02a33d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6224a18fe85e0f6f2cb70e8c44ec2a491da8549876286e41349b869a3e1ff229
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C51E3B19046018FDB29CF28C95176EB7F9EF48318F614A2EE4168B791DB30E944CB91
                                                                                                                                                                                                                                                    Function 003BC6E2 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 003BC707
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: EncodePointer
                                                                                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                                                                                    • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                    • Opcode ID: 512d9057423968cff28da63ce2868023c3cb467c3d54bb4e9569cf2c1261c6e2
                                                                                                                                                                                                                                                    • Instruction ID: 40dbdaab5bb14d9ace1135d75a780b86654284180885d1240393f59858bc3c8d
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 512d9057423968cff28da63ce2868023c3cb467c3d54bb4e9569cf2c1261c6e2
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B417971900209AFCF26DF98CC82AEEBBB5BF48308F1581A9FA14AB211D7359950DF50
                                                                                                                                                                                                                                                    Function 003D2E58 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: _free
                                                                                                                                                                                                                                                    • String ID: P|C$T|C
                                                                                                                                                                                                                                                    • API String ID: 269201875-4121968959
                                                                                                                                                                                                                                                    • Opcode ID: b213747f5ac576dc4a1add70c28a9925d946ace877223b3f29f8e12b5c61920b
                                                                                                                                                                                                                                                    • Instruction ID: 9f92cbf4acbc709fddf94a3a8f5e3d5a1c28c582224ad6ecc54fdab6d02cda13
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b213747f5ac576dc4a1add70c28a9925d946ace877223b3f29f8e12b5c61920b
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 101193B21047029BD7269F29F881B53B7E8EB64764B20582FF489CB741E771E8848754
                                                                                                                                                                                                                                                    Function 003B8367 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003B904B
                                                                                                                                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 003B9133
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                    • String ID: XtC
                                                                                                                                                                                                                                                    • API String ID: 3761405300-963119810
                                                                                                                                                                                                                                                    • Opcode ID: f8ace7180537d979bd6f4470ed9522268da017bdde99c1e5b66544a9d6f13ea7
                                                                                                                                                                                                                                                    • Instruction ID: 41799759897e4928060e05755b8bfc9942aa7f6db20355b5dd12c327d9ff7aca
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f8ace7180537d979bd6f4470ed9522268da017bdde99c1e5b66544a9d6f13ea7
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD21D4F5548204AAE728CF19F9857443BE4BB18314F60707AE6898BBB0E370A546CF48
                                                                                                                                                                                                                                                    Function 003E6290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                      • Part of subcall function 003E2AF0: FindResourceW.KERNEL32(00000000,?,00000006), ref: 003E2B74
                                                                                                                                                                                                                                                      • Part of subcall function 003E2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,00000002,?,00000000,00000000,00000000,00000000,?,?,00000006), ref: 003E2BAB
                                                                                                                                                                                                                                                      • Part of subcall function 003E2AF0: WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,00000000,00000000,00000000,?,?,?,?,?,003EFB28,000000FF), ref: 003E2C2E
                                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,?,00000100,%`>,?,00000000,?,?,?,003E6025,?,00000100,00000000,00000100), ref: 003E62BB
                                                                                                                                                                                                                                                    • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,00000000,%`>,00000100,00000000,00000100), ref: 003E62F9
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: ByteCharMultiQueryValueWide$FindResource
                                                                                                                                                                                                                                                    • String ID: %`>
                                                                                                                                                                                                                                                    • API String ID: 3794624133-1700473621
                                                                                                                                                                                                                                                    • Opcode ID: 25dc28a005709bec4bd00578f98d642f726a40c5ff08ace9001d55ab2aac4985
                                                                                                                                                                                                                                                    • Instruction ID: a34d77565942e2bad3bc11ac2cb11068d4cf97fae4261fa459f4dd6b06d4f277
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25dc28a005709bec4bd00578f98d642f726a40c5ff08ace9001d55ab2aac4985
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B11E335500219BFDB029F55CC45F9ABB69FF48360F148261FC089B2B1DB729D20DB90
                                                                                                                                                                                                                                                    Function 0036E5E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • CLSIDFromString.OLE32(0000007B,?), ref: 0036E650
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FromString
                                                                                                                                                                                                                                                    • String ID: @${
                                                                                                                                                                                                                                                    • API String ID: 1694596556-3118734784
                                                                                                                                                                                                                                                    • Opcode ID: a1b04d208db885846bd49cc30cc5df3b964b86a744f44d8bf60ae8a12f70ebb1
                                                                                                                                                                                                                                                    • Instruction ID: f3153bdaab835545014997b57c0f6f8416b652eb36c69778399d9657b2aa7633
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1b04d208db885846bd49cc30cc5df3b964b86a744f44d8bf60ae8a12f70ebb1
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F501A935A002089BCB10DF58D904BDEB3F8FF58714F4181AEB949E7110DE70AA89CB90
                                                                                                                                                                                                                                                    Function 003B9146 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003B9151
                                                                                                                                                                                                                                                    • ___raise_securityfailure.LIBCMT ref: 003B920E
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                                                                                                    • String ID: XtC
                                                                                                                                                                                                                                                    • API String ID: 3761405300-963119810
                                                                                                                                                                                                                                                    • Opcode ID: c0596269947cfb19899119b123c3c98c03e23600c54ee9362551b75bb6813bc0
                                                                                                                                                                                                                                                    • Instruction ID: 9697414b6bc7391617c2b5b1d2c2160835685c6f5f3154eddca52160fcbbbeaa
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c0596269947cfb19899119b123c3c98c03e23600c54ee9362551b75bb6813bc0
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CB11C0F5558308AFE728DF19FC816443BE8BB18350B10707AE98987B70E770A546DF49
                                                                                                                                                                                                                                                    Function 003A2743 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                    • DloadGetSRWLockFunctionPointers.DELAYIMP ref: 003A2743
                                                                                                                                                                                                                                                      • Part of subcall function 003A26D0: GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,003A2748,003A28F1), ref: 003A26E7
                                                                                                                                                                                                                                                    • AcquireSRWLockExclusive.KERNEL32(?,003A28F1), ref: 003A2760
                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.3486769066.0000000000331000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00330000, based on PE: true
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486581231.0000000000330000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486895119.00000000003FE000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3486961142.000000000042F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487016582.0000000000434000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487075249.0000000000436000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    • Associated: 00000005.00000002.3487136609.0000000000439000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_330000_saBSI.jbxd
                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                    • API ID: Lock$AcquireDloadExclusiveFunctionHandleModulePointers
                                                                                                                                                                                                                                                    • String ID: 8oC
                                                                                                                                                                                                                                                    • API String ID: 3692202576-3632859768
                                                                                                                                                                                                                                                    • Opcode ID: 7a44313ef25cbfab285554f13f6f1d799bde0669ee380a7c6ad9471c894aca47
                                                                                                                                                                                                                                                    • Instruction ID: 90e79ea2518ebfc2c9c05e32669f1ba06c9f49e9a5da133b542679464e81ffc6
                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a44313ef25cbfab285554f13f6f1d799bde0669ee380a7c6ad9471c894aca47
                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEE0C230331222578F179B2CBE0492F234AEB47744726507AE902E36A2DA1D8D81CA84